Technologies to Respond to Privacy Subject Access Requests

Einblicke April 28, 2022

With 2022 in full swing, we want to look at some of the trends that we’re watching as it relates to our Digital Compliance industry, the regulatory impacts that are top of mind for our customers, and how customers can increase the value of their investment with Veritas. 

Today’s changing privacy landscape has consumers and organizations asking tough questions with the common concern of protecting the personal information of individuals. From Apple, Google, and Meta fighting their battle over privacy rights for their users, to organizations stateside and abroad facing newly created regulations that are now in enforcement, the privacy and data protection mandates are having impacts and driving a forward-thinking approach to privacy. 

To understand the challenges organization now face dealing with privacy regulations, we should break down the anatomy of Data Subject Access Request (DSAR) – a submission by an individual to an organization requesting knowledge of their personal information collected and stored with the respective party. Although specific to local regulations, an individual will generally submit DSARs to:

  • Receive a copy of their personal data
  • Have their personal data rectified (corrected or completed)
  • Have their data erased (“Right to be Forgotten”)
  • Restrict the processing of their personal data
  • Request the transfer of their personal data

Failure to provide a timely response may result in an enforcement action extending to significant fines and, in today’s media age, “canceling,” or reputational damage and loss of customers.  To avoid such enforcement, organizations must make efforts to secure and protect private data appropriately.  “Getting your data house in order” is a common theme among IT departments with a data management mindset.  But meeting such requirements requires an efficient way to identify personal data such as names, date of birth, address, phone numbers, email addresses, and other government-issued IDs.  Organizations must be able to identify what is sometimes referred to as “sensitive data” – ethnic origin, religion, health, sexuality, political option, and biometric information – across its entire infrastructure and then take appropriate action.

The Veritas Digital Compliance solution helps to solve this challenge with appropriate tools that identify and capture the necessary information and allow organizations to search and retrieve the data to answer Data Subject Access Requests. With our suite of products, you can:

  • Ensure data is stored appropriately
    • With proper retention
    • In the proper location
    • With the appropriate security (immutable storage, encryption)
  • Defensibly delete data
  • Gather, and if necessary, redact information being sent in response to a request to receive a copy of data or transfer specific data.

Locating this information quickly and accurately allows you to ensure the data is preserved appropriately and available when needed to meet your privacy obligations through efficient data management.

Veritas Digital Compliance Portfolio

The Veritas Digital Compliance Solution provides a one-stop solution for your DSARs:

  • With Veritas Information Classifier, you can surface relevant content from a corpus of data, enrich the metadata of that content, and eliminate noise – while leveraging over 180+ classification policies to identify data specific to data privacy and regulatory compliance regulations around the world.  Each policy can identify personal and sensitive category information for individuals from different countries. 
  • With Veritas Data Insight, you can see up-to-date information such as which file contains personal or sensitive data, the item’s location, age, and ownership information.  You can also search for a person’s name, phone number, email, or location and filter the results to identify the required information quickly.
  • With Veritas Merge1, you can capture all relevant content sources, including private consumer data, with new content sources being added regularly.
  • With Veritas Enterprise Vault, you can store sensitive data into an archive, that keeps efficient data sizes, stores content with flexible deployment (either in the cloud or on-premise), and allows for retrieval when the time arrives.
  • And finally, with Veritas Advanced eDiscovery, you can respond to DSARs with a comprehensive and defensible search against the requested individual’s data. Based on the requested specifics, the data can either be exported as a part of a report, or only the metadata fields can be exported to report the location of the data. 

We’re in an ever-changing and evolving time for data privacy and organizations’ data compliance obligations. Veritas has the appropriate tools to help organizations effectively and efficiently manage their data and support their privacy compliance programs.  Don’t wait until you face a Data Subject Access Request to inventory, manage, and retain privacy data at your organization – contact your local Veritas Digital Compliance specialist and get your privacy obligations in order.

Aayush Jain
Senior Principal Product Manager, Digital Compliance
VOX Profile

Irfan Shuttari
Director of eDiscovery Strategy, Product Management
VOX Profile