GDPArrrrr: Using Privacy Laws to Steal Identities (Q3215)

scholarly article published in 2019

Language	Label	Description	Also known as
English	GDPArrrrr: Using Privacy Laws to Steal Identities	scholarly article published in 2019

Statements

instance of

scholarly article

0 references

official website

https://arxiv.org/abs/1912.00731

comment

paper

0 references

https://i.blackhat.com/USA-19/Thursday/us-19-Pavur-GDPArrrrr-Using-Privacy-Laws-To-Steal-Identities.pdf

comment

presentation

0 references

comment

In a survey of more than 150 companies, the authors demonstrate that organizations willingly provide highly sensitive information in response to GDPR right of access requests with little or no verification of the individual making the request.

0 references

We found that the largest organizations in our data set (e.g. Fortune 100 companies) tended to perform well and that the smallest organizations tended to simplyi gnore GDPR requests. Non-profits and mid-size orga-nizations (100 - 1,000 employees) accounted for around 70% of mishandled requests.

0 references

≈ 25% provided sensitive information without verifying the identity of the requester. A further 15% of organizations contacted requested a form of identity that we believed could easily be stolen or forged (such as a device identifier or a signed statement swearing to be the data subject)

0 references

GDPArrrrr: Using Privacy Laws to Steal Identities (Q3215)

Statements

Navigation menu

Search