I guess they are required to store everything for years for "compliance". How else are they are going to save their butts when someone manages to fake their identity through them?