Manatt Digital and Technology Partner Brandon Reilly was quoted in Cybersecurity Law Report on how companies should address data subject requests (DSARs) as they adjust to new state requirements, which he discussed at the International Association of Privacy Professionals’ Privacy. Security. Risk 2022 conference.
The article provided a checklist for how to handle DSARs as companies navigate new laws such as those enacted in Colorado, Connecticut, Virginia and California. Reilly offered suggestions on best practices for evaluating individuals submitting DSARs, as well as the requests themselves. “Instruct staff not to reflexively accept the requesters’ demands before analysis,” he advised. He also touched on potential exclusions that may apply, but noted, “A DSAR’s litigious or vindictive motive may be clear, justifying escalation, but the legal analysis will usually conclude that the company must fulfill the request.”
Cybersecurity Law Report subscribers can read the full article here.