But that's more an issue of identity confirmation.
I believe there has to be a reasonably high bar that a person has to clear before a company should be even allowed to assume they are who they're claiming to be, but once that bar is cleared no information regarding or directly linked to the person in question should be withheld from them.
But then, hasn't the company already shown that it's bad at identity confirmation? Why would you expect them to be better at it in the other direction?
I believe there has to be a reasonably high bar that a person has to clear before a company should be even allowed to assume they are who they're claiming to be, but once that bar is cleared no information regarding or directly linked to the person in question should be withheld from them.