應對棘手的 DSR —— 實戰案例與策略.pdf

《應對棘手的 DSR —— 實戰案例與策略.pdf》由會員分享，可在線閱讀，更多相關《應對棘手的 DSR —— 實戰案例與策略.pdf（13頁珍藏版）》請在三個皮匠報告上搜索。

1、War stories and strategiesDealing with Difficult DSRs Marta Dunphy-Moriel,Founder,DM LegalBryony Long,Partner,Lewis SilkinJames Leaton Gray,Director,The Privacy PracticeWELCOME AND INTRODUCTIONSAbout the requestFemale employees belief=unfairly sidelined and overlooked for promotion.Accusations of a“

2、jobs for the boys”culture.A series of emails between senior male managers that contain discriminatory remarks about her gender and age.ConsiderationsRevealing the smoking gun.Fallout/damage to reputation likely.The smoking gunAbout the requestDating platform DSAR request.Requestor is a journalist.Li

3、kelihood that the data will be used to write an article(it was).ConsiderationsLikely to involve review and redaction of a large volume of potentially sensitive data(chats).Potentially pictures involved.Mindful that every communication is likely to be published(they were,in part).Love is in the airAb

4、out the requestUnfair dismissal claim.Response largely redacted-difficult to understand both context and content.Redactions and exemptions challenged.Complaint to the ICO.ConsiderationsICO involvement likely to result in wider investigation.Data subject looking for a smoking gun.Am I over-redacting

5、to this?About the requestInternal request.Requestor has a continuing grievance with another staff member.Slack had over 1m potential entries in the period and group of employees.Little search capability.ConsiderationsBoth requestor and primary focus of SAR have rights.Given the above how should we b

6、alance their rights?Likely to involve review and redaction of a large volume of potentially sensitive data(chats).Its how big?About the requestCompany restructuring.Huge surge of DSARs.HR and legal teams struggle with:ovolume of requests,omeeting time-frames,andolocating,reviewing and redacting sens

7、itive information.High pressure leads to mistakes.ConsiderationsLikely to involve large volumes of data across multiple system.Scope of requests may vary.Likely to involve angry individuals.Mass claims(That is big)About the requestRequest made to a public authority,after an incident with an individu

8、al.A mix of FOI and SAR.The PA is in dispute with the requestor.Litigation is a possibility but not imminent.ConsiderationsThe FOI response normally has to be“purpose blind”.There is clearly some personal data both before and after the incident.How significant could the issue of litigation be?The pr

9、ess is already slightly interested in the incident.Is that his or ours?About the mailbox set up just prior to the GDPR in 2018.Mailbox forgotten and was not monitored.DSAR sent to mailbox,no response within one month,complaint made to ICO.ICO contacted company and asked it to rectify the matter.Cons

10、iderationsICO involvement could result in wider investigation into their DSAR handling practices.Are there any other DSAR requests not responded to?Failure to recognise a requestEnsure you have processes in place to identify requests.Know your data what have you got and where is it?Control the narra

11、tive.Identify any smoking guns.Decide the strategy exemptions,reaction,third party rights.Put in place a process and resources to support strategy.Audit and test data protection protocols.Employee(refresher)training?Address any fall out employees,media,litigation.Top Tips Or how to survive the attac

12、kMarta Dunphy-Moriel,Founder,DM LegalBryony Long,Partner,Lewis SilkinJames Leaton Gray,Director,The Privacy PracticeContact usDid you enjoy this session?Is there any way we could make it better?Let us know by filling out a speaker evaluation.1.Open the Cvent Events app.2.Enter IAPP DPI25(case and space sensitive)in search bar.3.Tap Schedule on the bottom navigation bar.4.Find this session.Click Rate this Session within the description.5.Once youve answered all three questions,tap Done.Thank you!How Did Things Go?(We Really Want To Know)