9. of Transfer
We provide an API to access personal data, and we do not control who can access this API.
Threat |
|
Your API doesn’t require any authentication, thereby making it public and open to use by anyone, so people can make requests without you knowing who they are or whether they should even be accessing your data. |
|
GDPR |
Chapter 2, Art. 5 – 1. (f) Chapter 4, Art. 32 |
CCPA & CPRA |
CCPA 1798.100. General Duties of Businesses that Collect Personal Information (e) |
OECD |
Part 2, 11. Security Safeguards Principle |
Mitigations |
|
|