[EasyMark]

Why are they keeping a copy is what I’d like to know. It’s enough to know they check it, and verified it, so then they can delete it. Why keep copies at all ??or at least blank out critical parts that aren’t public knowledge. This is so stupid.

[rblatz]

Retention policies are likely set by the client. That’s how it works with the vendors I’ve worked with in this space, but I haven’t worked with this specific vendor.

[olalonde]

Probably because government regulations require it. I know it's a requirement for AML/KYC which many of these companies are subject to.

[BoredPositron]

Maybe but why are they still hot?

[threecheese]

They have to be hot, otherwise they couldn’t monetize that data in every other way.

[olalonde]

Hot?

[BoredPositron]

Backblaze has a nice blog post about it.

https://www.backblaze.com/blog/whats-the-diff-hot-and-cold-d...

[chefandy]

If you need to check someone's government ID, you probably expect to have to go to court or otherwise deal with the government over it at some point. Being able to show why you thought it was someone, not simply that you thought it was someone, is important.

[hiatus]

Even notaries don't need to keep copies of licenses or selfies on hand for court, just their notarial register.

[chefandy]

Notaries have legal authority to affirm positive identity. If these companies got notarized documents from each of their customers, I really doubt they'd hire this company.

[ElemenoPicuares]

... but the register can be used as evidence in court.

[alias_neo]

You're right, and I think it's wrong to do it this way.

We have various private companies taking copies of our ID; in the UK, you'll have scans of your passport/driving licence taken for various reasons.

We shouldn't have to trust them to get it right; and I suppose the threat for them is fines if they don't, but it's not good enough.

Probably, a more solid solution would be to offer a government ID service where these companies check against a central database that already holds your information and then they have to keep nothing.

If I hire a car, I provide the rental agency a code that gives them temporary access to my driving record to ensure it meets their requirements, it's a one-time code and I request it when required and provide it to them; something similar could be adopted for other purposes if they have a legal requirement to verify your identity.

[chefandy]

I agree that it's a bad approach, though I'd be skeptical of a technological solution. And while a centralized government ID service would solve those problems, it would probably cause a pretty huge privacy backlash. I don't think there is a clean solution here.