The secure messaging portal is a secure place to send and track messages about DSARs. Every communication is logged, so you can generate and view audit histories.
What makes the portal secure?
Data in the secure messaging portal is encrypted in transit and at rest.
Using secure messaging
- Log in to my.osano.com as an Administrator or a Data Subject Manager.
- Expand the Data Subject Requests menu.
- Go to Request Submissions.
- Click into any submission.
- Here, on the right-hand side of the request, you will see Message Portal. From this portal, you can send secure messages to your Data Subjects regarding their requests. This portal can be used to offer clarification, ask questions, follow up on status, etc. Your Data Subject can respond to you in kind from the end-user portal.
- When sending notifications to your end-users, they will receive an email notification alerting them to the fact that they have received a new message.
The messenger notifications are currently in-app only. You will not receive email alerts when users respond to your messages, so check in with them regularly.
- Once you have all the information required, you can complete the request from the ”Request Submission” details. Click “Mark Completed” or “Reject Request” as appropriate.
- This will email the Data Subject with a generic notice. If the request was rejected, it will include some generic reasons why a request could have been rejected.
- If you would like to send the data subject more information about their request completion or why their request was rejected, you can send a message in the portal.
- After a request is completed, you can view the message history by opening the completed request.
Once a request is rejected or completed, any attachments made on portal messages will be deleted after 120 days. At that point, they will no longer be accessible by you or the end-user. Message content does not get deleted, but remains in an encrypted state.
Sending and Receiving Files
You can use the secure messaging portal to request additional information on behalf of your users or send files or additional information to your users.
This allows you to request additional forms of identification if desired or required, additional account information, or other files necessary to complete the user’s request. It will also allow you to send files to your users if necessary/required to satisfy this request.
Supported files include: .ppt, .pptx, .odp, .key, .doc, .docx, .pdf, .odt, .rtf, .txt, .xls, .xlsx, .ods, .xlsm, .csv, .jpg, .jpeg, .png, .svg.
Text must be included in the message to send the attachment.
Once a request is rejected or completed, attachments made on portal messages get deleted after 730 days. At that point, they will no longer be accessible by you or the end-user.
End-User Portal
Data subjects may use the portal to ask questions and understand their request.
Data subjects will be invited to use the portal when they receive the email to verify their email after submitting a DSAR request. They will also be given a link to the portal in every request completion and request rejection email.
Data subjects will be asked to verify their email and set a password to use the portal to secure their privacy.
Once logged in, they will see any requests they have made with that email. Upon clicking a request, they can see and send messages for that request.
Here users can communicate with you about their Data Subject Rights requests as well as send additional information if required.
Once a request is rejected or completed, any attachments made on portal messages will be deleted after 730 days. At that point, they will no longer be accessible by you or the end-user. Message content does not get deleted, but remains in an encrypted state.