When you receive a Subject Access Request (SAR) you are obliged to return a copy of all of the information you hold on the requestor within 30 days. This time limit adds pressure to the organisation to process the request as soon as possible.
This task can, therefore, be rushed and sensitive information of others or confidential business information could be sent out in error.
In this PrivSec Report article, sensitive information was handed out in a SAR which required immediate action from the charity firm involved. Taking more time and resource from the charity. This could have been avoided if a tool had been in place to automatically redact information.
The security data breach compromised the personal data, including bank information, account numbers, pension contributions and wages details of almost all its 170 employees.
The SAR was requested by a former employee whose data was likely to have been in the same document with other current employees. This mistake highlights that a secure process needs to be put in place to prevent a breach like this. Although measures may already be in place to protect anything that is considered personal identifiable information, how do you ensure the content within these documents isn’t confidential business information? Or that the context of the document doesn’t give away any restricted information? How does the person instructed to complete the SAR on behalf of the company understands what is deemed to be confidential when that information may have not been shared with them?
In developing SmartRedact, we knew that the need was there in order to ensure Subject Access Requests were efficient, compliant and has measures in place to protect businesses from not only a data breach but also a leak of intellectual property.
SmartRedact is available now, so, mitigate your risk exposure today and get in touch.View More Articles
- 22nd November 2019Why Aren’t HR Managers Prioritising Employee Data Security?
- 14th November 2019Thousands Of Drivers’ Social Security Numbers Exposed In Data Breach
- 11th November 2019Multinational Cyber Security And Defence Company Suffers Insider Data Breach
- 14th October 2019Data: Defining or Divisive
- 12th September 20192019 on track to be the “worst year on record” for data breach activity
- 10th September 2019Leaving the EU: Brexit and GDPR
- 9th September 2019Data Breaches: Did you know?
- 5th September 2019What should you do if your data has been breached?
- 3rd September 2019GDPR was just the beginning
- 14th August 2019The dangers of Subject Access Requests