My point is that hashing a 9 digit number is almost certainly not even technically compliant. I believe storing hashed SSNs would incur all the legal liability of storing raw SSNs. The laws are robust enough to at least handle such a trivially reversible hash. No way any expert witness could claim otherwise. Hashed emails on the other hand seem like more of a gray zone (some are reversible, but there's enough variety that not all are).

for a fun "challenge", here's my md5 hashed SSN: 46fdccf9acc38d13321b0c13cf541ec9 (spoiler: not my real SSN, but since they're sequential it could be someone's. And, hint, I'd be jealous of them.)