> * gives them a "reasonable belief that it knows the true identity of each customer"
> * and "a sound basis to verify the true identity of their customer and beneficial owners and reflect reasonable due diligence efforts".
I'm reading in to that in a conservative manner where it's "internally justified" that going the full privacy abusive route is justified. "Reasonable due diligence" is respective to the organization that could be punished, not a public sense.
Given that it's on the company's discretion of diligent checks, I can completely see that their more aggressive requirements of: "your biometrics, copies of your official documents, 20 years of criminal background checks, a polygraph, approval by the Democratic National Party for appropriate speech, history of pornography consumption" being the standard.
We're not getting a solution from the government that's a secure "is this person a US citizen?"/"Valid for IaaS service?" data point. The business is receiving all of the data to ask that question and are not trustable entities.
It is all defined in TFA:
https://www.federalregister.gov/documents/2024/01/29/2024-01...
The TL;DR is that it can be whatever the provider wants, as long as it:
* includes name, address, email, phone number, IP address, and payment information,
* is written down,
* gives them a "reasonable belief that it knows the true identity of each customer"
* and "a sound basis to verify the true identity of their customer and beneficial owners and reflect reasonable due diligence efforts".
> * gives them a "reasonable belief that it knows the true identity of each customer"
> * and "a sound basis to verify the true identity of their customer and beneficial owners and reflect reasonable due diligence efforts".
I'm reading in to that in a conservative manner where it's "internally justified" that going the full privacy abusive route is justified. "Reasonable due diligence" is respective to the organization that could be punished, not a public sense.
Given that it's on the company's discretion of diligent checks, I can completely see that their more aggressive requirements of: "your biometrics, copies of your official documents, 20 years of criminal background checks, a polygraph, approval by the Democratic National Party for appropriate speech, history of pornography consumption" being the standard.
We're not getting a solution from the government that's a secure "is this person a US citizen?"/"Valid for IaaS service?" data point. The business is receiving all of the data to ask that question and are not trustable entities.
If the business is not a "trustable entity", then why are you using them for hosting?
2 replies →