/
Member Identity Fields (SSN, Passport, Drivers License, FEIN)

Member Identity Fields (SSN, Passport, Drivers License, FEIN)

Dec 20, 2022

Summary

As of 9.4.0, various "identity fields", including SSN, can be collected on a Member record. These values are securely stored in the database, can be configured to prevent duplicate values, and can be searched.

Business Case

Despite not being intended to be used as such, Social Security Numbers are a de-facto unique identifier in many business systems. When necessary, LearningBuilder can be configured to collect SSNs, encrypt them for secure storage, and prevent duplicate registrations by enforcing a uniqueness constraint.

In addition to SSNs, LearningBuilder can also collect, encrypt, and enforce uniqueness on:

  • Passport Number (often used as an alternate to SSN when non-US citizens participate in the credentialing program)
  • Drivers License Number
  • FEIN (a federally issued tax identifier for organizations; similar in purpose to a SSN for individuals)


Identity Values

  • SSN, Driver's License, and Passport Number are collected and treated as sensitive

  • FEIN is collected, but is not treated as sensitive

Capability Summary

  • Identity values are encrypted at rest. Encryption keys are managed in application code and not stored in the database.

  • /wiki/spaces/DOCS/pages/521306131 can be configured to collect
  • Identity lookup is implemented using a disconnected hash table with an encrypted foreign key relationship to the associated Member. If the database is stolen and the hashes are cracked with a rainbow table, an attacker can only learn which identity values are in use by someone in the system. Those values cannot be linked to any other PII without also hacking the encryption keys.



FB-33717, FB-33719