How Does an Individual Verify Their Identity?
The requestor receives an email at the email address that they used when submitting the request. To verify their identity they simply click the included link. Once the link is clicked the data subject request will move to data extraction in your DataGrail Platform and you will receive an email notification.
When Does a Requester Receive an Email Verification?
To increase the security around privacy requests, DataGrail utilizes inbox control verification by sending an email with a verification link to the email address added when submitting the request.
If a Privacy Request is submitted via a Privacy Request Form the verification email is automatically sent to the requesters email. Once they click the verification link in the email, the time stamp and associated IP address are recorded in the request and displayed in Step 5 of the request triage.
If a Privacy Request is submitted to your privacy dedicated email alias (privacy@) or dedicated 1-888 line, the verification email can be sent when triaging the request in your Request Manager (see Step 5).
Email Verification Reminders
Email verification is an important part of ensuring that a data subject confirms they have control of their email address before your team processes a request. Below we’ll walk through the email verification flow and where it fits into the request lifecycle (Access or Deletion).
After a data subject submits a request via the privacy request form, an email verification is sent by your transactional mailer asking the data subject to click a link and verify their email. Here’s an example of one below.
For requests that are submitted through another intake method, you can send an optional verification email via the Request Wizard on Step 6. This will move the request to the Unverified: Verifying Email state until the data subject verifies their email.
Once verified, the request will move to Pending Wizard for you to process. If a data subject misses the first verification email, two reminders will be sent one and seven days after the original verification email. The verification link does not change and automatically expires seven calendar days after the initial verification email was sent. Once the verification link expires, the request will be automatically closed and reflect a Closed: Unverified state.
This expiration period can be configured to be longer. If you’re interested in extending the expiration period on verification emails reach out to firstname.lastname@example.org. By extending the expiration time past 10 days, a third reminder will be sent 10 days after the original. This is the final reminder email that will be sent to a data subject.
Note: Email verification reminders are sent in a daily batch for all requests in Pending Verification that require a reminder to be sent, this can cause the 1 day reminder email to be sent less than 24 hours after a request was submitted.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.