The California Consumer Privacy Act (CCPA) provides enhanced privacy rights and consumer protection for California residents which means that businesses under its scope are facing major infrastructure changes. Violating the CCPA exposes organizations to potentially large civil penalties and statutory damages and businesses therefore need to ensure that they have the mechanisms in place to flag risks and reject any unauthorized requests of information. The CCPA Consumer Request Verificator helps businesses to comply with these requirements to adequately verify consumer requests and prevents unauthorized disclosures of personal information. Individuals seeking to request their personal information are able to submit their request online while an integrated identity verification software examines the individual’s inputs and uploaded files automatically. The tool can easily be amended to adapt to new guidelines and lets businesses track the generated and rejected requests to improve their infrastructure and prove compliance to authorities.
Subject to the recently enforced CCPA from California Attorney General, companies must establish strong infrastructure and procedures to allow consumers to request their personal information online while ensuring that information is only being disclosed to authorized parties. Verifiable consumer requests are a key concept under the CCPA and affirmative obligations for businesses are triggered only on receipt of a “verifiable” request—including the duty to respond to “requests to know” and “requests to delete” personal information (Cal. Civ. Code §§ 798.100-115). Companies who fail to comply with the extensive regulations imposed under the CCPA face substantial civil penalties and statutory damages. For consumers with an existing password-protected account, businesses can rely on the password authentication process. For non-account holders, the Proposed Regulations §999.325 outline different verification standards based on the risk level of the request, such as matching two or more data points that were provided by the consumer and maintained by the business.
With BRYTER, companies can build a CCPA Consumer Request Verificator that is tailored to their specific infrastructure to ensure compliance when receiving requests of information. The person seeking information is guided through the company’s request form and prompted to provide proof of identity. As part of the verification process, BRYTER integrates with privacy management and identification verification software such as OneTrust or Onfido, to automatically verify the identity of the user and generate a request once a positive result is returned. Companies can easily embed the BRYTER tool in their website and use the audit trail to track all generated and rejected requests to prove compliance. It provides a user-friendly one-stop solution and, using the open architecture of the BRYTER platform, can easily be updated to comply with additional guidelines issued by the California Attorney General.
How it works
Through a customizable and interactive questionnaire, all relevant information is collected and the user is prompted to upload a proof of identity.
The integrated identification verification software automatically assesses the inputs and generates a result to progress or reject the request for information. In case of a positive verification, the request is issued and a summary is sent to the respective internal department as well as the requestor of the information.
A conclusive audit trail allows companies to track and prove compliance as well as improve internal processes. A report can be generated to analyze all issued requests and assess potential risks. rn rn