The New York Times reports on the additional information consumers are asked to produce to exercise their data access rights. Vendors that facilitate data subject access requests may ask for methods of verification, such as government ID or a picture of the person who made the request. While there may be concerns over handing over more information, organizations are required to verify the identity of the requester under the California Consumer Privacy Act and other laws. The verification issue arose last year when an Oxford University researcher used fake credentials to obtain his fiancee's personal data. (Registration may be required to access this story.) Editor’s Note: IAPP Editor Angelique Carson, CIPP/US, wrote about the ongoing problem privacy professionals face in verifying identities safely in “Fake DSARs: They’re a thing?”
If you want to comment on this post, you need to login.