I have to collect private info and store it. What I'd like to do is collect the info and have it get stored on an intranet server. The data collected is for user in the United States, and would be stored in the United States.
Basically I need to collect bank account info, ssn, and other highly sensitive data via a website, and store it for a 1 month period on a local intranet.
Is this possible, and what is the safest way to do this?
It's possible to do anything.
Network separation and encryption are two of the more important aspects of the architecture to protect important data.
The Payment Card Industry Data Security Standard contains a series of practices designed to protect credit card information, which could provide you a baseline for a point of reference.
PCI DSS
If you are storing card details (and possibly bank account details) you need to have a security test from a PCI ASV (approved security vendor).
If you are storing personal details (or any details for that matter) regarding UK individuals on a UK server you need to notify the data commissioner - I believe this is a one off payment of £35 but I'm not sure. Different rules apply if you're storing them abroad.
Any information that is collected "via a website" (which I assume means a public Internet website) can only be stored in one of two methods:
or
For large web applications Option 1 is not the norm, as you usually have a web server dedicated to your data collection and presentation layer and a separate database server for storing data and serving requests from the web server. The web server will usually be located in a DMZ or publicly accessible portion of your network, where as the database server will be behind a private network with a firewall that only allows connections from the web server.
With this kind of setup even the most sensitive user data can usually be stored in a database server so long as the correct safeguards are in place (firewalls, encryption, data integrity and audit logs, etc...). Essentially the database server is not attached to the public Internet, so unless your web server becomes compromised nobody will ever have access to your data. This is also why you should never store database usernames and passwords in clear text on your web server and instead always use encrypted connection strings or identity based authentication. Essentially you treat your web server as hostile territory (hence the DMZ=DeMilitarized Zone naming) and your database as a secure location.
The first question to answer is: Do you have to store that information? The best practice is to store as little private info as you can. Assuming you have a real business need for it:
I would suggest a SSL certificate to start with. Make sure your web server is set to redirect port 80 to 443 to make sure all traffic goes over HTTPS.
Encrypt the data as soon as you get it, and keep it that way until the absolute last moment you need it in clear text. Use AES to encrypt the data. Use a good validated implementation. DO NOT ROLL YOUR OWN ENCRYPTION.
Make sure your server is up to date on all security patches (and keep it that way). Run a tight firewall, with only the minimum ports open (80 and 443?).
Monitor your servers for unusual activity.
DO NOT STORE THE DATA ON THE WEB SERVER HOST. Pass all of the data to a machine that is not publicly accessible.
Pay attention to compliance laws in the state your server is residing. You may be governed by a variety of disclaimer, disclosure, and data breach laws.
PCI DSS guidelines are useful. But, be aware that they are focused on one thing, preventing the disclosure of credit card account holder data.