If a California consumer makes a request of your business regarding access, deletion, or opt-out, it’s extremely important that you take steps to verify their identity. The last thing you want is to reveal personal information to a fraudster. The California Attorney General’s office has published some guidelines depending on what sort of request comes in.
|Right to Know - Categories||Disclosure of categories tends to be based on fairly general information, so you should maintain a reasonable level of certainty. It is recommended that you cross-reference 2 data points of information provided by the consumer with information you already have on file in order to verify identity.|
|Right to Know - Specific Information|
Disclosing specific information to a non-verified consumer may constitute a fairly serious case of fraud, so it’s important that you adhere to a high level of certainty.
The Attorney General recommends that you cross-reference 3 data points of information provided by the consumer with information you already have on file, as well as a signed declaration under penalty of perjury that the requestor is who they say they are.
|Right to Delete|
|Right to Opt-out||The verification system described does not apply to opt-out requests.|
TIP: If you do not feel confident that a requestor has adequately verified their identity, you may reject his request so long as you explain to him why and give him another opportunity to submit information. Do not use a social security number, driver’s license number, or any other sort of account number to verify a request.
If you have any questions or need any support with this information, please contact our support team via email at firstname.lastname@example.org or 1-888-843-0425.