The CCPA requires you to verify the identity of a person making a request related to personal information. After all, you don’t want to accidentally give away access to someone else’s personal data. That’s what we call a data-breach!
You generally don’t want to ask someone to send you a photo of a government ID. In most cases, there are less radical ways to establish someone’s identity.
Examples of how to Verify Identity for CCPA
For inspiration, below you will find a number of ways in which you can establish the identity of a person making a CCPA request. It is up to you to determine the most appropriate solution for your business.
- Via an existing login system. Companies that are required to comply with CCPA often already have a secure login system for customers.
- After receiving a request via e-mail you send a confirmation by text to the mobile number on file.
- After receiving a request via phone, you send a confirmation e-mail to the email address on file.
- You ask for the last 4 digits of their Social Security number and their date of birth and match it against customer records.