Smart Verification of Data Subject's Identity

Have more questions? Submit a request

DataGrail verifies a data subject’s identity by asking questions about their PII (Personally identifiable information). In addition, DataGrail also sends verification texts/calls based on data found within one of a customer’s connected authentications, the System of Record (SOR). Smart verification is enabled per privacy request policy, and the number of data points are configured per Privacy Right per customer.



CCPA Final Regulations provides businesses the means to deploy up to 3 levels of verification for Privacy Requests. CCPA prohibits businesses from collecting more PII during the verification process so DataGrail leverages existing data already on file to verify CCPA requests. DataGrail allows compliance teams to:

  • Avoid collecting additional PII

  • Verify phone numbers associated with the data subject's account record  

  • Ask custom questions related to data subject's account record

  • Require data subjects to confirm, under penalty of perjury that information is correct

  • Approve or reject data subject's responses using the system of record.


This functionality only applies to the CCPA workflow (legal framework = CCPA) and the respective privacy rights:

  • Access Categories

  • Access (Download)

  • Deletion

The CCPA does not specify verification requirements for Do Not Sell. If our customers are collecting user info (name, email) in their do not sell intake, we can provide email verification for these request. See Do Not Sell wiki (forthcoming) for more information. 


Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful