Personally identifiable information (PII) on shared web hosting
Posted
by
S. Cobbs
on Server Fault
See other posts from Server Fault
or by S. Cobbs
Published on 2010-12-28T20:20:44Z
Indexed on
2010/12/28
20:55 UTC
Read the original article
Hit count: 187
Hey folks, I am providing web hosting services (shared and dedicated) and have had one of my shared hosting clients mention needing an SSL cert for their site where they are collecting insurance quotes in a form, including names and social security numbers. My privacy sense is tingling, and I'm pretty sure it's not legal (in the US) to do this on a shared system, but can't find anything to support my thoughts outside of PCI-DSS, but the customer isn't processing payments through the site so I'm not sure if that applies. I'm reading lots of policy documents where people advise to minimize and manage the PII footprint internally, but as the host I don't want to put all of my customer's clients at possible risk. I'm not looking here for legal advice necessarily, but perhaps someone in a similar position to mine can provide some rule of thumb or point me in the right direction.
© Server Fault or respective owner