June: Ask Us Your Digital Identity Questions

June: Ask Us Your Digital Identity Questions

We’ve received loads of questions from customers, partners, and occasionally from friends, about a myriad of things relating to Digital Identity, GDPR compliance, personal data, and security.

We’re sure they aren’t the only ones with questions – so we’ve decided to launch a monthly mailbag where our Director of Strategic Accounts & Client Quality Services, Tom Canfarotta, will answer your questions.

This month we’ve received many questions around GDPR, and it makes sense since it went into effect May 25.

Will your services assist us with our own efforts to be GDPR compliant?

~Mike from New York City

Simply put, the answer is “yes”.

There are many GDPR Compliance elements that intersect for Veratad and our customers, many are considered “Data Controllers” under the new GDPR regulations. Remember, the “Data Controllers” are the organizations that capture and manage personal data about their customers and determine the purposes and means of processing the data.

First, organizations subject to GDPR need to be sure that their “Processors” are compliant. As a “Processor,” Veratad has made a significant investment in its security, privacy and GDPR Compliance. Be assured that we are GDPR compliant in support of your compliance requirements.

Also, “Data Controllers” need to be sure that all personal data they collect and process is ‘accurate’ [GDPR article 5.1(d)]. So, it’s important that personal data collected for on-boarding, as well as requests for access, is properly verified. Veratad can assist in verifying an individual in a variety of ways depending on your company’s needs.

We can verify personal data as well as identity documents, or use two-factor authentication. If you’d like more information on any of our identity verification solutions, feel free to reach out for a personalized demo.

Is this privacy email from an actual company? Could it be a scam?

~Elizabeth from San Francisco

While not about the GDPR, we were a little NOT surprised to get this question but it raises an excellent point.

While anything is possible, it’s unlikely that those recent myriad of emails announcing privacy policy updates are scams. It’s more likely that the shockwave in awareness caused by the recent deadline, has everyone scrambling to be sure they have done at least the minimum of privacy review and communication with their customers. As long as they are not soliciting any information from you and it’s only a notice, you are probably OK.

This would be a great opportunity for you to do what most of us do not: read one of these privacy notices completely. It’s likely to be an eye-opener and even cause you to want to read them each  time you check the read the privacy agreement checkbox. While I’m hoping you do, I’m not holding my breath.

Also, it’s also a good time to remind your children, friends, clients and family to never pass private information like passwords and account numbers over email.

How many data sources are used when confirming a customers age using identity data elements?

~Claire from Toronto

This is a complicated question and I guess the right answer is “it depends”.

Veratad has access to billions of public and non-public age and identity records that are trusted and verified data sources. Depending on the industry and the regulations, the number of sources we check may vary depending on our customer’s compliance criteria.

We have customers that only require us to confirm an age from one trusted data source and others that require us to verify an age from two or more sources.

In any case, we work closely with each of our clients to design the most effective deployment of our solutions to meet their compliance and fraud prevention objectives.

How are you preparing for GDPR?

~Corey from Chicago

As I mentioned previously, Veratad has made a significant investment in its overall security, privacy, and GDPR Compliance efforts and so we are GDPR compliant.

That said, we haven’t prepared for the new GDPR as though it were a singular event. While the deadline for compliance was May 25, 2018, GDPR requires ongoing attention to maintain compliance.

To answer your question more precisely about preparation, in order to achieve our baseline compliance, Veratad contracted with an industry-leading compliance consulting firm with expertise in the GDPR to guide us in the process. In addition, we allocated significant internal resources to ensure the baseline compliance by the given deadline.If you would like to learn more, you can read more of our posts from our All Things GDPR Series on our blog.

Of course, we’re pleased to say that we met our goals for GDPR by May 25.

Hope you enjoyed our first Ask us Anything on Digital Identity. If you have more questions, you can ask them here!

June 18th, 2018|Veratad Technologies Blog|