I have a web based application form that is used to gather personal information for web based users. One of the fields is an SSN. My question is simple, in terms of security compliance (in general, OWASP, PCI, SOC2, etc), is it okay to prefill the SSN when the user is returned to the form because of validation issues?
For instance, say I fill out the entire form, I forgot to enter Birth Date (another field on the form), the form reload the page, displays a validation message related to a required field birth date, the form is then populated with the form fields the user already entered, First Name, Last Name, SSN, etc. Is it acceptable in terms of security compliance to repopulate their SSN (this is coming from the server side validation, not client side), or should I force the user to re-enter their SSN?