Privacy and compliance for PingOne Verify
PingOne Verify enables your organization to implement secure, digital-first onboarding while adhering to privacy requirements. Because identity verification (IDV) involves processing highly sensitive data, including government-issued IDs and biometric facial templates, flows must comply with international regulatory standards such as the European Union Artificial Intelligence Act (EU AI Act). To meet these mandates, PingOne Verify utilizes a privacy-by-design architecture to secure sensitive data categories throughout the verification lifecycle.
Data classification
IDV data is categorized by sensitivity, which dictates the required consent models and retention policies. PingOne Verify processes data within the following classifications:
-
personally identifiable information (PII): Standard user attributes extracted or provided during the verification flow, such as name, address, date of birth, and ID numbers.
-
Sensitive personal information (SPI): High-value identity data sourced from government-issued documentation, including passports and driver licenses.
-
Biometric data: Mathematical facial templates and geometry used to perform liveness detection and identity matching between a user and their credential.
Regulations such as the General Data Protection Regulation (GDPR) and Biometric information Privacy Act (BIPA) classify biometric data as a special category that requires explicit user consent.
Core compliance capabilities
The following privacy controls are in place to ensure PingOne Verify global compliance with privacy and security standards.
Data residency and sovereignty
To satisfy local privacy laws, many regions require that PII and biometric data remain within national or regional borders. PingOne Verify supports these requirements through regionalized data centers in North America, the European Union (EU), and Asia-Pacific, ensuring data residency is maintained within the required jurisdiction.
Data minimization and retention
Privacy-by-design principles require that sensitive data is retained only for the duration necessary to fulfill the verification transaction.
-
Default retention: By default, PingOne Verify stores PII for a 30-minute window before automated deletion.
-
Zero-day retention: For production environments, the service supports a zero-day retention policy, where images are processed and deleted immediately from the system.
Security and certifications
Security and biometric integrity are rigorously validated through third-party audits to confirm the vendor’s security assurances.
-
Security standards: Ping Identity maintains security operations center (SOC) 2 Type II and ISO 27001/27017/27018 certifications.
-
Biometric integrity: PingOne Verify is certified to iBeta presentation attack detention (PAD) Level 1 and 2, providing protection against presentation attacks, such as deepfakes, masks, and spoofing.
Compliance requirements
PingOne Verify follows compliance requirements by having different implementations shown in the following table:
| Requirement | PingOne Verify implementation |
|---|---|
Consent management |
Facilitates explicit end-user consent within orchestrated flows before biometric processing occurs. |
Encryption |
Protects data at rest and in transit using AES-256 cloud-native encryption through secure API integrations. |
Automated decisioning |
Supports human-in-the-loop (HITL) oversight. Unclear results can be routed to human specialists, satisfying GDPR Article 22 requirements. |
Data deletion |
Provides the |
Audit trails |
Retains non-sensitive transaction metadata, such as timestamps and scores, and deletes the PII to minimize long-term risk. |