Quantcast
jdsupra.com 25 Jan, 2023 19:30 am

Celebrating Data Privacy Week 2023 - Data Subject Access Requests

Celebrating Data Privacy Week 2023 - Data Subject Access Requests
State and international laws provide consumers and employees (including job applicants and former employees) with certain rights, such as the right to find out what personal information...

State and international laws provide consumers and employees (including job applicants and former employees) with certain rights, such as the right to find out what personal information a business has about the individual, the right to correct inaccurate personal information, the right to delete personal information, the right to opt-out of certain uses of personal information, and the right to “port” or transfer personal information.Verify the Request Before providing personal information in response to a DSAR, verify that the person making the request is the individual to whom the personal information relates or is someone authorized to act on behalf of the individual.Providing personal information to an unauthorized individual is a data breach that requires notice to the individual to whom the personal information relates.A business that limits its collection of personal information and follows strict data retention policies to properly dispose of personal information will have limited information to disclose; transfer; or opt-out of the sale, sharing, or other processing when it receives a DSAR.

Additionally, a business is not required to provide personal information of any other individual; responses that might include such information should be redacted or withheld.For sensitive personal information (such as Social Security number, financial account information, account password and security questions), a business should seriously consider whether to provide this information to a requestor.

Read full story at jdsupra.com