
Foxtons, the largest estate agency in London, has acquired Gordon & Co and Stone Residential … Read more
Do you have an open-ended, non-UK corporate fund (‘Offshore Fund’) marketed to UK individual investors, funds of funds or UK companies? … Read more
Sign up now to our Demystifying investments event with Rathbones … Read more
130 Wood Street, London, EC2V 6DL
enquiries@buzzacott.co.uk T +44 (0)20 7556 1200
Using social engineering techniques (LinkedIn, Facebook etc) it is feasible that a Data Subject Access Request (DSAR) may contain enough information for you to assume that the data request is genuine.
The valuable information you hold (particularly on ex-employees) could be used for identity theft or fraud. You might be called, as part of the request, to supply valuable items such as name, address, date and place of birth, national insurance number; all great ingredients of an identity thief’s toolkit.
We recommend that your privacy policy states clearly that your DSAR process requires a robust verification of identity and address and that it is reinforced by independent confirmation.
If possible, seek to engage the requestor to both clarify the scope of the request and to ensure that you have sight of originals or certified copies of originals. Bear in mind that whilst identity verification may not be used to unduly delay a response, the DSAR clock does not start ticking until you have received the required information and may be required to prevent an inadvertent breach.
Using social engineering techniques (LinkedIn, Facebook etc) it is feasible that a Data Subject Access Request (DSAR) may contain enough information for you to assume that the data request is genuine.
The valuable information you hold (particularly on ex-employees) could be used for identity theft or fraud. You might be called, as part of the request, to supply valuable items such as name, address, date and place of birth, national insurance number; all great ingredients of an identity thief’s toolkit.
We recommend that your privacy policy states clearly that your DSAR process requires a robust verification of identity and address and that it is reinforced by independent confirmation.
If possible, seek to engage the requestor to both clarify the scope of the request and to ensure that you have sight of originals or certified copies of originals. Bear in mind that whilst identity verification may not be used to unduly delay a response, the DSAR clock does not start ticking until you have received the required information and may be required to prevent an inadvertent breach.
We use necessary cookies to make our site work. We’d also like to set optional analytics and marketing cookies. We won't set these cookies unless you choose to turn these cookies on. Using this tool will also set a cookie on your device to remember your preferences.
For more information about the cookies we use, see our Cookies page.
Please be aware:
— If you delete all your cookies you will have to update your preferences with us again.
— If you use a different device or browser you will have to tell us your preferences again.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Analytics cookies help us to understand how visitors interact with our website by collecting and reporting information anonymously.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.