|
Not OP, but I don't trust startups to responsibly handle my PII. It's not a good gamble, based on incentives, and also based on recorded history. They usually don't encrypt it, they usually don't understand their own backup system, they usually have employees who copy it as "sample data" or "seed data" to developer laptops which are then stolen with some probability greater than 1%, they usually don't delete data on a reasonable timeframe, etc etc etc. And it's one thing to have my email address, my phone number, etc. And if it was just MINE, shrug. But if you're asking for mine, you're asking for that of many people. And that means that criminals looking for PII for identity theft will know to target you. Or hackers who accidentally steal my data will be able to sell it as part of a bundle. Or it'll happen with your servers, at auction, when you go under. Etc. So if a service that I very much want to pay for requires me to scan and upload ID, I dunno, maybe it's still worth it to me, but it just makes me so uneasy that I just procrastinate until I forget. This has happened a number of times. If you're not the government, I want my business with you to be as anonymous as possible, because frankly you're probably not a very good steward of my privacy. (Actually, I'm even more afraid of government IT, and I know my personal data has been stolen from my federal government at least once, but I've got no options on this one.) |
Smart, but:
Any web developer knows most uploads go to a folder on disk ... likely readable by the web server process.
Harvest away!