Optimizing Subject Rights Requests: Minimizing Risks and Costs Through Adaptive eDiscovery Workflows – Part 2 

In part one of this blog series, we discussed that subject rights requests (SRRs), including Data Subject Access Requests (DSARs) vary substantially in their requirements…

OpenText profile picture

OpenText

July 6, 20224 minutes read

In part one of this blog series, we discussed that subject rights requests (SRRs), including Data Subject Access Requests (DSARs) vary substantially in their requirements due to variance in the volume and variety of data involved and the number of systems in which the data is housed. Applying search-centric workflows to high-effort SRRs creates risk of failing to include all of the required data within the prescribed timelines (30 days per GDPR requirements and 45 days for the CCPA).  

In addition to the cost of fines, failing to use an adaptive workflow for high-effort SRRs can also be exceptionally expensive at over $25,000 per request.1 This blog details  how to build an adaptive SRR program by determining which requests to handle through which workflow: search-centric supported by manual processes, or a review-centric workflow supported by eDiscovery technology. 

The following describes the steps required for routine SRRs and high-effort SRRs. 

Routine SRRs: Search-centric workflow supported by manual processes 

Step 1 – Validate the request as legitimate and define the requirements 

Step 2 – Apply search terms within each system in which the requestor’s data resides 

Step 3 – Extract and aggregate the data in a staging area or staging document 

Step 4 – Verify completeness and accuracy and manually verify that no third-party data is entwined with the requestor’s data 

Step 5 – Produce as a single report or as a collection of files 

High-effort SRRs: Review-centric workflow supported by eDiscovery technology 

Step 1 – Validate the request as legitimate and define the requirements 

Step 2 – Collect data expansively across the numerous systems in which the requestor’s data resides 

Step 3 – Use advanced stackable search filters to narrow the volume of data for review and leave the irrelevant data behind 

Step 4 – Use “find similar” tools and / or technology-assisted review to quickly surface the data relevant to the request 

Step 5 – Employ the automated tools to identify people and remediate any third-party data that may be entwined with the requestor’s data  

Step 6 – Employ the automated production QC tool and production wizard to process the report  

Review-centric workflows are more involved, but utilize tools essential for extracting significant volumes of relevant data from within very large volumes of irrelevant data. Further, they can be supplemented by managed review teams expert in review technology and the tools applied to detect and secure PII, including third party PII that might be in the same document as the requestor.  

Which requests for which workflow?  

To determine the appropriate workflow for individual requests, organizations need to track the parameters of the request against the time that it takes to fulfill them. As discussed, the key parameters include who made the request (customer, employee, ex-employee), what the request is about (e.g., general customer inquiry, customer dispute, ex-employee grievance, etc.) and the volume and variety of data and the number of systems on which the data resides. 

Some organizations may find that their IT and data architectures make fulfillment of even routine requests an onerous task without supporting eDiscovery technology. For many organizations, they will find that high-effort requests share easily identified parameters and that the extra effort of aggregating all potentially relevant data within an eDiscovery platform will pay substantial dividends in reducing the time it takes to review and extract the relevant data. To validate this, organizations simply need to process one or a few high-effort requests via the eDiscovery platform they likely already have access to, and compare the time and accuracy of the results against the time it took to process the request manually.  

In addition to reducing overall SRR program costs, adaptive workflows also reduce the risk of fines and the negative impact on brands and customer loyalty. These include the reduced risk of fines for: 

  • Not finding all of the requestor’s data; 
  • Inadvertently infringing the rights of third-parties in pursuit of the requestor’s rights; and, or 
  • Failing to meet timelines. 

Learn more about eDiscovery workflows in “Efficient data privacy compliance using eDiscovery workflows,” and learn how  OpenText Axcelerate and OpenText managed review teams can help you fulfill high-effort SRR requests.  

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText avatar image

OpenText

OpenText, The Information Company, enables organizations to gain insight through market-leading information management solutions, powered by OpenText Cloud Editions.

See all posts

More from the author

Manutan combines digital services with the human touch to delight customers

Manutan combines digital services with the human touch to delight customers

At Manutan, we equip businesses and communities with the products and services they require to succeed. Headquartered in France, our company has three divisions, serving…

January 31, 2024 4 minutes read
Reaching new markets in Europe and beyond

Reaching new markets in Europe and beyond

How information management specialists at One Fox slashed time to market for innovative products with OpenText Cloud Platform Services At One Fox, we’ve driven some…

January 18, 2024 4 minutes read
SoluSoft helps government agencies tackle fraud faster

SoluSoft helps government agencies tackle fraud faster

Fraud, in all its forms, is a pervasive problem, spanning industries and preying on vulnerabilities in federal and state government systems. Each year in the…

November 21, 2023 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.