Difference between revisions of "GDPArrrrr: Using Privacy Laws to Steal Identities (Q3215)"
Jump to navigation
Jump to search
(Created claim: comment (P126): In a survey of more than 150 companies, the authors demonstrate that organizations willingly provide highly sensitive information in response to GDPR right of access requests with little or no verification of the individual making the request.) |
(Changed claim: official website (P15): https://arxiv.org/abs/1912.00731) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Property / official website | Property / official website | ||
| - | + | ||
| Property / official website: https://arxiv.org/abs/1912.00731 / qualifier | |||
| + | comment: paper | ||
| Property / official website | |||
| + | |||
| Property / official website: https://i.blackhat.com/USA-19/Thursday/us-19-Pavur-GDPArrrrr-Using-Privacy-Laws-To-Steal-Identities.pdf / rank | |||
| + | Normal rank | ||
| Property / official website: https://i.blackhat.com/USA-19/Thursday/us-19-Pavur-GDPArrrrr-Using-Privacy-Laws-To-Steal-Identities.pdf / qualifier | |||
| + | comment: presentation | ||
| Property / comment | |||
| + | We found that the largest organizations in our data set (e.g. Fortune 100 companies) tended to perform well and that the smallest organizations tended to simplyi gnore GDPR requests. Non-profits and mid-size orga-nizations (100 - 1,000 employees) accounted for around 70% of mishandled requests. | ||
| Property / comment: We found that the largest organizations in our data set (e.g. Fortune 100 companies) tended to perform well and that the smallest organizations tended to simplyi gnore GDPR requests. Non-profits and mid-size orga-nizations (100 - 1,000 employees) accounted for around 70% of mishandled requests. / rank | |||
| + | Normal rank | ||
| Property / comment | |||
| + | ≈ 25% provided sensitive information without verifying the identity of the requester. A further 15% of organizations contacted requested a form of identity that we believed could easily be stolen or forged (such as a device identifier or a signed statement swearing to be the data subject) | ||
| Property / comment: ≈ 25% provided sensitive information without verifying the identity of the requester. A further 15% of organizations contacted requested a form of identity that we believed could easily be stolen or forged (such as a device identifier or a signed statement swearing to be the data subject) / rank | |||
| + | Normal rank | ||
Latest revision as of 12:27, 13 January 2020
Statements
In a survey of more than 150 companies, the authors demonstrate that organizations willingly provide highly sensitive information in response to GDPR right of access requests with little or no verification of the individual making the request.
0 references
We found that the largest organizations in our data set (e.g. Fortune 100 companies) tended to perform well and that the smallest organizations tended to simplyi gnore GDPR requests. Non-profits and mid-size orga-nizations (100 - 1,000 employees) accounted for around 70% of mishandled requests.
0 references
≈ 25% provided sensitive information without verifying the identity of the requester. A further 15% of organizations contacted requested a form of identity that we believed could easily be stolen or forged (such as a device identifier or a signed statement swearing to be the data subject)
0 references