My first inclination is to say yes, since it's essentially a corporation's SSN which I would encrypt. However, I'm not sure whether SOX or and Federal guidelines actually require it to be encrypted. Anyone know for sure?
+3
A:
My rule of thumb: if you have to ask, the answer is probably yes
But I agree with @Adam, you should ask a lawyer about legal matters.
Robert Greiner
2010-01-27 18:53:04
A:
Considering that EIN's are generally public information - public companies put them on their 10-K and private companies usually include them on their D&B, it's probably not a big deal.
Eric Petroelje
2010-01-27 18:59:29
A:
After further research, it appears that there is no specific requirement that a Tax ID (or SSN for that matter) be encrypted in the data layer, however, they need to be masked when presented to users.
Tequila Jinx
2010-01-27 21:53:54