“Companies need to be vigilant as they set up their consumer response processes. This ‘verified consumer’ part is no small thing. It requires a robust commitment to accurately sourcing your verification data, skill in identifying dubious requests, and some healthy skepticism wouldn’t hurt. The emphasis now is to bend over backward to help consumers to invoke their new rights, but if this is not done well, consumers will ultimately be hurt by fraudsters tampering with their data using the consumer request mechanism.
It’s ironic that this next-gen data breach could arise out of well-meaning efforts to comply with a new privacy law. But that’s the kind of big data world we live in. A gap in expertise of this breadth — fraudsters will find a way to take advantage of this gap. With awareness and commitment, organizations will be able to dedicate resources to address such requests properly. Concurrently, perhaps this will be a topic of guidance from the California attorney general’s office.”
Full details here from the International Association of Privacy Professionals.