DataGrail, a leading privacy management firm, announced its patent-pending “Smart Verification”: the industry’s first verification solution that does not require an individual to disclose additional personally identifiable information (PII) when submitting a CCPA privacy request.
With Smart Verification, organizations can verify an individual’s identity by using known data already collected by an organization’s business operations and multi-factor authentication. This validates an identity without requiring further personal information, reducing friction with consumers, and reducing fraud and data breach risks.
“At California Closets, we want to ensure our customers have an inspiring and seamless product experience,” said Kenny Martin the director of information technology at California Closets. “Using DataGrail’s Smart Verification allows us to provide this for our customers without taking on the additional risk of asking for highly personal information to verify their identity.”
Paradoxically, people attempting to exercise their CCPA privacy rights are required to submit additional sensitive personal information, such as a passport picture or government ID, to validate their identity before their request is allowed to proceed. The existing process is needlessly frustrating, intrusive, and often degrades a brand. Forrester analyst, Fatemeh Khatibloo, shared her experience of exercising data rights on Twitter:
“If this isn’t a ‘barrier’ to exercising my #CCPA rights, I don’t know what is.”
For a business, retrieving and storing additional PII introduces a higher risk of a data breach because an organization often holds on to sensitive data to verify the fulfillment. And in some cases, businesses aren’t equipped or don’t want the responsibility to securely manage storing, handling, and disposing of sensitive information and documents.
DataGrail’s Smart Verification allows businesses to provide a crucial privacy-centric experience for individuals. Instead of requiring a requester to submit additional personal data, Smart Verification verifies an identity by using existing data associated with the individuals’ record, such as purchase history or user behaviors like games played or products viewed.
For added security, DataGrail uses multi-factor authentication. Smart Verification ensures the individual has access to the email address and a phone number on file, and then it prompts a user to answer personalized questions as additional verification.
Daniel Barber, CEO, and co-founder of DataGrail stated, “Requiring a user to disclose more personal information, particularly ID documents when they request to delete their data goes against the spirit of what CCPA set out to achieve. We knew there had to be a better way to verify a person’s identity that would benefit both the business and the individual.”
Barber further explained, “We listen to consumers and understand that they want control over their personal information. According to our recent research, 83 percent of consumers expect control over how a business uses their information. Smart Verification is our answer to this consumer demand for a more intuitive and less invasive way of verifying their identity when exercising their rights.”
Smart Verification benefits:
- Minimizes the risk of fraud by verifying that the phone number on file is associated with the requestor.
- Creates a better brand experience by streamlining and automating the verification process.
- Reduces risk by limiting the amount of PII held by an organization, making them less of a target for a data breach.
- Reduces frustration of individuals attempting to perform privacy requests.
DataGrail was designed from the ground up to automate data discovery and streamline privacy programs to create less work for customers, while also ensuring a higher level of accuracy and reduced risk. Knowing where data lives within an organization are foundational to any privacy program, DataGrail built its solution to directly integrate with an organization’s internal databases and developed 200+ pre-built connectors with companies — such as Salesforce, Shopify, Adobe, AWS, Oracle, Okta, and many others. These integrations and connectors provide organizations with an accurate, real-time view of the internal systems and third-party applications used and all the personal data that maps onto each of those systems.