That is an interesting model, it seems to me that Truework would position itself as an identity aggregator of sorts. In that case, it seems a large challenge would be gaining the trust of organizations (which it seems you are succeeding at, congratulations!).
Among my worries are that this establishes a rather large target for data breach as presumably the company would hold identity docs and other documents used for authentication or verification purposes. Out of curiosity, since my experience is more in banking/healthcare, is Truework subject to any regulatory framework?
Yes, earning trust is the most important piece. However, organizations are excited to participate once you show that you are the right security & privacy practices in place. We've had a lot of great momentum there.
For regulatory frameworks, it depends on the circumstances and the type of data that you are dealing with. For most of our use cases, it's:
* FCRA, aka Fair Credit Reporting Act that all Credit Reporting Agencies must follow.
* HIPAA, for health data
Of course, you have more generic frameworks such as CCPA, GDPR but that's true for all companies.
That is an interesting model, it seems to me that Truework would position itself as an identity aggregator of sorts. In that case, it seems a large challenge would be gaining the trust of organizations (which it seems you are succeeding at, congratulations!).
Among my worries are that this establishes a rather large target for data breach as presumably the company would hold identity docs and other documents used for authentication or verification purposes. Out of curiosity, since my experience is more in banking/healthcare, is Truework subject to any regulatory framework?