Explore data access rights exploits under new privacy laws in this conference talk from GrrCON 2019. Delve into the challenges posed by data subject requests in the global privacy era, examining legal DDoS tactics, potential fishing exploits, and defense strategies against malicious actors. Learn about the costs associated with data subject request compliance, identity verification methods, and red flags for automated DSARs. Gain insights into the complexities of privacy legislation implementation and its impact on organizations' data management practices.
Overview
Syllabus
Intro
Who am I
Data Subject Requests
Global Privacy Era
Privacy Challenges
Response
Two Primary Methods
HighLevel Overview
Legal DDoS
Flooded Blizzard
Data Subject Request Costs
Ship Your Enemies GDPR
Fishing Tactics
Common Names
Confirm Profile Data
Spearfishing
Twitter
The problem
Defense strategies
Three primary concerns
ID Challenge
ID Documents
Blizzard
ID Methods
Arecibo
Graduated ID Requirements
Automated D SARS
Red Flags
Reportable
Cat
References
