Identity Verification Through Ethyca

How does Ethyca verify a subject's identity prior to entering a DSAR?

Under CCPA regulation, a business must perform identity verification in order to verify the identity of the consumer making a request to the business (e.g. confirming the user is indeed who they say they are). If a business cannot identify the subject making the request, the business may deny the request and inform the subject that it cannot verify its identity. Likewise, under the GDPR, your business "should use all reasonable measures to verify the identity of a data subject who requests access".

How does this work in Ethyca?

Your Ethyca Privacy Center is configured with email verification from the start. When your subject puts in any request to manage their rights in the Privacy Center, they'll be prompted to enter the email address associated with their account, and a verification code will be sent to the email address provided.

For more detail, let's review the identity verification lifecycle together:

Step 1) The subject will be asked to provide the email address associated with their account:


Step 2) The subject will be sent a verification code to their email address:


Step 3) The subject will be asked to enter the verification code sent to the email address provided in the Privacy Center:


If the code matches the one sent to the data subject's email address, the verification process is considered complete, and you may proceed with managing your subject's request.

Please contact [email protected]com if you have any questions regarding your account.