GDPArrrrr: Using Privacy Laws to Steal Identities (Q3215)
Jump to navigation
Jump to search
scholarly article published in 2019
Language | Label | Description | Also known as |
---|---|---|---|
English |
GDPArrrrr: Using Privacy Laws to Steal Identities
|
scholarly article published in 2019
|
Statements
In a survey of more than 150 companies, the authors demonstrate that organizations willingly provide highly sensitive information in response to GDPR right of access requests with little or no verification of the individual making the request.
0 references
We found that the largest organizations in our data set (e.g. Fortune 100 companies) tended to perform well and that the smallest organizations tended to simplyi gnore GDPR requests. Non-profits and mid-size orga-nizations (100 - 1,000 employees) accounted for around 70% of mishandled requests.
0 references
≈ 25% provided sensitive information without verifying the identity of the requester. A further 15% of organizations contacted requested a form of identity that we believed could easily be stolen or forged (such as a device identifier or a signed statement swearing to be the data subject)
0 references