This week, Discord announced that it will be rolling out ID verification globally. They have already required this in the UK and Australia where privacy laws to protect minors have been enacted, but this push to also cover the US has some users up in arms about the policy.
This is after controversaries involving minors rocked the platform this year, with some allegations of impropriety occurring on the platform as it did in the Roblox space earlier this year. With a spotlight shining on the issue, it’s likely that Discord sees this as their opportunity to get ahead of further issues.
Starting next month, everyone will be on a “teen by default” account unless they have been ID verified or Discord can extrapolate from previous interactions with the program that the user is likely an adult (this will include factors such as account age). For those required to verify age they will need to submit government ID or utilize an “AI-powered” video selfie to regain access to adult features.
These include channels with NSFW content (as verified by Discord themselves), media labeled as “sensitive” will be obscured, and messages and friend requests sent from strangers being routed elsewhere or will include a warning message.
Users have been vocally against the change, with many citing a data breach that occurred last October that included PII data as a reason not to hand over identification to the company. While Discord announced 70,000 accounts were effected some third-party news sites believe that number to be much higher.
As privacy laws continue to become more strict, including in the US, there is going to be more of an imperative for protecting private data clients choose to share with you. As with Discord, a data breach in conjunction for a request like this is not a good look. Here are some ways you can protect your client’s PII data as well as advice on proper storage and disposal:
- Limit access to PII to only employees who require it for their job duties
- Use multi-factor authentication and strong password policies
- Encrypt sensitive data both in transit and at rest
- Store physical records in locked cabinets or secured rooms
- Keep systems patched and protected with up-to-date security software
- Train staff regularly on privacy and data handling best practices
- Retain PII only for as long as it is legally or operationally necessary
- Shred paper documents before disposal
- Use certified data destruction methods for retired hardware
- Maintain audit logs to track access to sensitive information
If you’re in an industry covered by regulatory compliance (HIPAA, NIST, CMMC, WISP etc) then this list may look very familiar to you. There’s a good bit of cross over between regulatory compliance and common-sense data protection. Even if your industry does not have a formal regulatory compliance need (yet) we suggest that all businesses across the board follow these guidelines, particularly if client data is at stake.
If regulatory compliance or even just beefing up your cyber security measures in the wake of what feels like an onslaught of data breach news is a goal in 2026, Valley Techlogic has you covered. We utilize the Center for Internet Security (CIS) framework in our own business and are experts at making sure our clients are compliant with regulations that affect their business and have best-in-class protections across the board. Learn more today through a consultation.
This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.