CCPA identity verification: Consumers deserve better
In late October, California’s attorney general updated the language in the CCPA, clarifying ways in which a business can verify an individual’s identity when a CCPA request is submitted. The DataGrail team moved quickly to find a way to make the CCPA identity verification experience great for both our customers and individuals seeking to submit a request. Within a month we had a product rolled out to a few customers. Now we’re making it available to all customers.
“Smart Verification” is a patent-pending way for organizations to verify an individual’s identity by using known data already collected by an organization. People can now exercise their CCPA and GDPR rights without submitting additional personal data such as government IDs or passports to verify their identity, which is surprisingly a common requirement by other systems. The experience we designed reduces friction with consumers and reduces fraud and data breach risks.
Paradoxically, up until now, people attempting to exercise their CCPA privacy rights were required to submit additional sensitive personal information, such as a passport picture or government ID, to validate their identity before their request is allowed to proceed. The existing process is needlessly frustrating, intrusive, and often degrades a brand.
In fact, several journalists took to the pen to voice their complaints. Bloomberg reporter Alistar Barr invited readers to “come on a trip into the new privacy circle of hell.” A simple search on Twitter and you can find many folks voicing concern over this process. Forrester analyst, Fatemeh Khatibloo, shared her experience of exercising data rights on Twitter:
“If this isn’t a ‘barrier’ to exercising my #CCPA rights, I don’t know what is.”
Requiring a user to disclose more personal information, particularly ID documents, when they request to delete their data goes against the spirit of what CCPA set out to achieve. At DataGrail we knew there had to be a better way, so we built it. Smart Verification is our answer to consumer demand for a more intuitive and less invasive way of verifying their identity when exercising their CCPA rights.
DataGrail’s Smart Verification capability uses existing data to verify a consumer’s identity during privacy requests. This is data that has already been collected in a company’s business system about that consumer. Some simple examples might be questions about a consumer’s last purchase location, date, or product. Questions are customized and associated with each consumer’s record, and thus avoids the need to ask and collect more personal information during the verification process.
For added security, DataGrail uses multi-factor authentication. Smart Verification ensures the individual has access to the email address and a phone number on file, and then it prompts a user to answer personalized questions as additional verification.
There are many benefits to using DataGrail’s Smart Verification:
- Minimizes the risk of fraud by verifying that the requestor has access to their requested email inbox and phone number on file is associated with the requestor.
- Creates a better brand experience by streamlining and automating the verification process.
- Reduces risk by limiting the amount of PII held by an organization, making them less of a target for data breach.
- Reduces frustration of individuals attempting to perform privacy requests.
Interested in learning how DataGrail can help your privacy program and deliver an experience that will help build your brand? Simply request a demo of Smart Verification with our team. We’d be happy to help.