I am working with a staffing company and they want an online application for their website, but they want to include sensitive info such as SSN#. I know I'd want to use SSL but beyond that I am not sure of what the best practices are for this kind of info.
Since I know email can be easily grabbed and would be unencrypted, I was thinking about storing the SSN in a DB in an encrypted format and requiring them to have a key on their end to unencrypt that info on screen only (ie, the info doesn't travel through email).
Would love to hear thoughts here. I know its generally a bad idea to ever have SSN in a form but people have to do it online for sites such as this....so there has to be a legal, reasonably safe way to do this.
Thanks for any input.