How Does DataGrail Support Smart Verification (CCPA)?

Have more questions? Submit a request


CCPA Final Regulations provides businesses the means to deploy up to 3 levels of verification for Privacy Requests. CCPA prohibits businesses from collecting more PII during the verification process so DataGrail leverages existing data already on file to verify CCPA requests. DataGrail allows compliance teams to:

  • Avoid collecting additional PII

  • Verify phone numbers associated with the data subject's account record  

  • Ask custom questions related to data subject's account record

  • Require data subjects to confirm, under penalty of perjury that information is correct

  • Approve or reject data subject's responses using the system of record.


This functionality only applies to the CCPA workflow (legal framework = CCPA) and the respective privacy rights:

  • Access Categories

  • Access (Download)

  • Deletion

The CCPA does not specify verification requirements for Do Not Sell. If our customers are collecting user info (name, email) in their do not sell intake, we can provide email verification for these request. See Do Not Sell wiki (forthcoming) for more information. 




Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful