Your company, an online store selling digital keys to video games, has received a data...

IAPP CIPP-US Question Answer

Your company, an online store selling digital keys to video games, has received a data access request from an individual. Specifically, the individual wants access to her recent purchase history, as she has misplaced the emails containing the digital keys to multiple game purchases she made last month.

From a security standpoint, what would the user have to do under CCPA in order to acceptably verify her identity?

Take a photo of herself with her driver license

Provide a notarized affidavit signed by two witnesses.

Phone the company and provide her contact details and credit card number

Explanation:

Under the California Consumer Privacy Act (CCPA), businesses must verify the identity of individuals making data access requests to ensure the security of personal information. The most secure and straightforward way to verify a consumer’s identity is by requiring the individual to log in to their password-protected account, as this demonstrates that the requester is the account owner.

Why Password-Protected Accounts Are Best for Verification:

Account-Based Relationship:If the consumer has a password-protected account with the business, verification can typically be achieved by having the consumer log in to the account. This is considered a sufficient method of verifying identity under CCPA guidelines.

Minimizing Risk:Verifying identity through account login reduces the risk of fraudulent access to personal information, as only the account owner has access to the login credentials.

Explanation of Options:

A. Take a photo of herself with her driver license:While this might verify identity, it is more intrusive and poses unnecessary risks of identity theft. This is not a preferred or common method under the CCPA.

B. Provide a notarized affidavit signed by two witnesses:This is excessive and impractical for verifying identity in most cases, particularly for an online store.

C. Log in to her password-protected account with the company:This is correct. Logging into a password-protected account is a straightforward and secure way to verify the identity of a requester under the CCPA.

D. Phone the company and provide her contact details and credit card number:This method is insecure, as it could lead to identity theft or fraudulent access if someone else provides this information.

References from CIPP/US Materials:

CCPA Regulations (11 CCR § 999.323): Specifies identity verification requirements, including the use of password-protected accounts.

IAPP CIPP/US Certification Textbook: Covers secure methods for verifying consumer identity under the CCPA.

CIPP-US PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

What are banks required to do under the Gramm-Leach-Bliley Act (GLBA)?

SCENARIO -Please use the following to answer the next question:Jane is a U.

Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

Your company, an online store selling digital keys to video games, has received a data...

The Answer Is:

Explanation:

Quick Links