The Challenge
A software company processed just one to two data subject access requests (DSARs) a month prior to the General Data Protection Regulation (GDPR) going into effect. After it did, the company started receiving about seven to eight a month – a 700% increase in time and effort. Operational impact like this adds up, especially if other important processes are put on hold to address DSARs. Additionally, in this case, the DSAR petitioners were typically aggrieved ex-employees looking into conditions of their termination – heightening a need for a secure and accurate process.
This company practiced orderly data governance, so it could easily assemble the materials touching the DSARs it received. However, it did not have a tool in mind for reviewing those documents initially. The team also needed to make sure that whatever process was in place for handling these requests, it would produce a hand-off file that was in an easily accessible file type for the petitioner.
The Solution
Milyli’s Blackout can scan Native Excel files looking for individual identifiers then remove (or markup) all the non-qualifying data that matches the same data pattern(s). This is called an inverse redaction.
For example, it can search for a specific SSN, but then redact all other number strings that match the pattern of a SSN.
After brainstorming, the customer's eDiscovery manager realized this functionality allowed them to easily take documents for a DSAR, load them into Relativity, and then remove all data not belonging to the petitioner.
The Outcomes
Automatically removed challenging data sets like text in email headers and footers
Work hours reclaimed for the customer
Exported DSAR data in a GDPR-compliant format (Excel file) for hand-off to the petitioner
Documents containing personal data were secure in Relativity, which was built to manage sensitive eDiscovery documents like those involved in a DSAR
Download as a Free PDF:
Comments