I've encountered two bounty campaigns that require KYC. The first one got my ID, but then I realised how many scammers there are (not the one I sent my ID to). From then on I did not participate in any bounties requiring KYC. The risk is to big.
If(!) you do decide to send in an ID, then don't forget to:
1. watermark it (eg: "copy for bounty ...)"
2. blur out your social security number. You do not want identity thiefs to get their hands on that on.
This problem is extremely delicate as more and more projects are requesting KYC to verify their identity, but I am really worried about their registration information being used for bad purposes. Be cautious with your personal information in the cryptocurrency market, that's what you should do.