Creating an End-User Subject Access Request in Request Manager

When an end user makes a request to receive data or to delete data from your environment that contains personally identifiable information (PII), you can create a request in Request Manager to manage and fulfill the request. If the end user requested to receive data, you can redact the PII from the data before it is sent to the end user.

You must associate the request with a project and assign reviewers and approvers to the request. The project contains the data that is used for the request discovery. Reviewers must view and approve each document for the end-user request (export or delete data). Approvers must approve the request after it is completed before the data is exported or deleted.

You can also create requests when you resolve risks. For information on resolving risks, see Resolving Risks Discovered in Data Sources.

Before You Begin

Gather the following information before you create the request:

  • The email address of the end user making the request.

  • The types and values of the PII that the end user wants to identify in the data sources.

Start the Configuration Wizard

  1. From the navigation pane, go to Data Insights.

    The Data Insights page appears.

  2. Under Risk Analysis, click Request manager.

    The Request manager page appears.

  3. In the upper-right corner of the page, click Add request.

    The Create Request page of the Add request configuration wizard appears.

Create Request

  1. In the Name box, enter a name for the request.

  2. Export or delete the data that contains the end user PII:

    • To export the data, select Export.

      Data that contains PII is exported and delivered to the user who made the request. The option to redact PII is available for exported data.

    • To delete the data from the data source, select Delete.

    • To delete the data from the data source and from the backup, select Delete, and then select the Delete from backup check box.

      Important

      The data is exported or deleted after the request is reviewed and approved.

  3. To redact PII in the data before the data is exported, move the Redaction toggle key to the right.

    The PII that matches the PII defined in the request is redacted in the documents that are returned by the request. During review, reviewers can redact additional PII or restore redacted information at the document level.

  4. To enable document chaining, move the Document chaining toggle key to the right.

    If any additional entities are found in a document, any other documents that contain the additional entities are also included in the result set of documents for the request.

  5. In the Requestor box, enter the email address of the user who initiated the request.

  6. From the Personal entities list, select the type of entities that the end user wants to identify in your data sources.

    For example, to find a phone number, select the Phone number entity type.

  7. Click OK.

    A box appears for each entity type that you selected.

  8. In each entity type box, enter the values provided by the end user.

    For example, in the Phone number box, enter 5555555555.

  9. Click Create.

    The Configure Request page of the configuration wizard appears.

Configure Request

  1. From the Select project list, select a project to use for the request.

    Note

    The project defines the data sources that are used for the request.

  2. In the Reviewers list, enter the name of a user or user group and then select the user(s).

  3. In the Approvers list, enter the name of a user or user group and then select the user(s).

  4. Click Configure.

Result

The users who you added as reviewers and approvers to the request receive an email with instructions about how to review and to approve items in the request.

For more information about entity types, see Personally Identifiable Information (PII) Entity Types.

Loading...