It looks like you're new here. If you want to get involved, click one of these buttons!
I just posted this over at Mortal forums:
Here is the content in case it gets deleted (TLDR below):
"Among other things, I am a data privacy expert here in the US as part of my daytime career. I have much experience with the payment card industry and the regulations around storage of private data. I can tell you that safe storage of private data is no simple matter, and is subject to hefty regulations around the globe.
Starvault: You should not be requesting ID cards for your test program. You are subjecting yourself to legal liabilities you do not want. Proper secure storage of credit card information is difficult enough, but scans of ID's can contain additional sensitive information.
I strongly recommend people not provide scans of their ID's; Starvault is a software development company, not a security company.
Starvault you should be thinking of other ways to verify trustworthiness than someones ID. Participation in the historical bug tracker is one way. Long term play is another.
You also need to be realistic here: people are going to tell their guild mates and friends about what happens on the test server. It is 2011, and we have the Internet - if someone want to anonymously post a video of the test server, they can do it and get away with it, regardless of signing an NDA. That shouldn't matter. People should be able to post their test server experiences publicly (it should have its own forum), that way the information gets out to everyone. You are looking at the test server process completely the wrong way: you should WANT open public discussion of the results. Right now it just looks like you are scared of what people might say.
Chill out on the test server process. Customers will respect you much more if you open up the process and let information flow freely. I want to help you guys test, so please come to your senses."
I'm concerned about secure transmission of ID's and Starvault's ability to safely store scans of peoples ID. They don't have any expertise in secure data storage and don't have a secure transmission method for accepting ID's, nor any knowledge of regulations governing such.
The test process should be egalitarian and provide information openly to all. The information will be leaked anyway, so there is no point in trying to restrict it.
The responses by Gradius and Black Opal were Starvault douchebaggery at its finest.