| ▲ | gertrunde 12 hours ago | |
The lack of security is one thing, but why have they retained the information at all! iirc, one of the elements of GDPR is "storage limitation", i.e. you must not keep personal data for longer than you need it - and in this case, the data is only needed to verify the age of the user, and shouldn't ever be required again (unless people can now get younger). Once a document has been used to verify a person's identity and that the person is of legal age, there is no reason to retain a copy of the document any more. It would be reasonable and fair to retain a photo of the user to verify that the person matches the account, but that's it. | ||
| ▲ | rationalist 7 hours ago | parent [-] | |
10 years after I took the ACT, I received a letter from a university that I never went to, saying my SSN was leaked. WHY THE F**k ARE THEY HOLDING ON TO THAT 10 YEARS LATER!?!?!? Of course now I know better than to give out my SSN to anyone who asks for it, but I didn't know that as a teenager. Until stupid s**t like this becomes illegal, it will just keep continuing. | ||