eDiscoveryLegal & Compliance

Optimizing Subject Rights Requests: Minimizing Risks and Costs Through Adaptive eDiscovery Workflows – Part 2 

In part one of this blog series, we discussed that subject rights requests (SRRs), including Data Subject Access Requests (DSARs) vary substantially in their requirements due to variance in the volume and variety of data involved and the number of systems in which the data is housed. Applying search-centric workflows to high-effort SRRs creates risk of failing to include all of the required data within the prescribed timelines (30 days per GDPR requirements and 45 days for the CCPA).  

In addition to the cost of fines, failing to use an adaptive workflow for high-effort SRRs can also be exceptionally expensive at over $25,000 per request.1 This blog details  how to build an adaptive SRR program by determining which requests to handle through which workflow: search-centric supported by manual processes, or a review-centric workflow supported by eDiscovery technology. 

The following describes the steps required for routine SRRs and high-effort SRRs. 

Routine SRRs: Search-centric workflow supported by manual processes 

Step 1 – Validate the request as legitimate and define the requirements 

Step 2 – Apply search terms within each system in which the requestor’s data resides 

Step 3 – Extract and aggregate the data in a staging area or staging document 

Step 4 – Verify completeness and accuracy and manually verify that no third-party data is entwined with the requestor’s data 

Step 5 – Produce as a single report or as a collection of files 

High-effort SRRs: Review-centric workflow supported by eDiscovery technology 

Step 1 – Validate the request as legitimate and define the requirements 

Step 2 – Collect data expansively across the numerous systems in which the requestor’s data resides 

Step 3 – Use advanced stackable search filters to narrow the volume of data for review and leave the irrelevant data behind 

Step 4 – Use “find similar” tools and / or technology-assisted review to quickly surface the data relevant to the request 

Step 5 – Employ the automated tools to identify people and remediate any third-party data that may be entwined with the requestor’s data  

Step 6 – Employ the automated production QC tool and production wizard to process the report  

Review-centric workflows are more involved, but utilize tools essential for extracting significant volumes of relevant data from within very large volumes of irrelevant data. Further, they can be supplemented by managed review teams expert in review technology and the tools applied to detect and secure PII, including third party PII that might be in the same document as the requestor.  

Which requests for which workflow?  

To determine the appropriate workflow for individual requests, organizations need to track the parameters of the request against the time that it takes to fulfill them. As discussed, the key parameters include who made the request (customer, employee, ex-employee), what the request is about (e.g., general customer inquiry, customer dispute, ex-employee grievance, etc.) and the volume and variety of data and the number of systems on which the data resides. 

Some organizations may find that their IT and data architectures make fulfillment of even routine requests an onerous task without supporting eDiscovery technology. For many organizations, they will find that high-effort requests share easily identified parameters and that the extra effort of aggregating all potentially relevant data within an eDiscovery platform will pay substantial dividends in reducing the time it takes to review and extract the relevant data. To validate this, organizations simply need to process one or a few high-effort requests via the eDiscovery platform they likely already have access to, and compare the time and accuracy of the results against the time it took to process the request manually.  

In addition to reducing overall SRR program costs, adaptive workflows also reduce the risk of fines and the negative impact on brands and customer loyalty. These include the reduced risk of fines for: 

  • Not finding all of the requestor’s data; 
  • Inadvertently infringing the rights of third-parties in pursuit of the requestor’s rights; and, or 
  • Failing to meet timelines. 

Learn more about eDiscovery workflows in “Efficient data privacy compliance using eDiscovery workflows,” and learn how  OpenText Axcelerate and OpenText managed review teams can help you fulfill high-effort SRR requests.  

Duncan Bradley

With over 25 years experience in Market Intelligence and Product Marketing, Duncan brings a rich set of perspectives as a subject matter expert in a broad array of tech topics including content process automation and analytics, data privacy and regulatory compliance. As Product Marketing Manager, OpenText Legal Tech, Duncan contributes to product positioning and messaging across OpenText’s suite of Legal Tech products. Duncan holds a MBA from the University of British Columbia, a BA Hons in Political Science from the University of Guelph and an Executive Certificate in Negotiation and Conflict Management from the University of Notre Dame.

Related Posts

Back to top button