Saturday, August 10 • 3:00pm - 4:00pm
Exploiting Data Subject Access Rights under New Privacy Laws

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The ability to request access to all the personal information a company has on an individual under new privacy laws such as the GDPR and CCPA has created new attack vectors for social engineering. These personal data access requests are usually managed by legal or compliance teams with minimal security review, increasing the potential for successful phishing, OSINT, and “legal DDoS.” This talk will discuss the personal data access options required in different regions, how most companies respond to data access requests, and the most effective exploits for privacy vulnerabilities. We’ll explore the psychology driving corporate responses to requests and ways these emotions can be exploited, as well as the most likely targets for a weak privacy program. A cheatsheet with key sections of the laws you need to know for successful exploits will be included.


Saturday August 10, 2019 3:00pm - 4:00pm
Acacia D