The current standard of "1 year of credit monitoring" and a not-an-apology letter is not a very high bar.

Maybe we ought to also require Geico pay for new license numbers for all impacted parties.  Ditto for anyone that discloses national identifiers, credit card numbers, etc.

Even better would be for the DL#s to be changed every few years.  Back in "the day", each drivers license renewal came with a new number.  Somewhere along the line, this stopped and my new license now has the same number as the old one.   Classic example of convenience vs security.

@denbesten   But haven't you heard the word on the street?  Digital Identity will save the day with the full support of government entities? 

However, your response would be great, if it could be applied, so there is no wriggle room for them to worm their way out of the situation - leaving only potential door open i.e. bankruptcy or change the companies name and start again?

Regards

Caute_Cautim

---

@denbesten wrote:

The current standard of "1 year of credit monitoring" and a not-an-apology letter is not a very high bar.

 

---

You didn't get the, "We take your security and privacy very seriously...🤢" letter? I'm shocked!

---

Even better would be for the DL#s to be changed every few years.  Back in "the day", each drivers license renewal came with a new number.  Somewhere along the line, this stopped and my new license now has the same number as the old one.   Classic example of convenience vs security.

---

I 100% agree with this statement. Identity shouldn't be tied to any permanent number, e.g., DL #, SSN, etc. with how easy those are to steal. Is Blockchain our answer here @rslade?

But if your "proof" of identity changes, how will we know it's you?

@CISOScott 

And @Caute_cautim brought up another great point of a digital identity established through a company and they end up going out of business. What then happens to your digital ID at that point? I could be wrong here but it makes sense for the authoritative source for your digital ID to be kept at your State BMV (Bureau of Motor Vehicles) where you currently get your physical ID.

If they stay on schedule this year our State BMV will be rolling our digital ID's with the thought of most people will always have their phone with them. The next logical step here would be able to use that digital ID to authenticate with sites on the web and 2FA using biometrics stored on the phone.  

What are your thoughts on proofing? It makes sense for the systems to do all of the proofing on the backend

@CISOScott   Some great thinking here, Proofing is a good point - within New Zealand they call it a Digital Identity trust network - creating a trust network, whereby trust is manufactured:

https://www.researchgate.net/publication/337033946_A_Decentralized_Digital_Identity_Architecture

Yes, it uses Blockchain using a distributed decentralised network.

One thing to think about guaranteeing that the integrity of the individual's identity under the World Health Organisation (WHO) should last on average for 110 years.  Technology needs a refresh after 5 years, so in that case, one would have had to refreshed the underlying architecture 22 times for the average lifespan of a human being in a best case scenario.   Who should be in charge, and who will ensure that the backend processes are conducted correctly and audited regularly? 

Regards

Caute_Cautim