Description
A right to access personal information an organization collects about an individual is a primary feature of major data privacy laws. DSARs give individuals the right to discover data an organization has on them, why the organization has the data, and how the organization shares that information with third parties. Data may include everything from email addresses and phone numbers to tracking scripts and cookies.
Counsel must know how to recognize an access request, what the process is for responding to one, and special issues to keep in mind with certain types of data. Business counsel should also understand the compliance timeframe required by data privacy regulations.
Counsel will help establish the means of improving DSAR compliance by purging unnecessary data, creating written procedures for access requests, and leveraging technology to respond to requests cost effectively. Establishing these processes is necessary to avoid potentially onerous fines for violating data privacy regulations.
Listen as our expert panel reviews common DSARs and addresses best practices for complying with applicable data privacy laws.
Presented By
Mr. Austin advises clients on breach response, data privacy, information security, and regulatory compliance related to domestic and international privacy laws and regulations, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and the Health Insurance Portability and Accountability Act (HIPAA). He is a Certified Information Privacy Professional with expertise in both U.S. and European law (CIPP/US & CIPP/E) by the International Association of Privacy Professionals (IAPP).
Mr. Auty has led engagements with hundreds of companies in diverse industries. He works side-by-side with clients to navigate complex, intersecting data privacy and security regimes, including the California Consumer Privacy Act, the GDPR, HIPAA and the Gramm-Leach-Bliley Act. Mr. Auty also has significant experience responding to data breaches and defending privacy and security practices in investigations initiated by regulatory agencies around the world. He is a frequent writer and speaker on data privacy topics, in particular issues related to digital marketing.
-
This 60-minute webinar is eligible in most states for 1.0 CLE credits.
-
Date + Time
- event
Wednesday, July 16, 2025
- schedule
1:00 p.m. ET./10:00 a.m. PT
I. Overview: understanding what a DSAR is and isn't
II. Examples of common DSAR requests
III. Legal and regulatory framework governing DSARs
A. EU's General Data Protection Regulation (GDPR)
B. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
C. Other state privacy laws: common themes regarding DSARs and key differences
IV. Penalties and enforcement
V. Key concepts for advising clients and spotting issues
VI. Assessing, planning, and preparing for common situations
VII. Creating effective policies and protocols
The panel will review these and other key considerations:
- What is the typical process for an individual to make a DSAR with an organization?
- How long does an organization have to comply with a DSAR?
- How should an organization respond to a DSAR request and how much information does the organization need to provide?
- What are special issues and considerations to keep in mind?
- What steps can organizations take to prepare for DSARs to ensure compliance with applicable data privacy laws?
