BarbriSFCourseDetails
  1. keyboard_arrow_leftBack

Course Details

Course Information
  • smart_display Format

    Live Online with Live Q&A

  • signal_cellular_alt Difficulty Level

    Beginner

  • work Practice Area

    Cybersecurity and Data Privacy

Date & Time
  • event Date

    Wednesday, July 16, 2025

  • schedule Time

    1:00 p.m. ET./10:00 a.m. PT

  • timer Program Length

    60 minutes

Credit Information

  • This 60-minute webinar is eligible in most states for 1.0 CLE credits.

$147.00
CLE
ALL

This CLE webinar will provide a high-level overview of data subject access requests (DSARs). The panel will explain what a DSAR is and isn't, outline the purpose and key components of a DSAR, give examples of common DSAR requests, and provide tips for navigating compliance under the ever-evolving data privacy legal framework.

Faculty

Patrick J. Austin
Of Counsel
Woods Rogers Plc

Mr. Austin advises clients on breach response, data privacy, information security, and regulatory compliance related to domestic and international privacy laws and regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and the Health Insurance Portability and Accountability Act (HIPAA). He is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) by the International Association of Privacy Professionals (IAPP).

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio
Christian M. Auty
Partner, U.S. Lead – Data Privacy and Security Team
Bryan Cave Leighton Paisner

Mr. Auty has led engagements with hundreds of companies in diverse industries. He works side-by-side with clients to navigate complex, intersecting data privacy and security regimes, including the California Consumer Privacy Act, the GDPR, HIPAA and the Gramm-Leach-Bliley Act.  Mr. Auty also has significant experience responding to data breaches and defending privacy and security practices in investigations initiated by regulatory agencies around the world. He is a frequent writer and speaker on data privacy topics, in particular issues related to digital marketing.

expand_circle_down Expand to View Full Bio expand_circle_up Collapse Bio

Description

A right to access personal information an organization collects about an individual is a primary feature of major data privacy laws. DSARs give individuals the right to discover data an organization has on them, why the organization has the data, and how the organization shares that information with third parties. Data may include everything from email addresses and phone numbers to tracking scripts and cookies. 

Counsel must know how to recognize an access request, what the process is for responding to one, and special issues to keep in mind with certain types of data. Business counsel should also understand the compliance timeframe required by data privacy regulations.

Counsel will help establish the means of improving DSAR compliance by purging unnecessary data, creating written procedures for access requests, and leveraging technology to respond to requests cost effectively. Establishing these processes is necessary to avoid potentially onerous fines for violating data privacy regulations.

Listen as our expert panel reviews common DSARs and addresses best practices for complying with applicable data privacy laws. 

Outline

I. Overview: understanding what a DSAR is and isn't

II. Examples of common DSAR requests

III. Legal and regulatory framework governing DSARs

A. EU's General Data Protection Regulation (GDPR)

B. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

C. Other state privacy laws: common themes regarding DSARs and key differences

IV. Penalties and enforcement

V. Key concepts for advising clients and spotting issues

VI. Assessing, planning, and preparing for common situations

VII. Creating effective policies and protocols

Benefits

The panel will review these and other key considerations:

  • What is the typical process for an individual to make a DSAR with an organization?
  • How long does an organization have to comply with a DSAR?
  • How should an organization respond to a DSAR request and how much information does the organization need to provide?
  • What are special issues and considerations to keep in mind?
  • What steps can organizations take to prepare for DSARs to ensure compliance with applicable data privacy laws?