At tapmydata.com we use two levels of verification when a user sends a data rights request to an organisation.
We use 2factor auth on both email and mobile. In fact, you have to verify these before sending a request. Problem is, most organisations want more information from the individuals, such as ID in the form of a passport or driving licence.
We're working on a solution where individuals don't have to give up more data to receive their data. I mean it's not ideal sending a copy of your passport in an email.
We use 2factor auth on both email and mobile. In fact, you have to verify these before sending a request. Problem is, most organisations want more information from the individuals, such as ID in the form of a passport or driving licence.
We're working on a solution where individuals don't have to give up more data to receive their data. I mean it's not ideal sending a copy of your passport in an email.
Not sure on anyone else's thoughts?