I have a new client in the education industry that is trying to take their application process online. Because governmental financial aid is part of their program, collecting SSNs is required. I primarily work in the ecommerce and supply chain space and have years of PCI compliance and dealing with CC#s but this SSN thing is a whole new animal.
With that, I am having a hard time finding best practices we can use to ensure we are not opening ourselves up to neglect and that we are as responsible and ethical is we possibly can. Where should I be doing my research?
Do SSN fall under ISO? NIST? HIPPA?
Just need to be pointed in the right direction. Thanks!
edit: To help put my vauge question into a little more context. I am looking for the security standards for collecting SSN online as in: A **security** standard is “a published specification that establishes a common language, and contains a technical specification or other precise criteria and is designed to be used consistently, as a rule, a guideline, or a definition.”