I have been asked to look into the implications of storing photocopied identification documents online on our dedicated server (around 10,000 to start but will grow each year). These id documents will be of passports, driving licenses etc.
What would the security implications be for this?
My feeling is...
1. If it is not essential part of your business process, don't do it. Keep them remaining in the locked draws on paper at work.
2. If we do, I feel we are opening ourselves to attack for identity theft. By the documents not being there, we are leaving much less of a reason for attack.
3. If we do keep them online and online security is compromised, we could be sued (maybe, I don't know)
Basically, I feel like we will be making ourselves attractive for targeted attacks because the identity information has value.
Your help and opinion is greatly appreciated.