Cybercriminals have impersonated real people online for quite some time, but now, they’re using their email spoofing and document falsifying skills to take advantage of a giant privacy loophole: submitting Data Subject Requests (DSRs) with the purpose of gaining access to personal data that isn’t theirs. Without proper identity proofing, organizations end up doing the exact opposite of what these new global privacy regulations were intended to achieve:
- Broaden subjects’ rights, giving them ownership of their data
- Hold organizations accountable for data security practices
- Decrease fraud in an increasingly data-centric world
Identity verification should be the very first step in every organization’s DSR workflow, and choosing a verification mechanism that produces a higher level of assurance can be especially beneficial for weeding out bad actors, bots, and other cybercriminals.