5 Privacy Trends for 2025: What to Watch For
Heraclitus said that “The only constant in life is change,” but...
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: December 6, 2024
Published: July 22, 2022
When legislators craft data privacy laws, they write them for other legal experts — not the individuals and organizations who are subject to the law. For the businesses that are tasked with becoming compliant, that can feel a little unfair.
With more and more data privacy laws coming into effect, businesses are learning that they need to comply with consumer DSARs. But with that comes a tangle of new terminology to wade through. Download the DSAR terms cheat sheet (PDF) below so you always have them on hand:
This is how people in privacy often refer to a person. A "data subject" is the person to whom the personal data you’ve collected belongs.
Standing for “Data Subject Access Request” and “Subject Rights Request,” respectively, these are the two most common terms used to refer to the act of a person exercising their privacy rights with an organization. If you “receive a DSAR,” that means a person has requested access to the data you hold about them and (potentially) asked that you do something with that data, such as delete it, correct it, or not use it in some way.
This is the organization that makes decisions about how to handle personal data. Say, for example, a company used a surveying service to collect information about people. Even though the company doesn’t actually possess the data — it’s still on the surveying company’s servers — the company that sent out the survey and asked people for their information is the “controller” of the data.
This organization handles data on behalf of another organization. In the example above of the company conducting a survey, the service that collects the data on the company’s behalf is the data “processor.”
You and the data subject are the first two parties; a third party might be a vendor, purchaser of data, or anyone else who accesses the data subject’s data after they have provided it to you or you have collected it.
This is the process of using personal data to affect the experience a person has interacting with your organization. Generally, these are computer algorithms that take in demographic and other data and spit out specific user experiences. It might be as simple as, “last time you visited our website, you bought a couch, so we’re going to show you ottomans you might like.”
If you automatically process a data subject’s personal information to evaluate or predict their behavior, then you engage in profiling. Closely associated with automated decision-making, profiling is used to analyze or predict data subject behavior across a range of domains, like their work performance, personal preferences, location or movements, and the like. Under most data privacy regulations, consumers can make a DSAR/DSRR to opt out of profiling.
Could a piece of data be reasonably linked to a particular consumer or their household? If so, most data privacy regulations would say that’s personal information. This could include addresses, names, driver’s license numbers, and the like.
Not all personal data is created equal. Some data, such as “phone book data,” like phone numbers and addresses, has fewer regulations. Sensitive data, however, is data like health data, sexual orientation data, or genetic data that could lead to serious harm to a person if it falls into the wrong hands. Some jurisdictions even define data like union membership or political party affiliation as sensitive. Generally speaking, this data must be handled more carefully, requires special permissions to collect, and triggers higher penalties if mishandled.
Many of the rights data subjects have are no-brainers, like the right to access, correction, or deletion. But data privacy regulations also feature a right to “portability.” Essentially, this means that you can’t give a data subject their data in an excessively complicated format. If you receive a DSAR/DSRR where the data subject requests access to their data, then you have to provide it in a structured, commonly used and machine-readable format that can be easily transmitted. This could be, for example, PDFs or an Excel spreadsheet, rather than an obscure file format that requires special software to access.
Securely managing DSARs, finding personal information across multiple data sources, and doing it all within a mandated timeline — these aren’t easy tasks. That’s why organizations interested in becoming compliant quickly and minimizing the interruption that DSARs can have on the flow of business use Osano.
Osano makes it easy to verify a data subject's identity, assign inbound requests to the correct person, and deliver results to the data subject in the timeframe required by law. Our AI-driven data discovery capabilities automatically finds, classifies, and evaluates all your data across every one of your systems, streamlining the process of acting on a consumers’ DSAR.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Matt Davis is a writer at Osano, where he researches and writes about the latest in technology, legislation, and business to spread awareness about the most pressing issues in privacy today. When he’s not writing about data privacy, Matt spends his time exploring Vermont with his dog, Harper; playing piano; and writing short fiction.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.