top | item 34632610

(no title)

joewadcan | 3 years ago

Worrying yes, but i think it's required. KYC laws in the US mandate a 5 year retention AFTER the account is closed:

https://bsaaml.ffiec.gov/manual/Appendices/17 > A bank must retain the identifying information about a customer for a period of five years after the date the account is closed, or in the case of credit card accounts, five years after the account becomes closed or dormant.

discuss

DamnYuppie|3 years ago

I have a Coinbase account and when they asked for ID they referenced the KYC regulations as the reason.

https://www.investopedia.com/terms/k/knowyourclient.asp

mike_d|3 years ago

KYC as well as account recovery. If you ask someone to provide photo ID or a verification photo to remove a 2FA token for example, having a previously supplied photo of the same ID helps a lot.

jstx1|3 years ago

How do those US KYC laws interact with EU's GDPR?

voxic11|3 years ago

The GDPR right to erasure doesn't apply when there is a legal obligation to keep the data.

> The General Data Protection Regulation (GDPR) gives individuals the right to ask for their data to be deleted and organisations do have an obligation to do so, except in the following cases:

...

> there is a legal obligation to keep that data;

https://commission.europa.eu/law/law-topic/data-protection/r...

mytailorisrich|3 years ago

GDPR only say not to collect more data than needed and then not to keep them longer than needed. If you have a legal obligation to collect specific data and to keep them for a specific duration the GDPR are fine with that.

There are similar KYC regulations and data retention laws in Europe.

mike_d|3 years ago

For a US based company? American laws win every time.

ronsor|3 years ago

GDPR has exceptions for mandatory retention due to financial regulations