Using an SSN as a primary key?

Anyone in the state of California who has ever used a social security number as a primary key in a database now has a new and compelling reason to revisit their status as an ignoramus.

Any entity that retains "unencrypted" (SB1386 doesn't say anything about what counts as encryption) "personal" (another toss-up for the courts) information which gets compromised must report the incident to the people whose information was involved. Put simply: if you are using SSNs as a key (or anywhere) in your database and that database get lifted, the box gets hacked, a bug leaks information, whatever, then you have to let everyone in your DB know what went down. That's a shit sandwich of which I'd rather not bite.

Did people really need a reason to not use SSNs as DB keys? , even though it's a bone-headed thing to do. Folks can and do change their SSN. Then there's the fact that SSNs aren't really guaranteed to be unique. Intended, yes. Guaranteed? No. Besides, it's just not a good idea to use SSNs in databases. Nearly every RDBMS has a built-in feature to generate and use unique numbers and such for keys. People should use those features and stop colleting SSNs.

I'm not even going to get into the privacy implications of a person's SSN being bandied about willy-nilly. We have a law which will hopefully discourage such behavior now and as much as it pains me to admit it, I'm kind of in favor of SB1386 for that reason alone. Then again, I'm a freak. You should have seen my reaction at the DMV when I first got a California license to replace my Arizona one. The minion behind the cage bars flat out told me that unless I coughed up an SSN I wouldn't be issued a license. I damn near had kittens. She told me to tell it to the judge, and then called the next number. She was used to the complaining and would have none of it. I eventually knuckled under and went back to give it up, but not before I did some online research and found some "blank" SSNs that I might use. The little blurb about perjuring myself with false info caused me to begrudgingly use my real number.

Get ready to hear about SB1386 for some time to come. The SSN is persvasive, the cracker pernicious.

Comments for: Using an SSN as a primary key?

Back to entry Using an SSN as a primary key? | Back to Front Page

Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?