How To Talk To Users About Their Privacy Requests
One of the first questions a business asks when they receive a privacy-related request from a user is: “how do we respond”? This guide contains templates for different types of privacy communication between privacy teams and their customers.
Communicating with your users regarding their privacy requests is an important part of running a best-practice privacy operation. But if you’re just getting started managing these requests, simply choosing the correct language can be its own unique challenge. We’ve prepared some examples that can serve any business hoping to smoothly manage subject requests. Each can be used to communicate with a subject that has filed any type of DSR…
One of the first questions a business asks when they receive a privacy-related request from a user is: “how do we respond”? This guide contains templates for different types of privacy communication between teams and their customers.
Confirmation of Request
Used to officially confirm to the user that their request has been received.
Identity Verification – Device/Inbox
It may be sufficient to demonstrate or ensure that the Subject has access to the inbox or device for which they are claiming access. For instance, if a Subject requests to access or erase their data for john.smith@gmail.com, this may be verified by sending them an email and asking them to reply from this address to confirm approval of the request. The following message should be used to verify the user has ownership/access to the inbox or device associated with the identity for which they have made the subject request.
Identity Verification – Known Points of Information
If the business feels greater caution than Inbox Verification is necessary, a set of fixed questions may be asked to verify information the business already knows about the user. For example, as an e-commerce business, you might ask the user to confirm the date of their last order, the order number, and the dollar value.
Confirmation of Identity
Use this template to confirm successful identity verification and that processing will continue.
Conclusion
The topics these templates cover will often be the first interaction with users regarding their privacy relationship with your business. Adapting each of these templates to your company’s needs will ensure that a positive foundation is in place for ongoing respectful privacy management.
Ethyca Team
Consent Management in Fides 2.0
Read MoreIntroducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Key Points From Ethyca’s First P.x Session
Read MoreEthyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
Seen And Heard At SOUPS 2022
Read MoreWe enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
How Do Software Engineers Feel About Data Privacy?
Read MoreAt Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
Convenience Is Not The End-Goal Of Privacy Legislation—In The UK Or Anywhere
Read MoreThe UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Seen And Heard At PEPR 2022
Read MoreOur team at Ethyca attended the PEPR 2022 Conference in Santa Monica live and virtually between June 23rd and 24th. We compiled three main takeaways after listening to so many great presentations about the current state of privacy engineering, and how the field will change in the future.
Ready to get started?
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo