Originally Posted by scoreman

One more thing. We also came to the conclusion that encypted or password protected ids are ok. Please show me where in the regulations this is forbidden. In our eyes this is no different than if we delivered paper copies of 20,000 ids to an affiliate and he then locked the docs in a safe. The feds arrive and an employee calls "Hey boss i need the combination to the safe to get our docs out".

Protecting the ids with encryption or a safe is something I would do as an affiliate regardless of how the ids were delivered to me. Having them wide open and available with no protection at all smacks of negligence and a lack of reasonable care and affiliates need to be also concerned about model litigation over the handling of their confidential information.