CCPA Compliance: Identity Verification ChallengesSovrin Foundation Leaders Discuss Authentication Issues
One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues in an joint interview with Information Security Media Group.
"If someone comes to me and asks for their data to be removed, how do I know that it's really the person whose data I am holding?" asks Heather Dahl, CEO at the foundation, a not-for-profit organization that governs the Sovrin Network, a self-sovereign identity network.
One way to help address the authentication issue is to collaborate with those in other sectors, adds Nathan George, CTO at the foundation.
"One of the innovations going forward is the ability to leverage trusted information not only just from your organization but being able to verify and trust information that comes from other organizations," George says. "Collectively, we have lots of different relationships, and when we can use those different relationships to understand who someone is and whether they are authentically the person they say they are, we get a lot better verification."
In this joint interview (see audio link below image), Dahl and George discuss:
- Sorting through the ambiguities in CCPA;
- Why minimum security procedures need to be well defined;
- Why verifying identities remains a challenge.
Dahl, CEO of the Sovrin Foundation, has over 25 years of strategic leadership experience in newsrooms, multinational corporations and high-tech startups. She launched a technology incubator in San Francisco in September 2019 for early-stage startups.
George is CTO at the foundation. He has led the growth of the open source community contributing to the Sovrin Network. Previously, he was a software architect for Evernym, where he worked on the original team that created the Sovrin platform.