Call Today! +1512 658-8277|info@ediscoveryadvisory.com
facebooklinkedin

Are you a Data Hygienist?

By |2021-03-11T16:37:41+00:00March 11th, 2021|Categories: Data, eDiscovery, Information Governance, Knowledge, Privacy, Productivity|Tags: , , , , |

The first real job in my formative years was as a line cook at a Big Boy family restaurant in north-central Indiana.  I learned many lessons about working with people, teamwork, customer service, inventory management, and managing a business. In the kitchen, I remember the grizzled cook that had been there for many years telling me when there was a break in the dinner rush: “If you've got time to lean, you’ve got time to clean”.  That mantra stuck with me for the rest of my career.  In a conversation today with my partners, Jason Thompson and Michael Epstein, we were discussing the dusty data landscape of Microsoft Teams and other collaboration sites.  Every organization, including Kindato, struggles daily with ensuring their team members accidently don’t use erroneous chats and meeting notes. Naturally, the conversation then led towards how to manage SharePoint and shared folders across a myriad of cloud platforms.    My career in technology allows me to play with terabytes (and sometime petabytes) of unstructured data. Now I’m spending quite a bit of time in Microsoft Teams, Slack, Trello, and a few other collaboration technologies across the different projects we are engaged. These tools are amazing at providing the foundation for remote teams to continue working together especially in the middle of a pandemic.    The challenge is that collaboration technologies often become a “data dumping ground” for all sorts of data such as meeting notes, files, meeting recordings, and chats. This makes it very difficult to manage on a day-to-day basis as well as raises the risk of retaining large volumes of unknown data.    Building data hygiene and data management into the culture of your organization is a healthy way to manage the exploding volume of data that is stored across these [...]

Read More

DSAR Best Practices and Workflows an Organization Should Follow

By |2020-07-07T15:05:10+00:00June 30th, 2020|Categories: eDiscovery, Information Governance, Privacy|Tags: , , , , |

In my latest post, I outlined the process involved in the actual response to DSAR requests. In my last article of this series, I will discuss the best practices and workflows that your organization should follow when responding to DSAR requests. Generally, “controllers” are responsible for responding to DSARs, and “processors” assist them in handling the requests. Here are my recommendations for best practices in responding to DSARs to ensure General Data Protection Regulation (GDPR) compliance: Review and Update Privacy Notices and Policies The GDPR requires organizations to inform data subjects of their rights. Companies need to make sure that their existing policies comply with the new entitlements given to data subjects by the law, including the right to: Obtain certain information from the controller beforehand, and without asking for it Be made aware of whether a controller is processing their data and how it was collected Request that inaccurate personal data about them be rectified, with communication regarding the rectification made to each recipient of the data Demand that their personal data be erased and no longer processed (right to be forgotten) Ask the controller to restrict the processing of their data Receive their data in a structure, commonly-used format for transmission elsewhere (data portability) Object to the handling of their data at any time (in certain circumstances) Not be subject to decisions based solely on automated processing Withdraw consent at any time during processing In certain circumstances, EU member states may pass legislation to limit DSAR requests under local law. One example of this is the UK’s Data Protection Act of 2018. Create and Implement a DSAR Process Your company needs to have a process in place to address: How you will enable DSARs, e.g., offering a standardized online [...]

Read More

Responding to a DSAR Request

By |2020-07-07T14:59:23+00:00June 10th, 2020|Categories: eDiscovery, Information Governance, Privacy|

In a previous post, I discussed what a DSAR is, the laws that such requests arose from, and the importance of having a systematic approach to dealing with a request. Now let us outline the process involved in the actual response to DSAR requests. An organization is required to provide a DSAR requester with a copy of any relevant information collected or stored. The time to prepare for these requests is before you receive your first DSAR and find yourself not knowing quite what to do with it. Here are the steps to follow when responding to a DSAR: Conduct a Data Inventory Before you answer a data request, you need to know where the requester’s data can be found within your organization and allow for easy access and retrieval of the requested information.  The data can come in many different forms including structured data formats which will require planning on the appropriate output format such as a PDF or CSV file to meet the request requirements. Organize DSAR Requests You will need to implement a process to classify all incoming DSARs, including who will oversee receiving and organizing the requests. This might potentially be your chief data officer (CDO), who routinely manages, secures, assesses, and oversees the collection and analysis of data.  There are technology solutions to help organize DSARs as well as other legal requests that can be implemented to manage the workflow from request to delivery. Fulfill the Request A standard process will need to be followed for identifying a valid DSAR request, verifying the requester’s identity, requesting more information, if necessary, determining if the organization possesses the requested data and if so, whether it must be provided, deciding whether charging a reasonable fee is justified (based on the administrative costs associated [...]

Read More

DSARs 101: What to Expect When Doing Business with EU Customers

By |2020-07-07T14:54:19+00:00June 4th, 2020|Categories: Information Governance, Privacy|Tags: , , , , |

For any organization that deals with privacy issues in the European Union and other privacy-centric jurisdictions like the United Kingdom, an effective information governance program is a must. A program that includes a systematic approach to DSARs will significantly minimize exposure to risk. Several of my clients in the EU have been extensively working through the Data Subject Access Request (DSAR) process and how to best address such requests. The following is the first in a series of articles intended to unpack DSAR challenges. What is a DSAR? On its face, a DSAR is a simple written request that can lead to an extremely complex workflow. The request may be made to a company via email, an online form, or another form of communication. Upon receipt of the DSAR, the organization must track the request through to resolution within a specific timeframe, usually 30-45 days (after first verifying the requestor’s identity and existence in their data system). Under the provisions of two complex sets of laws, the EU’s General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA), a DSAR may be sent to any organization that processes the personal data of individuals residing in the EU. The General Data Protection Regulation The GDPR, which became effective on May 25, 2018, is a set of laws intended to standardize privacy regulations across Europe. However, the GDPR does not only affect organizations within the EU. Instead, it pertains to all organizations processing and storing the personal data of individuals in the EU, no matter where the company is located. According to the GDPR, a data subject is identified as “an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online [...]

Read More
© Copyright 2019 -    |   eDiscovery Advisory    |   All Rights Reserved   |   Privacy Policy   
facebooklinkedin