Storing SSN and other PII in Django

[cp...@usc.edu]

Hey all,

My company requires us to store a user's SSN to report business on his or her behalf. I'll admit that I've never built out a django production app, so I'm not sure the best practices for storing PII. Is there any way to encrypt the information on the backend so even the admins like me couldn't read the data? It needs to be stored so that I Can run a script on our database that produces a large concatenated string of each user's information.

Thanks for any suggestions!
Charlie

[Jason]

There was a djangocon presentation on similar topic:  https://www.youtube.com/watch?v=wRro4xv8n6k

That said, when it comes to SSNs, I'd just store the last four digits in plaintext and encrypt the rest.

oh, and ensure everything is https end to end.  all this won't do anything if you're exposing all your traffic on a regular http connection.