First published by Data Protection Network, August 2019
When an Oxford University PhD student and cyber security researcher, managed to collect personal data about his girlfriend, including sensitive personal information, by submitting 150 Data Subject Access Requests, organisations were prompted to review their identity verification processes.
Data protection partner Robert Bond, comments in Data Protection Network’s article on whether the Right of Access leaves consumers open to privacy risks.
“Mr Pavur’s research highlights the need for businesses to improve their DSAR protocols, but also shows that for those organisations that handed over details relating to his girlfriend they had no process for identifying that he, Mr Pavur, was not entitled to her personal data in the first place. In sharing her personal data, they were in breach of a number of aspects of the Data Protection Act 2018, including data protection by default and the breach of her data protection rights.”
To read the full article, see the DPN website.