Storing Private Information In An Online Database
March 23rd, 2009
How safe is it to store private and sensitive information in an online database?
Well, I’m no security expert, not by a longshot.
But I wanted to share a recent experience with a prospective client who was using an online database to store some of his business information and hopefully it might help you avoid some very unpleasant consequences. In this case, no harm was done and the sensitive information was destroyed – but it could have been much, much worse.
Often in the course of determining whether I’m a good fit for a client I get to look around websites that other developers have created. Sometimes I find things that really surprise me and this is one of those cases.
It is very important that you, as a small business website owner, really understand what your website is doing. As an example, I once discovered that a previous web designer had added code to copy himself on all of the emails submitted by a client’s website. Imagine, every single time someone fills out a contact form, the web designer would receive all of that information – for what purpose, I can’t imagine, but suffice to say it was sloppy at best, unethical at worst. But that’s the topic of another article…
Sometimes clients need a database added to their website. Often, this is because there is an application, like an online store, or a blog, that needs to be set up, and these applications use a database to store information.
But sometimes, clients want a custom database installed. It’s very important to understand what kind of information is reasonable to store, and what kind of information is really not appropriate to store in an online database. As a rule, I won’t store any kind of information that if it were to be accessed by another person, would cause harm to anyone else or my own business. But different businesses have different rules.
Say you’re a plumber and you want your client information stored in a database. You want to store names, addresses, phone numbers and email. If someone gains access to that database, the worst that could happen is your clients get email or snail mail that might be spam. Not too bad.
But say you’re in the healthcare industry. Your client names are considered confidential. You fall under the rules of HIPPA. If you’re in an industry like this, you probably should not be storing any client information whatsoever in an online database – or if you want to, be sure you’re using an SSL certificate to send it securely and be sure to warn clients of the potential risk. Many healthcare professionals will warn clients that using email to communicate is not really secure – and if you’re using an online database to keep their info, even if just their names and email addresses – you should probably warn them in a similar fashion.
And in general, I would never store very sensitive information that is used for identity fraud, like social security numbers or credit card numbers in an online database. Perhaps you think this is obvious. I was shocked to find out that this prospective client had done exactly that using shared hosting, without giving any thought to security or identify fraud or confidentiality of his patients. He was asking clients for all kinds of medical information, names, addresses, insurance policy information…social security numbers…and sending it all completely unencrypted (he had not purchased or installed a SSL certificate – so the transmission was not secure)…to a shared hosting database. When I discovered this, I was appalled, and immediately told the client and pushed them hard to delete this database asap. The client agreed, thankfully.
Many of my small business owners are using shared hosting. This means your information is on a machine somewhere that many other people have access to, by definition of shared hosting. Hacking does occur. Also, every single tech support person at your hosting company has access to your database as well, for good reason.
In sum, depending on your industry, the kind of information that you are storing in an online database will vary – but you should be aware of the potential issues resulting from a breech of that data. If a breech isn’t hurting anyone, then you’re fine. But please think through the consequenes carefully – don’t just let your web developer create a database and store all kinds of personal information about your customers without giving it some thought.
Jill--------------
J. Olkoski
Aldebaran Web Design, Seattle
Jill Olkoski has a BS in Engineering, a BS in Computer Science and an MA in Clinical Psychology. She delights in using her advanced technical and psychological skills to help small business owners develop cost-effective and successful websites.
July 31st, 2009 at 7:48 am
This is good information. I’m curious how you would handle a client who requires Social Security number information necessary to process a credit check on a customer.
Suppose the client is very adamant that this information be captured, as it’s vital to his business.
I would assume the obvious: if it’s to be stored in a database, the SS number needs to be encrypted and the data transfer needs to be via SSL. But what other security measures can be taken that haven’t already been mentioned above?
July 31st, 2009 at 9:35 am
Hi Tina,
Excellent question. So far, I’ve never had an ecommerce client who needed to do a credit check. I presume that this kind of check would be necessary to get a loan, versus making a purchase. In general, I would NEVER submit my SSN number via any online service, unless it was the government or one of the big three credit rating agencies. Just too dangerous, my personal opinion. Whenever I’ve been required to give SSN number, it was either via phone, or via fax.
Note, that I’ve been contacted by a few loan companies who wanted me to do just this, to collect SSN numbers and send them in the clear, via email. I’ve refused these jobs, concerned they might be scams.
Now, I’m no security expert. I have heard that it’s possible to encrypted in the database, but I haven’t done this before – it’s simply out of the scope of what I’m comfortable doing. If you need to collect and store SSN numbers, you should consult with a web developer security expert who has done this type of thing before. I’m sure there are other things as well, it’s just out of my field of expertise.
November 16th, 2010 at 5:07 pm
Hi Jill. Thanks for the info. I am new to web and database design. I have a question for you. I work for a small company that still does things the old fashioned way. I am in the process of designing a MySql database to store job, and inventory information. It may someday store employee and other confidential information. To access the database I want to set up a web based application using Perl/Mason. If this web application is eventually stored with a web hosting service, how do I use it to access my database securely. Where should I keep the database. Or should I just host the web server myself.
Thanks. Hope you have time to answer this .
November 16th, 2010 at 7:04 pm
Hi Austin,
First off, I’m not a security expert, so keep this in mind when you read my answer.
Personally, I don’t think I’d be comfortable storing confidential information (either health info or SSN or credit card info) on a hosting company using shared servers. I don’t have any clients who need to do this, and if they ask, I refuse, because I’m not comfortable taking the security risk. So it’s a boundary I don’t cross. Maybe it’s fine, I just don’t know enough about it. So for confidential info, I think I’d try hosting the database yourself, assuming you can do this. I have no idea how. And be sure to use a SSL certificated when transmitting data to and from the query pages. Also do some research into MySQL Injection prevention. That’s the best I can offer.
November 16th, 2010 at 7:10 pm
Thank’s for the speedy reply.