One of the requirements in the California Consumer Protection Act gives consumers the right to access their data and those requests must be verified. Annie Bai, CIPP/US, CIPM, FIP, and Peter McLaughlin, CIPP/US, raise concerns the upcoming law does not clarify what "verified" means. “The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities,” they write. “In the name of empowering consumers, the law is actually introducing threat vectors that can be manipulated by fraudsters. This presents a considerable risk to organizations by enabling a data breach while ostensibly trying to comply with the law and support a consumer’s data access request.” In this piece for Privacy Perspectives, Bai and McLaughlin explore the impact "verified consumer requests" may have on businesses once the CCPA goes into effect in January.
If you want to comment on this post, you need to login.