Requests

The Requests page is where Data Request Managers manage all outstanding subject rights requests and view information about completed requests.

This page contains a list of all requests submitted to your company along with the following details:

• Request ID - A generated unique id for the request.
• Requestor Email - The email address of the person making the request.
• Due - The due date and time for the request.
• Form Name - The name of the form the requestor used to submit the request.
• Organizations - The organizations associated with the form used to submit the request.
• Created - The date the request populated within the Osano Web App.
• Last Updated - The last date the request was updated.
• Status - The current status of the request. Text will appear in red when the request is past due and has not been rejected or completed. List of possible statuses:
  • Pending Identity Verification - Awaiting on a Data Requests Manager to verify or reject the requestor’s identity.
  • 0/0 Action Items Complete - Awaiting on a Data Requests Manager to manually determine a course of action as no created data stores contain fields classified as containing personal data. This status generally indicates a form was exposed to subject rights requestors prior to completing the necessary data store set up.  
  • 0/n Action Items Complete - Awaiting on Datastore Owners to complete action items.
  • n/n Action Items Complete - Awaiting on a Data Requests Manager to review the request and mark it rejected or complete.
  • Rejected - Request was rejected and an email was sent to the original requestor informing them of the rejection and rationale.
  • Completed - Request was completed and an email was sent to the original requestor with details relevant to their request.

Clicking anywhere on a request row will open the Request Details page for the request:

In the Request Information section you can see all the information the subject rights requestor submitted through the hosted web form along with the Request ID, Due Date, and Updated date.

In the Notes section, you can enter any notes relevant to the request and click the floppy disk icon to save these notes. These notes are for internal use only and are never shared with the requestor.

To the right of the Notes section will appear either the Awaiting Email Verification, ID Verification section, the Action Items section, or the Review section depending on how far the request is in the Subject rights (DSAR) workflow.

When the requestor has submitted their request but not yet responded to the email to verify they are a human the Awaiting Email Verification section will appear.

When the requestor has responded to this email but the Data Requests Manager has not yet validated the requestor’s identity, the ID Verification section will appear containing any attachment the requestor has sent along with the initial request as proof of their identity. 

Once the requestor’s identity has been validated, the Action Items section will appear containing a list of assigned action items for the request. Each action item contains the name of the data store the action item is for, a list of assignees to that action item, a Status for the action item, as well as any files that have been uploaded to that action item by automation or a data store assignee.

Once all action items have been completed, the Data Request Manager can proceed to the Review step of the Request by clicking the Review button in the bottom right corner of the request. In this stage of the request the Data Request Manager can review any files attached to action items on the request and can choose to exclude those files from submission to the requester and or add additional files as well: 

Clicking the 'Package and Send Files' button packages all of the attachments listed into a ZIP and sends them to the requester through the secure messaging portal along with a message informing them the request is complete:

In the Message Portal section you can communicate directly with the requestor via a Secure Messaging Portal to establish their identity, clarify their request, or give them a status update. Security at the portal is established by encrypting the data in transit and at rest.

Requestors will be invited to use the portal when they receive the email to verify their email after submitting a subject rights request. They will also be given a link to the portal in every request completion and request rejection email. They will be asked to verify their email and set a password to use the portal. Once logged in, they will see any requests they have made with that email. Upon clicking a request, they can see and send messages for that request.

When sending notifications to your end-users, they will receive an email notification alerting them to the fact that they have received a new message but at this time there are no in-app notifications indicating that a requester has sent a message through the portal.

Once a request is rejected or completed, any attachments made on portal messages will be deleted after 120 days. At that point, they will no longer be accessible by you or the end-user. Message content does not get deleted, but remains in an encrypted state. Supported files for attachments include: .ppt, .pptx, .odp, .key, .doc, .docx, .pdf, .odt, .rtf, .txt, .xls, .xlsx, .ods, .xlsm, .csv, .jpg, .jpeg, .png, .svg. Text must be included in the message to send the attachment. 

At the bottom of the Request Details page appears the Status section. Just above it are the Rejection and Mark Completed buttons. The status section contains each status the request has passed through along with the user responsible for the update (except when the system makes the update) and the date the status change occurred.

The Rejection and Completion buttons are used by the Data Requests Manager to move the status of the request forward when validating a requestor’s identity and when completing or rejecting the overall request.