UPDATE:
see reply below.
Owning, running or being the admin of an online property that's openly accessible to the public means being answerable to a number of privacy regulations, notably the European
General Data Protection Regulation (GDPR) and the
California Consumer Privacy Act (CCPA), both essentially meant to give the User power to refuse or inspect what Personally Identifying Information and data might be collected while browsing the Internet. Under normal circumstance this isn't a issue as Users can be (re)directed to any available
Privacy Policy or other 'terms' document that should inform as to what may or may not be being collected and who would be responsible for it.
However, scammers, phishers & 'hackers', always looking for inroads and avenues of attack, use the legislation to formulate boiler plate inquiries to 'process phish', that is gauge points of socially engineered attack that might be ascertained from any responses given. Fortunately, genuine enquiries tend not to be formulated with so much formal specificity and can be safely ignored (search email and contact information to verify sender).
From : Mary Clark <maryclark@potomacmail.com>
Subject : Questions About GDPR Data Access Process for [domain]
To Whom It May Concern:
My name is Mary Clark, and I am a resident of Roanoke, Virginia. I have a few questions about your process for responding to General Data Protection Regulation (GDPR) data access requests:
1. Would you process a GDPR data access request from me even though I am not a resident of the European Union?
2. Do you process GDPR data access requests via email, a website, or telephone? If via a website, what is the URL I should go to?
3. What personal information do I have to submit for you to verify and process a GDPR data access request?
4. What information do you provide in response to a GDPR data access request?
To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request.
Thank you in advance for your answers to these questions. If there is a better contact for processing GDPR requests regarding katsbits.com, I kindly ask that you forward my request to them.
I look forward to your reply without undue delay and at most within one month of this email, as required by Article 12 of GDPR.
Sincerely,
Mary Clark
From : Victor Coutand <victorcoutand@envoiemail.fr>
Subject : Questions About CCPA Data Access Process for [domain]
To Whom It May Concern:
My name is Victor Coutand, and I am a resident of Nice, France. I have a few questions about your process for responding to California Consumer Privacy Act (CCPA) data access requests:
1. Would you process a CCPA data access request from me even though I am not a resident of California?
2. Do you process CCPA data access requests via email, a website, or telephone? If via a website, what is the URL I should go to?
3. What personal information do I have to submit for you to verify and process a CCPA data access request?
4. What information do you provide in response to a CCPA data access request?
To be clear, I am not submitting a data access request at this time. My questions are about your process for when I do submit a request.
Thank you in advance for your answers to these questions. If there is a better contact for processing CCPA requests regarding katsbits.com, I kindly ask that you forward my request to them.
I look forward to your reply without undue delay and at most within 45 days of this email, as required by Section 1798.130 of the California Civil Code.
Sincerely,
Victor Coutand