Originally Posted by
carrotjuice
It’s silly from a customer experience point of view. Systems dictating behaviour, instead of designing systems and customer experience that work with the intended spirit of the policy.
”common sense” and “spirit of the policy” are demonstrably non-objective, unlearnable, a recipe for inconsistency and inevitably will result in further data breaches.
I do think the process could be smoother but the idea that you don’t need to re-verify is a non-runner. Not least because you are transferring the risk back to the staff member.