Organizations, whether prepared or not by the EU’s General Data Protection Act, are putting processes together to address the California Consumer Privacy Act (CCPA). EDRM partner, LDM Global, has issued a helpful Frequently Asked Questions post to assist.
Reminding us to validate requests prior to turning data over, LDM recommends:
When you receive a request, there are a few steps to take immediately. Forward the request to your organization’s Data Protection Officer. He or she should have a protocol in place of how to respond.
Additionally, you need to verify that the person making the request is indeed the person named in the request. You wouldn’t want to mistakenly hand over personal information to the wrong person. Some requests may come through third parties, such as lawyers or unions. Here companies will need to be satisfied that the request has been duly authorized by the individual.
You should also check that you have all the information needed to locate the data and respond to a request.