Data Privacy Hub

“People make mistakes. The bad news is, data privacy mistakes cost – a lot.

The good news is, privacy mistakes can be avoided. Human error is often reported as the #1 cause of these mistakes. By training your team and automating your processes, you can prevent these errors before they even happen. This starts with education and training. By knowing the most common mistakes companies make when handing a DSR, you can be prepared and know how to avoid them. 

So, let's begin. Here are five errors we see far too often and what you can do to overcome them:

[Fraudulent Request]

The first is fulfilling a fraudulent request. There are two main ways a request can be illegitimate: It’s submitted by a scammer, or it violates another person’s privacy rights. 

Unfortunately, many hackers and scammers see DSRs as an opportunity to gain access to sensitive data, like identity or financial information. So, your first step should always be to find personal data on the subject to verify their identity.

However, there’s a right and wrong way to do this. If you demand your users’ social security number, they’ll feel violated and question the validity of your identity and intentions. Instead, you should implement multi-factor authentication, have them verify their contact or identity information, and answer a security question.

Now, what if the user confirms their identity but they file a request that infringes on someone else’s privacy rights? In short, every request should solely involve the user and their own data. If you have to access any other person’s data to resolve their request, it’s invalid. Only speak to the data subject, not someone else reaching out on behalf of them, as well.

[Not Knowing Who The User Is]

Another common error we see is agents not knowing who the user is. To solve a problem, you need context. Users aren’t just a support ticket number or task to be checked off — they’re a person. Their history of interactions and concerns with your company is relevant to their needs and how you should support them. 

At Mine, we overcome this by automatically including recent emails between the user and your organization in the Review stage. This allows you to get context. You need evidence to support a person’s concern and know-how — and if — you should accept and process their request. 

[Not Collaborating With Other Departments]

A lack of collaboration is a mistake we see far too often within privacy programs. DSRs aren’t just for Legal or IT teams — they affect all departments. If your web designers don’t understand the process, they can miss crucial actions needed to ensure a positive privacy user experience. And if customer support representatives aren’t aware of their role in the process, they may overlook or inaccurately reply to requests. 

When done well, DSR is a workflow — a sequence and collaboration across teams, as we learned in our last Module. By training and involving other departments, you can avoid human errors often inevitable by the unaware employee. 

[Manually Doing Everything]

The DIY route is almost always a mistake, especially regarding complex processes like data security. As we’ve learned again and again, manual DSR fulfillment processes require an unreasonable amount of manpower, resources, and time. Most companies opt for this route in an attempt to trim down their budgets. But in reality, the more time spent and the more mistakes made in the privacy process, the more it costs. To avoid this, we recommend finding software to automate DSR submissions, workflows, and data mapping to avoid.

[Waiting Until The Last Minute To Complete The Request]

Last but not least, one of the most common human errors we see is procrastination. If you have 30 days to complete a DSR, that doesn’t mean you should wait 29 days to start. This is a hard deadline. Think of it more as a consequence rather than a due date. There should be no “waiting” to complete a request. By prioritizing requests as soon as you get them, you can take away the stress — and costly consequences — of waiting until the last minute. With an organized, automated system, you can keep track of deadlines and streamline the process into a few simple steps. 

Now that we know what not to do, let’s move on to our final video to break down everything you can do to handle DSRs successfully.”