How Corodata Helps Businesses Comply With CPRA’s Data Subject Access Requests
Many ways that Corodata already secures and manages files also make it easier to reply to Data Subject Access Requests (DSARs) and comply with the California Privacy Rights Act (CPRA).
Starting January 1, 2023, businesses are legally obligated to respond to consumers who send your company a Data Subject Access Request (DSAR) asking you to explain (1) what information you have about them, (2) why you collected it, and (3) how you’re using it; (4) correct inaccuracies in it; and (5) limit your ability to use or disclose it.
To help businesses prepare to comply with the California Privacy Act (CPRA), we’ve provided answers to some common questions including, an interactive checklist. Taking your preparation even further, following our secure records management tools and practices will help make it quicker and easier to fulfill these requests.
Tracking What, Why, How, and Where. Plus Corrections.
- File Indexing. When you send boxes to us for storage, we help you manage your documents and files by storing your clear description of what each box and file contains.
- File Inventory. Through our portal, you can quickly search those descriptions at any time to identify what box a record is in, down to the label on the file, helping you find the exact information when requested.
- Quick Retrieval Options. Once you identify which box a record is in, the portal lets you instruct Corodata to retrieve the document and send it to you or transmit a digital scan of it so you can verify its contents and make updates, like correcting inaccuracies per the consumer’s request.
- Chain of Custody. We keep a stringent chain of custody log, providing written proof of whenever anyone requests or accesses a file or box. This log could give you insight into why you collected the data in the first place and how you are using it. It also ensures you can prove compliance with CPRA’s privacy requirements.
- Secure Destruction. You can also instruct Corodata to securely destroy individual files and send you a certificate of destruction as proof of your response to the consumer’s request to limit your ability to use, disclose or delete their data.
Providing Privacy Notice Information
Along with updating your privacy notice to reflect consumers’ expanded rights under the CPRA, you’ll also need to update your data collection notice to include proof that your company meets the legal requirements for document storage, management, and retention.
Corodata provides the following tools to help:
- Procedure manual that details how Corodata safeguards your data.
- With your company’s retention policy and schedule on file, it’s easy to regulate. Once we’ve destroyed your documents according to schedule, we’ll send a certificate of destruction as proof of compliance.
- Independent third-party compliance certifications verify that our processes and procedures comply with multiple regulations and industry standards.
Many Layers of Security
Our six-layer secure records management systems keep your business in full compliance.
For starters, we require customers to fill out a security form indicating who has access to company records and who can authorize us to retrieve and destroy them, down to the type of information.
For particularly susceptible records, we can seal boxes using uniquely numbered tags that are entered in our database and require you to unseal them to retrieve any document inside.
Corodata employees, not third parties, provide all services. We provide them with regular training on best practices for handling sensitive information and cybersecurity to prevent unauthorized people from requesting or accessing records. In addition, all have passed a background check for at least seven years.
Need help staying in compliance?
With Corodata as your records management service provider, you can prove that files containing consumers’ personally identifiable information (PII) are secure from the time it enters storage to the time it’s destroyed. Properly storing records ensures that you’re compliant with all RIM laws, not just CPRA.
Yes, we need help