> I would expect an identity verification firm that I'm hiring to secure and then physically delete
I would expect exactly the opposite. See, KYC stuff is something that no one wants, everyone hates and something that everybody is forced into from both sides: users and companies. KYC service is a product being created in pure hatred.
There are no penalties for leaking users' data. Bad PR? Oh please, it won't hurt a company which is already universally hated.
At the same time proper storage security costs money and time and creates friction.
Thus there are NO incentives to securely keep user data while there IS an incentive to care as less as possible.
>There are no penalties for leaking users' data. Bad PR? Oh please, it won't hurt a company which is already universally hated.
Unlike credit bureaus (also hated), there's no moat for KYC providers. All you need is some AI model + humans to do the verification, and away you go. At best there's some compliance costs for soc2 or whatever, but not too pricey compared to the cost of a few programmers. There's definitely penalties for leaks/bad PR, as seen by discord cutting relationships with providers that turned out to have leaked data, or for Persona, seemingly bad PR.
KYC stuff is something that no one wants, everyone hates and something that everybody is forced into from both sides: users and companies
Is this accurate? I’m sure there are significant portion of people with a ‘if you have nothing to hide’ attitude. Companies also don’t care as long a it makes them money.