Explore a revealing conference talk that exposes vulnerabilities in the GDPR 'Right of Access' implementation. Delve into a study examining 55 organizations' identity verification processes for data access requests, uncovering alarming success rates in impersonating individuals using only forged or publicly available information. Learn about the varied policies and practices across different sectors, the types of sensitive data leaked, and the social engineering techniques exploited. Gain insights into practical policy improvements organizations can implement to enhance data protection and minimize unauthorized access risks. Understand the ethical implications and broader impact of these findings on personal data security in the context of GDPR compliance.
Personal Information Leakage by Abusing the GDPR 'Right of Access'
Overview
Syllabus
Intro
Resource Questions
How to Improve Identity Verification
What Credentials are Being Asked
Home address
ID card
Proof of identity
Leaked Data
Recommendations
Ethics
Questions
Taught by
USENIX
