November 30, 2022

Volume XII, Number 334

Advertisement

November 30, 2022

Subscribe to Latest Legal News and Analysis

November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

Can a Business Require a Consumer to Submit a Declaration Under Penalty of Perjury in Order to Prove Their Identity?

The regulations implementing the CCPA require that a business verify the identity of a consumer that submits a specific-information access request to a “reasonably high degree of certainty.”[1] The regulations provide as an example matching three pieces of personal information provided by the consumer with three pieces of personal information maintained by the business and obtaining a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request.[2]

Although businesses are permitted to request that consumers sign a declaration under penalty of perjury, only 1% of companies state in their privacy notices that they require such an affidavit or a declaration.[3] However, it is possible that once a data subject request has been submitted, other companies also request a signed verification prior to providing information in response to a specific-information access request, even if that prerequisite is not in the corporate privacy notice.


FOOTNOTES

[1] Cal. Code Regs. tit. 11, § 999.325(c) (2021).

[2] Cal. Code Regs. tit. 11, § 999.325(c) (2021).

[3] Greenberg Traurig LLP reviewed the publicly available privacy notices and practices of 555 companies (the Survey Population). The Survey Population comprises companies that had been ranked within the Fortune 500 at some point in the past five years as well as additional companies selected from industries that are underrepresented in the Fortune 500. While the Survey Population does not fully match the current Fortune 500 as a result of industry consolidation and shifts in company capitalization, we believe that the aggregate statistics rendered from the Survey Population are representative of mature companies. Greenberg Traurig’s latest survey was conducted between September and October 2022.

©2022 Greenberg Traurig, LLP. All rights reserved. National Law Review, Volume XII, Number 326
Advertisement
Advertisement
Advertisement

About this Author

David A. Zetoony Privacy Attorney Greenberg Traurig
Shareholder

David Zetoony, Co-Chair of the firm's U.S. Data, Privacy and Cybersecurity Practice, focuses on helping businesses navigate data privacy and cyber security laws from a practical standpoint. David has helped hundreds of companies establish and maintain ongoing privacy and security programs, and he has defended corporate privacy and security practices in investigations initiated by the Federal Trade Commission, and other data privacy and security regulatory agencies around the world, as well as in class action litigation. 

David receives regular recognitions from clients and peers for...

303.685.7425
Advertisement
Advertisement
Advertisement