Hacker News new | ask | show | jobs
by OutOfHere 306 days ago
KYC data is PII data. I'm referring to Google's Salesforce breach, which most certainly included substantial PII data.

Moreover, other companies like Coinbase that do KYC have had their KYC data stolen this year as well, putting the lives of asset holders at risk.
1 comments
yunohn 306 days ago
KYC data is by definition PII data, but the opposite is definitely not true. You can have PII data without it being relevant to nor mandated by KYC regulations.

Please understand that the muddying of terms only harms your argument, instead of strengthening it.

link
OutOfHere 306 days ago
That difference matters only to the institution. To the user, however, the risk and damage from the leak of any type of serious PII is one and the same in that it is a risk to be avoided.

In other words, the technicality you state is the difference between the user getting punched in the guts versus in the gonads. Both are to be avoided.

link
yunohn 305 days ago
Sorry, but this is objectively not true. Like everything, nuance is crucial and our societal-legal system relies on it for a reason.

Leaking PII like names and phone numbers, versus KYC specific PII like ID proofs is a completely different ball game.

This argument is not about levels of harm, just your lack of understanding of nuance tbh.

link