If your business is subject to the California Consumer Privacy Act (“CCPA”), you’re likely finalizing your compliance program before CCPA comes into effect on January 1st, 2020. Berbix can help by instantly verifying the identity of individuals submitting CCPA requests to your business.
Under CCPA, businesses are required to comply with “verifiable consumer requests” from California residents to access or delete their data. The CCPA is rather vague on what makes a “verifiable consumer request”: according to the law, businesses need to “reasonably verify” that the request comes from “the consumer about whom the business has collected personal information” (Cal. Civ. Code § 1798.140). What this entails is to be determined by regulations to be adopted by California’s Attorney General, which are still being drafted.
Not only does this uncertainty make designing a compliance program harder, but you’ll also find that in practice verifying consumer requests is not just about acting “reasonably”; failing to detect fraudulent requests could get you into more trouble. What if you expose or delete information upon a request from a bad actor?¹ What if you struggle so much to verify identities that you cannot meet the CCPA’s deadlines?² And finally, how will you bear the cost of training your employees to verify consumers’ identities, collect whatever documents you need to do so, and ensure that you do so in a privacy-minded way?
This is why companies like Sift use Berbix to verify their consumer requests to ensure personal data doesn’t fall into the wrong hands. When Sift receives a consumer request, they direct the individual to our online flow using a unique, one-time link. Berbix instantly checks a government-issued photo ID and then performs an automatic selfie match and liveness check to ensure that individual is who they say they are. After the verification is complete, Berbix automatically deletes the collected information according to the retention schedule set by the customer.³
Getting started with Berbix only takes a few minutes whether you want to integrate Berbix in your application or manually generate one-time links.
Our plans start at $99/month for 100 verifications, and you can test Berbix for free after creating an account.
² Talend research indicates that 58% of companies subject to GDPR fail to respond to GDPR requests in time, and that responding alone often comes at a high cost.
³ Sift has configured a short 14-day data retention policy meaning the data is permanently deleted from our systems 14 days after its collection.