logoalt Hacker News

lazideyesterday at 12:51 AM2 repliesview on HN

If you need to prove you sold to real people, storing their credentials is a necessary thing, for as long as your need to prove that. At least with the way things currently are.

How else do you expect it to work? ‘Honest, we checked’ checkboxes?


Replies

hackinthebochsyesterday at 4:06 AM

If the credentials are stored for some period of time, then an inspection will reveal those stored credentials within the preservation window. Unannounced inspections will then show with high certainty a legitimate validation process.

The auditor can act as a customer and validate whether phony credentials are rejected.

show 1 reply
subscribedyesterday at 5:06 AM

You can store for example ID type and serial number AND hash of the personal information.

If the government-affiliated agency decides to check, they can.

But back to my original statement - unless they're explicitly mandated to keep it longer, they are forbidden from doing so, and their DPO would know it.