Tag Archives: Daniel Forester

The Risks of Fraudulent CCPA Access Requests – Guidance from a $10.7 Million GDPR Fine for Poor Customer Authentication

by Avi Gesser, Daniel Forester, Will Schildknecht, Jennifer Leather, and Dr. Carolin Raspé (Hengeler Mueller) 

Both the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) require companies to respond to customer data access requests. But how do you know that the person making the request is actually who they say they are? As we have previously noted on Davis Polk’s Cyber Blog, significant amounts of personal information are publicly available as a result of major data breaches, and that stolen data can be used to make fraudulent access requests. So, how can a company avoid turning a good-faith effort to comply with its GDPR or CCPA access rights obligations into a privacy violation by unknowingly providing the personal information of customer X to someone pretending to be customer X? A recent GDPR enforcement action in Germany, as well as guidance from German and California regulators, shows that companies must exercise diligence in making sure that they have properly authenticated the data subject who is making the access request. Continue reading

2019 Predictions – Top 10 Cybersecurity/Privacy Trends to Prepare for Now

by Avi Gesser, Daniel Forester, Will Schildknecht, Clara Kim, Daniela Dekhtyar-McCarthy, Mikaela Dealissia, Dan Thomson, and Mengyi Xu

2018 was another busy year for lawyers in the privacy/cybersecurity world – GDPR, CCPA, Marriott, New York Department of Financial Service’s cybersecurity rule deadlines, increased SEC enforcement, more data breach lawsuits, more companies doing table top exercises and risk assessments, etc.  But 2019 is looking to be even busier.  Below are our predictions for the Top 10 things that will keep us busy in 2019, and what companies should be preparing for: Continue reading