You’ve got a new job, or you’re starting a new project at work. You want to get access to some data from a database. How do you go about requesting it? What should you include in your request letter?
The GDPR (General Data Protection Regulation) was introduced in May 2018. This regulation aims to give individuals greater control over their personal information, like here at ethyca.com/about-privacy-by-design. In order to comply with the law, organizations must provide clear instructions on how they intend to handle requests for data. In order to protect personal information, businesses must comply with federal regulations regarding access requests. These rules require businesses to provide individuals with certain rights when requesting access to their personal information.
This blog post provides guidance on how to write a DSAR request letter so that you can obtain the information you need.
Know What Information Is Required By Law
Before writing a DSAR request letter, make sure you understand what information is required by law. For example, under HIPAA, healthcare providers must disclose protected health information (PHI) to patients upon request. However, PHI does not include Social Security numbers, bank account numbers, or tax identification numbers.
Understand How to Properly Identify Yourself
You must properly identify yourself when making a DSAR request. Failure to do so may result in denial of the request. For example, if you are seeking records related to a specific individual, you must clearly state that fact in the subject line of your email. Also, you must include the name of the individual whose records you seek.
Include All Necessary Details
Make sure you include all necessary details in your DSAR request. For example, if you are requesting medical records, you must specify the type of medical provider involved. Also, if you are requesting records pertaining to multiple individuals, you must indicate which individuals you are seeking records for.
Be Clear About Who Will Receive Your Letter
Be clear about who will receive your letter. For example, if your request relates to a specific individual, make sure you include his or her name in the body of your letter.
Use Appropriate Language
Use appropriate language when drafting your DSAR request. Avoid using profanity or slang terms.
Follow Up With a Phone Call
After submitting your DSAR, you should follow up with emails and phone calls to confirm receipt. Also, make sure that you’ve received the information you asked for.
Check Your Status
Checking your status after sending your DSAR is essential. Many organizations require additional documentation before releasing the requested information. If you haven’t heard back within a reasonable amount of time, call the organization again.
Document Everything
Keep copies of every document that you submit. These can serve as evidence in case something goes wrong during the process.
ConclusionÂ
A DSAR is a legal requirement that allows individuals to gain access to their own personal information. It’s important to know what information is required by the law and how to properly identify yourself.
When making a data subject access request, be clear about what information you are seeking. Also, use proper language and avoid profanity.