The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don’t even care which of the two companies is ultimately responsible, because they are both responsible.
Zendesk for their bad OpSec
Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.
I work in IT, and treat PII like it’s dangerously radioactive, because in the digital world, it really is.
Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin
The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don’t even care which of the two companies is ultimately responsible, because they are both responsible.
I work in IT, and treat PII like it’s dangerously radioactive, because in the digital world, it really is.
“Apparently” only those who were challenging the verification results and uploaded awaiting reverification are affected.
Not that that isn’t bad enough
That’s because you have ethics
Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin
I agree completely its moronic, but I do imagine the law requires it