Form Updates March 2025
We’ve rolled out some updates to the request forms in the platform to give you more control over how you collect and verify information from individuals exercising their privacy rights.
These changes are especially important in light of recent regulatory enforcement actions making clear that regulators are paying close attention to how easy (or hard) it is for someone to submit a request, and whether companies are collecting more information than they actually need to verify the requester’s identity and carry out the request.
Why we made these changes
Privacy laws in some regions (like California) make it clear that you should only ask for the information you need—nothing extra—when someone makes a privacy request. Some laws also require that you not make the submission process overly complex, and not over collect information relating to the submission of certain requests. Specifically, certain jurisdictions may limit the type and scope of information you may request from an individual to:
(i) verify their identity; and/or
(ii) carry out the request.
Please check with your legal counsel to ensure the information you’re requesting through the forms aligns with your legal requirements. For reference, email is required to carry out any data subject request using the Osano platform. We recommend taking a few minutes to review your current setup to make sure you're only collecting what’s necessary.
What’s new
- The location toggle is now on by default. You can set verification by request type.
- Some request types don’t require any verification by default. We’ve updated four request types so they now default to “no verification”:
(i) Limit Use of Sensitive Data
(ii) Do Not Sell or Share
(iii) Opt Out of Using Sensitive Data
(iv) Opt Out of Targeted Advertising
- This means they won’t even require email verification unless you choose to add it.
- Email is the only required field by default for all forms.
- New confirmation templates aligned with above verification choices.
Related to