Found in 2 comments
by specialist
2017-10-03
#1 -

Privacy minded and anti-government types opposed RealID.

https://en.wikipedia.org/wiki/REAL_ID_Act

Ironically, globally unique identifiers are required to protect our demographic data. Otherwise all records must be stored as plaintext (unencrypted). I was very chagrined when I finally figured this out, causing me to support RealID.

https://www.amazon.com/Translucent-Databases-2Nd-Authenticat...

Source: Me. I worked on both voter privacy and electronic medical records.

#2 -

The government, thru contracts with services like Lexis/Nexus (nee Seisent) have already created globally unique identifiers for pretty much every person, living or dead. Replacing SSN would just formalize, simplify, daylight such matters.

Alas, wedge issues like voter registration databases (assessing eligibility to vote) and immigration status, in near real-time, would become trivial and nearly error free, so I doubt this commonsense, practical effort will happen any time soon.


Original thread
by Tangurena
2009-02-06
The case is mostly #3.

PCI-DSS is the most commonly used standard, is aimed at retailers and payment processing systems. And while it is credit card based, much of what is in it covers other stuff that you should be thinking about if you're storing banking information.

One book to look at is Cryptography in the Database. There is a section about laws that cover data security such as GLBA (which says nothing that a developer finds useful) and SOX (which, for software development, is more about background checks and version/configuration control). http://www.amazon.com/Cryptography-Database-Defense-Symantec...

Another book that may help with keeping the data away from hackers (and rogue employees) is Translucent Databases. I have the 1st edition, and the 2nd just came out last month: http://www.amazon.com/Translucent-Databases-2nd-authenticati...

In support of #1, check out NIST's 800 series of standards. When we were looking to bid on a government computing contract, they included a long list of them by reference, effectively turning a 3k page RFP into about 6k pages: http://csrc.nist.gov/publications/PubsSPs.html


Original thread

Looking for a good book? Subscribe to the weekly newsletter.