Knowing where your data is and responding to Data Subject Access Requests
Organizations are increasingly becoming aware of the implications of new data privacy laws and regulations. It seems that everywhere we turn, we see a new state come out with a regulation, oftentimes modeling their data privacy laws off of other states. To really understand the implications of these laws, organizations need to go back to some old information governance principles and remain proactive in the implementation and use of best information governance practices. As these new regulations come out, organizations need to pay attention to the individual’s rights, particularly when they’re collecting personal and sensitive information and need to respond to a Data Subject Access Request (DSAR). What exactly is a Data Subject Access Request? Individuals in certain states and within Europe have a right to access, right to be forgotten (deletion), right to correct information, and the right for portability. With this comes a major challenge for those that collect this information. How are they going to respond?