The California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020, gives consumers the right to access, delete, or opt out their personal data. Under CCPA, companies are not only obligated to furnish, delete, or opt consumers out of the sale of their data, they’re also required to verify every requestor’s identity to avoid inadvertently sharing sensitive data with fraudsters.
After a giant GDPR loophole was exposed, it quickly became understood how easily cybercriminals were fraudulently submitting data subject requests in order to gain access to personal data that isn’t theirs. While this is certainly one reason to incorporate adequate identity verification into the consumer rights request workflow, cybercriminals aren’t the only threats that businesses need to worry about.
Opportunistic data protection and privacy lawyers will be proactively scrutinizing processes to see if companies will make mistakes and accidentally furnish data to the wrong person so they can sue on behalf of their consumers. Additionally, CCPA consumer rights requests will likely shine a light on companies’ data protection practices, as the 2019 Carlton Fields Class Action Survey indicated that the next wave of class action suits will result from data breaches.
In this webinar, we’ll discuss potential DSR threats from three different groups: cybercriminals, privacy lawyers, and data subjects, and how to avoid attacks with proper identity verification that offers an appropriate level of assurance that’s compatible with business’ specific needs.
The importance of getting an automated DSR fulfillment workflow in place to handle a high volume of requests securely, consistently, and compliantly
The role identity verification plays in avoiding DSR denial of service attacks
Discuss how to implement “reasonable” verification that is frictionless for consumers and lawyers, but that keeps the bad guys out