This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Hello everyone! I have a tough question, and I would like to have any advice if anyone can provide since this is regarding sensitive personal information.

I have to store a customer's SIN in NetSuite... Now. what would be the best way to store this data? The way that we obtain the SINs is via custom online form via a custom record.

It should be noted that storing things like that in NetSuite is against your terms of service with them.

• yes it is definitely sensitive information. it is the social security number. And that is really good to know. I am trying to find where exactly that is listed in the service agreement so i can use that as my defense against storing this data, if you happen to know? I am assuming this is enough to know : <https://www.netsuite.com/portal/assets/pdf/terms-of-service-v032618.pdf>

```(b) HIPAA. HIPAA. Customer agrees that: (i) Oracle is not acting on Customer’s behalf as a Business Associate or
subcontractor; (ii) the Service may not be used to store, maintain, process or transmit protected health information
(“PHI”) and (iii) the Service will not be used in any manner that would require Oracle or the Service to be compliant with
the Health Insurance Portability and Accountability Act of 1996, as amended and supplemented (“HIPAA”). In the
preceding sentence, the terms “Business Associate,” “subcontractor,” “protected health information” or “PHI” shall have
the meanings described in HIPAA```

I mean, you could store it as long as it doesn't have HIPAA requirements entailed, but color me scared with the idea of treading anywhere near HIPAA.

No way you can get security on that stuff well enough in NetSuite.

Now - I've seen clients use an identifier that is just the person's name and a one off single code - and that's *just* far enough away that it seems to work, but yeah...

i see!! I had no idea what PHI was before, but i have confirmed that the SIN i am talking about is not that

there is the social security number OOTB on employees, is what i realized. I just need to replicate this on a customer, so i do not think that it is breaching any service agreement in this case:
<https://netsuite.custhelp.com/app/answers/detail/a_id/30543>

since it is plain text to admins (on eemployees), i will just make it so that the custom customer field is just visible to admins, and not available to any other role.