Laws are made with the aim of protecting citizens from those with malicious intentions. Even though lawmakers have the best of intentions, they unwittingly leave potential loopholes in their regulations, which malefactors are all too happy to exploit. Prevention, they say, is better than cure. This holds true, especially for a privacy crisis. In this post, we will ferret out one of the potential loopholes in CCPA California and explain how you can avoid it. Remember, the law goes into effect on January 1, 2020.
The Verification Loophole
While there are several loopholes, unintended in the CCPA, the biggest of all is the verification loophole. We have previously discussed on this blog the five core consumer rights under the CCPA California, one of which is the right to deletion and the right to access. In both instances, consumers will need to verify their identities before they can exercise this right.
Unfortunately, the CCPA California is silent as to what constitutes a verification or how one is conducted. This verification loophole could be exploited, leading to the theft of a consumer’s data and identity, made easier and faster by the CCPA.
What Can Be Done?
On the part of CCPA California, the lawmakers can make express provisions for issues like:
- What type of information should a company conducting the verification of a consumer’s identity, require?
- What mode of communication should consumers adopt when requesting for deletion or access?
- A request template consumers can use.
- Who okays verification? Someone in-house appointed by the company or a third party appointed under CCPA?
Amendments have been proposed to the lawmakers, although no certainty yet on when they will be implemented.
On the part of the companies, rather than leaving consumer’s data exposed and risking their reputation and business profits, they can take any of the following actions.
- Leverage digital and technology to integrate a smart identity verification process. This smart approach should also extend to the data collection process. Google and Microsoft are leading examples of companies effectively utilizing multi-factor authentication.
- Incorporate strong governance policies around data collection, storage, and maintenance. This is especially important for companies collecting data they do not need.
- Ensuring total compliance with CCPA California. Most businesses only wish to meet the least requirements just so they do not come under the Attorney General’s radar. While that might give some momentary relief, there could be danger ahead in the long run.
Contact us today, to help you tick off all the boxes in the CCPA regulatory compliance checklist.