Our customers can specify their own risk profile, and in general, customers using us for more sensitive use cases (e.g. returning all the data they possess about individuals), tend to pick our most thorough checks. In addition, we return a number of signals to our customers to help them determine how confident they should be about a given verification. That said, it is ultimately the responsibility of the business who's the recipient of the data request to determine whether they're confident enough about the identity of a "data requester" before acting on their request.
The unfortunate reality is that very often, businesses do not do enough due diligence before responding to data requests. [1] Berbix makes such diligence easier and more secure, such that more companies should be able to adopt better processes around data access requests.
The unfortunate reality is that very often, businesses do not do enough due diligence before responding to data requests. [1] Berbix makes such diligence easier and more secure, such that more companies should be able to adopt better processes around data access requests.
[1] "GDPArrrrr: Using Privacy Laws to Steal Identities" https://i.blackhat.com/USA-19/Thursday/us-19-Pavur-GDPArrrrr...