Data Privacy Requests

The Data Privacy Requests window displays data privacy requests submitted by users and other constituents whose data is stored in your system. The requests are shown in the order they were received, and the table is filtered to pending requests by default. You can also filter the list to view completed, denied, or all requests using the radio buttons at the top of the window.

Included in the data privacy requests grid are the requester's ID number and name, the receipt date, request category, verification status, who verified the request and when, the request status, when the status was last updated, and who updated the status. Only the Verified? column is editable for existing request rows. You can add new requests to the grid by right-clicking and choosing either Add Row or Insert Row. Requests may also be received via an online form available on your campus portal.

The Request Details section of the window shows comments added by the requester, the source of the request, and comments from the processor working on the request. Other information and options displayed vary depending on what type of request (Access Data, Update Consent, or Forget Data) the user is viewing.

Access Data Requests

Individuals can submit a request to access the data your institution has on record for them. Upon selecting an Access Data request row, you have the option to run a report that indicates which database tables contain information about the person. You can then send the person a copy of this report. After running the report, the status for the selected Access Data request row is marked Completed, and the Status Last Updated On and Status Last Updated By fields are updated. If you are viewing only the pending requests, the currently selected request is removed from the list because its status is no longer pending. Example

Forget Data Requests

Individuals can submit a request that your institution “forget” their data so that it can no longer be used. Running the Forget Data option for a person removes data with personally identifying information (PII) that is not necessary to the running of the system and anonymizes (i.e., update or clear out) any PII data elements for records that should not be removed from the system. The records that are not removed include, for example, course history information required for governmental reporting purposes. Example

Run Data Report: Produces an InfoMaker report that shows where the person’s data is stored.

Forget Data: This option runs a stored procedure that scrubs all personally identifying information from the person's record. The Verified? checkbox must be selected before the procedure to forget the person's data can begin. This is to ensure that a processor has reviewed the person's data and confirmed that it can be anonymized.

Upon completion of the process to forget a person's data, the status for the selected Forget Data request row will be marked Completed, and the Status Last Updated On and Status Last Updated By fields will be updated. If the Deny Request button is clicked, the selected Forget Data request will be marked Denied, and the Status Last Updated On and Status Last Updated By fields will be updated. In both of these scenarios, if you are viewing only the pending requests, the currently selected request will be removed from the list because its status will no longer be pending.

Update Consent Requests

Individuals can submit changes to indicate whether or not they consent to your institution's use of their data. Your school can determine what consent types you wish to gather for the people whose data is in your system and which consent types apply to which groups of people. Example

Each consent type on a request record has a Requester Decision indicating what the requester's decision is for the consent type. The Decision options are: No Decision Yet, Granted, and Withdrawn. 'No Decision Yet' is only applicable to consent type rows added to a request that was manually entered on this window where the requester's decision has not yet been recorded. 'Granted' indicates that the person has given your school permission to use their data in the manner defined by the consent type. 'Withdrawn' means that the person does not grant your institution permission to use their data for the specified consent type. Once a decision of Granted or Withdrawn has been selected and saved, you canot change the decision in order to preserve the history of the person's selection.

The Processor Resolution indicates whether or not the user processing the data privacy requests approves or denies the person's consent decision. The Resolution options are: Pending, Approved, and Denied. 'Pending' indicates that a Resolution has not yet been identified for a particular consent type. 'Approved' means that the processer has approved the requester's decision for the consent type, while 'Denied' shows that the processer does not approve the requester's decision. Once a decision for a consent type has been approved/denied and saved, you cannot change the resolution. Therefore, be sure you have verified the person's data as necessary and selected the appropriate resolution before saving your changes.

Consent types associated with a specific request record for a person also have a start and end date, which allows you to collect the consent information from specific individuals on a periodic basis. An end date on a consent type indicates that the requester's decision for a particular consent type is no longer applicable because a newer request and decision for the consent type has been recorded in the system.

When a consent type is marked Granted in the Decision column, the Resolution will be automatically set to 'Approved'. If there is a Hold associated with the consent type in the Consent Type Setup window and if the requester has that hold applied (i.e., if they had previously withdrawn their consent for the consent type), the processor will be prompted if they wish to remove the hold and/or apply any defined action or action list to the person's Notepad.

If a consent type is marked Withdrawn in the Decision column, the processor will have to do any appropriate research and then approve or deny the requester's decision. Typically, withdrawn consents should be approved. However, depending on what consent types you decide to collect and specific conditions in the person's data, there is the possibility that you may need to deny a withdrawn consent type. For example, if you have a consent type for 'Processing employment data' and a former employee withdraws their consent for processing their employment data, you may have grounds to deny the request if you have not yet processed their W-2 form for a year they were employed. In this case, notes should be added to the Verifier/Processor Comments field to indicate why the person's decision for the consent type was denied.

When a Withdrawn consent type is approved, the processor will be prompted if they wish to add a hold to the person's record. The hold associated with the consent type (in the Data Privacy Consent Types Setup window) will be defaulted in for selection. The user can then choose to apply the hold and/or the action/action list associated with the hold. Adding the hold can automatically block some processing of the person's data as required by the consent type. For example, if a student withdraws their consent for the school to use their student data, then you would want to apply the hold associated with the consent type to the student in order to block the student from registering for courses and/or block the registrar's office from generating a transcript for the student.

Upon marking the last Consent Type as approved or denied and saving the changes, the status for the selected Update Consent request row will be marked Completed, and the Status Last Updated On and Status Last Updated By fields will be updated. If you are viewing only the pending requests, the currently selected request will be removed from the list because its status will no longer be pending.

How To

Navigate to the Data Privacy activity center.
Open the Data Privacy Requests window. The list of requests in the system displays, defaulting to the Pending requests.

Use the radio buttons at the top of the window to see Pending, Completed, Denied, or All requests. Example

Pending requests are shown by default.

Highlight the data request you want to work with.
The details of the request display at the bottom of the window. Click Run Data Report. Example
The report, which shows all the places where the requester's data is stored, opens in a new window.
Using the buttons in the toolbar, save or print the report as needed so you can provide it to the requester.
In the Data Privacy Requests window, the following columns update for the request:

· Request Status to Completed

· Status Last Updated On to the current date

· Status Last Update By to the current user

Additionally, if you are viewing only the Pending requests, the currently selected request record will be removed from the list since its status will have been updated to Completed.

If you access this request again (i.e., via the Completed radio button), the Run Data Report button will be disabled because the request has been completed.

From the Data Privacy Requests grid, select the pending update consent request you want to work with.
The details of the request show on the bottom of the window, including a table that lists all the Consent Types the individual has submitted. All Granted consent types will already be set to a Resolution of Approved and therefore do not need to be reviewed and processed. Example

The Requester Decision column drop-down contains the options Granted, Withdrawn, No Decision Yet.
The Processor Resolution column drop-down contains the options Approved, Denied, Pending.

Review each withdrawn consent type, and choose Approved or Denied from the drop-down. If you approve a withdrawn consent, you may be prompted to add a hold code to the person, defaulted in with the hold associated with the current consent type being processed. You can choose to apply the hold (along with any related action or action list) or you can simply close the hold window to not apply the hold.

Once a consent is approved or denied and the resolution has been saved, you can’t change that decision. This preserves the history of a person's data privacy requests.

If you will be denying one or more consent types, you may wish to enter notes into the Processor/Verifier Comments field explaining why. Save your changes.
Once you approve or deny all the data privacy consent type updates (i.e., no rows in the table have a Pending status) and save your changes, the parent request’s status updates to Completed. If you are viewing only the Pending rows, the row you were working on will be removed from the list of Pending requests.

From the Data Privacy Requests grid, select the pending update consent request you want to work with.
The details of the request show on the bottom of the window, including a table that lists all the Consent Types applicable to the person. Example
Review each consent type and indicate the Requester Decision for each if not already selected. Upon selecting the Granted option, the Processor Resolution field for the consent type will be automatically set to Approved.
For each Granted and Approved consent type, the processor may be prompted if they wish to remove a hold and/or apply the action or action list upon removing the hold.
If you are denying one or more consent types, you may wish to enter notes into the Processor/Verifier Comments field explaining why. Save your changes.

It is recommended that you enter any comments prior to saving the Processor Resolutions because once the last consent type has had an Approved or Denied resolution set and saved, the record will be removed from the Pending view of the list and you would have to select the Completed or All filtering option and locate the record you just updated in order to add the comments, and then return to the Pending view to continue processing the records.

Choose Approved or Denied from the drop-down for each withdrawn consent. If you approve a withdrawn consent, you may be prompted to add a hold code to the person, defaulted in with the hold associated with the current consent type being processed. You can choose to apply the hold (along with any related action or action list) or you can simply close the hold window to not apply the hold.

Once a consent is approved or denied and the resolution has been saved, you can’t change that decision. This preserves the history of a person's data privacy requests.

Once you approve or deny all the data privacy consent type updates (i.e., no rows in the table have a Pending status) and save your changes, the parent request’s status updates to Completed. If you are viewing only the Pending rows, the row you were working on will be removed from the list of Pending requests.

From the Data Privacy Requests grid, select the pending Forget Data request you want to work with.
The details of the request display on the bottom of the window, along with options to run a report that lists all the places the person's data is stored, forget the person's data, or deny the request. Example

We recommend that you run a data report as the first step to verify if the person's data can be anonymized.
Click Forget Data to run a stored procedure that scrubs all personally identifying information from the person's record. The Verified? checkbox must be selected before the procedure to forget a person's data can begin. This is to ensure that a processor has reviewed the person's data and confirmed that it can be anonymized.

Once you run the stored procedure to anonymize a person's data, it cannot be undone.

From the Data Privacy Requests table, select the pending Forget Data request you want to work with.
The details of the request display on the bottom of the window, along with options to run a report that lists all the places the person's data is stored, forget the person's data, or deny the request. Example

We recommend that you run a data report as the first step to determine if the person's data can be anonymized.
If appropriate, enter a reason for denying the request in the Processor/Verifier Comments field and save the changes.
Click Deny Request to deny the person's Forget Data request.

Right-click in the existing table and choose either Add Row or Insert Row.
Enter the requester’s ID/Name.

The ID_NUM must be greater than 1 and not equal to 999999999.

Select a Request Category from the drop-down (Update Consent, Access Data, or Forget Data).

By default, Receipt Date is the current date, Verified? is unchecked, Verified By and On are blank, Request Status is Pending, Status Last Updated On is the current date, and Status Last Updated By is the current user.

If this is a new Update Consent request, no Consent Types are added by default. You’ll need to add one or more Consent Types or Consent Type Groups to this request.

In the Request Details section, choose a Request Source from the drop-down.
If desired, enter any comments into the Requester Comments field.
Save.

You can't delete a saved row.

Select the checkbox in the Verified? column to indicate that a request has been verified. Deselect the checkbox to indicate that the request hasn’t been verified. Save your changes.

If the Request Status is Completed or Denied, you can’t edit the Verified? column.
Forget Data requests must be verified before you can run the stored procedure to anonymize the person's personal information.

Click on the row containing the Update Consent request you want to work with. Details about the request display in the bottom right of the window.
Click Add Consent Types/Groups. The Consent Type and Group Lookup pop-up opens. Example

Use the radio buttons at the top of the Lookup window to choose between consent types and consent type groups.

Only those consent types that are not already associated with the request will be available for selection on the Lookup window, and only those consent type groups with one or more consent types not already associated with the request will be available for selection. Place your cursor on the info icon at the end of a consent type group’s row to see which consent types in it aren’t currently associated with the person.

Select the checkbox in the Select? column to choose which consent types or consent type groups to add.

Click Add to add the consent types or consent type groups and keep the lookup pop-up open. Click Add and Close to add the consent types/groups and close the lookup window. Click Close to close the pop-up without making any changes.

Choosing to add a Consent Type Group adds each of the Consent Types in the group to the Update Consent record being worked on. Each consent type will only be added one time.

If you have the requester's decisions available (e.g., in the case where you are adding a record from a paper form), set the Requester Decision to Granted or Withdrawn for each displayed consent type. Upon selecting the Granted option, the Processor Resolution field for the consent type will be set to Approved. For each Granted and Approved consent type, the processor may be prompted if they wish to remove a hold and/or apply the action or action list upon removing the hold.