Literally no adtech company would accept or attempt to target based on SSN.
Maybe your local company was collecting it out of ignorance, but if they uploaded it to google adsense, alarm bells would go off, the data would be purged, and you'd seriously risk having your account shut down.
Bro, you're commenting on a story where SSNs were uploaded to Google Adsense, alarm bells didn't go off, data wasn't purged, and a journalist came in and discovered the problem later.
> But while tax-filing websites were quick to stop collecting data, nobody's sure how much information was collected. One unnamed company told Congress that "every single taxpayer who used their websites could have had at least some of their data shared."
There is literally no evidence what you said is true. There are no details what information was shared. Can you avoid making stuff up?
SSNs can’t really be anonymized by hashing since they’re essentially sequential numbers. I think the law is at least broad enough to consider a hashed SSN that can be easily reversed to be to equivalent to a real SSN.
I agree with others that adtech companies want to proactively avoid SSNs. Too much liability and not at all necessary.
To clarify, this is one of the must common and dangerous misconception regarding hashing: a SSN is a 9-digit number. Regardless of the strength of your hash, you can hash them all, and compute a lookup table, in a matter of minutes.
You don’t have to hash it so it’s not reversible only such that you don’t appear liable in the event of an incident. Technically compliant is good enough
My point is that hashing a 9 digit number is almost certainly not even technically compliant. I believe storing hashed SSNs would incur all the legal liability of storing raw SSNs. The laws are robust enough to at least handle such a trivially reversible hash. No way any expert witness could claim otherwise. Hashed emails on the other hand seem like more of a gray zone (some are reversible, but there's enough variety that not all are).
for a fun "challenge", here's my md5 hashed SSN: 46fdccf9acc38d13321b0c13cf541ec9 (spoiler: not my real SSN, but since they're sequential it could be someone's. And, hint, I'd be jealous of them.)
Maybe your local company was collecting it out of ignorance, but if they uploaded it to google adsense, alarm bells would go off, the data would be purged, and you'd seriously risk having your account shut down.