How to preserve consumer trust amid new data privacy regulations
Following the passing of Virginia’s Consumer Data Protection Act and the Washington Privacy Act currently making its way through the legislature, states across the country are working to expand consumer rights over their personal data. As rights requests emerge for enterprises affected by current and future data privacy regulations, businesses cannot trust the person making the request is who they claim to be. With fraud escalating as cybercriminals are taking advantage of online-only operations amid the COVID-19 pandemic, enterprises need to ensure they can authenticate users making rights requests to avoid the devastating repercussions of handing personal data to fraudsters.
This article will discuss new considerations for enterprises amid new state privacy regulations to keep data secured and out of cybercriminals’ reach.
How organizations can prepare now for new and upcoming privacy legislation
As consumers’ rights are being expanded to prevent companies from collecting and sharing personal data without prior consent or knowledge, enterprises must know which laws apply to them and how to execute these new rights requests securely. Enterprises need to recognize the critical importance of customer data privacy and understand consumer rights under new laws, such as the right to opt out of having their data collected and sold, the right to view what data companies have collected about them and the right to correct or delete that data.
To avoid non-compliance penalties (which can exceed thousands of dollars), enterprises must also be aware of enforcement dates and have the capabilities in place to facilitate secure rights requests ahead of that date.
Protecting the business and consumer: best practices for executing secure rights requests
As we will likely see the emergence of new state privacy laws and possibly even federal legislation around consumer data rights, enterprises need to ensure they are complying with the strictest of consumer privacy laws that apply to them, so that their data handling procedures can be compliant with less-strict regulations. As consumer rights requests are rich with personal data, enterprises must ensure the user making the rights request is the actual data owner.
With personal information readily available on the dark web (36 billion records were breached in 2020 alone), cybercriminals can easily log in with an exposed username and password or answer security questions with exposed data and act as the user. By relying on these traditional authentication methods that offer no real proof of identity, enterprises can unknowingly hand over an abundance of personal data to a cybercriminal which can be used to take over additional user accounts and commit fraud.
To avoid these devastating repercussions, enterprises would be wise to adopt digital identity verification solutions that offer data security, transparency, compliance and retention policies to comply with new regulations. Leveraging a digital identity verification solution ensures enterprises can comply with consumer rights requests by verifying users are who they claim to be. For example, solutions that leverage document-centric identity proofing compare a government-issued ID to a real-time selfie to ensure the user is who they claim to be in the real world. According to Gartner, by 2022, 80 percent of organizations will be using document-centric identity proofing as part of their onboarding workflows, which is an increase from approximately 30 percent today.
This ultimately helps enterprises know and trust their online customers, protecting both the business and customer from fraud.
The impact of new privacy regulations on business practices
As consumer data rights expand, so do enterprise responsibilities. Rising data privacy legislation will hold companies accountable for properly handling consumer data, and enterprises must have the proper systems and processes in place to uphold consumer rights and avoid non-compliance penalties.
By ensuring consumers making rights requests are who they claim to be, knowing which laws apply to them and having the proper capabilities in place to comply with the strictest of applicable privacy regulations, enterprises can preserve trust with their users, execute rights requests securely and fight fraud.
Robert Prigge is CEO of Jumio. He is responsible for all aspects of Jumio’s business and strategy. Specializing in security and enterprise business, he held C-level or senior management positions at Infrascale, Secure Computing, McAfee, Quest Software, Sterling Commerce and IBM.