cross-posted from: https://sopuli.xyz/post/10336994

I often give fake info as an extra measure of data protection. If I don’t need the data controller to have my date of birth, I give a fake one.

Well this just screwed me because I made an access request and the data controller said: to verify your identity, tell us your date of birth. Fuck me. I didn’t keep track of which fake date I gave them. I didn’t even keep track of whether I gave fake info. So they could treat my otherwise legit request as a breach attempt.

I should have kept track of the birth date I supplied. I will; from now on.

    • freedomPusher@sopuli.xyzOP
      link
      fedilink
      arrow-up
      8
      ·
      9 months ago

      I’ll probably use a different DoB for each but keep it in a password file and treat it like a password of sorts.

      The data controller was actually being quite responsible in this case by verifying a simple piece of info that should have been mutually known. Many data controllers are reckless and demand a full copy of an ID card (entirely against GDPR rules).

      • DoctorSpocktopus
        link
        fedilink
        arrow-up
        2
        ·
        9 months ago

        I suppose I could work out a way of hashing the website name into a date, then I can rehash it whenever needed