Managing Copy Requests

Copy requests, or Right of Access requests, empower data subjects to view and obtain a portable copy of the personal data an organization holds about them. MineOS streamlines this process by automating data collection through multiple integrations with your existing tech stack, while also enabling you to redact sensitive or third-party information from copy reports to ensure compliance with privacy regulations.

How to manage copy requests

The privacy requests workflow includes the following stages:

• Review: Verify the requester's identity and jurisdiction before accepting the request.

• Process: Retrieve data automatically via integrations or upload files for manual sources, then click "Generate Copy" to create a secure download link.

• Redact content: Redact sensitive information from the copy report to protect third-party privacy or comply with data minimization requirements before delivering the final report.

• Reply: Send a final confirmation email using a predefined template that automatically includes the user's data access link.

• Close: Finalize the ticket to archive a full audit log of all communications, timestamps, and data fulfillment activities.

To get started, first head to your Requests page.

Next, select an open request with the type "Copy". 

Stage 1 - Review

• Verify Identity: Confirm the requester's identity through automated MineOS flows, such as email verification, security questions, or photo ID uploads.

• Review Enriched Data: Evaluate additional context provided via your Privacy Center web form, including the user's Country of Residence, mobile number, or other custom data fields defined in your Privacy Center Settings.

Stage 2 - Process 

In the Process stage, MineOS aggregates user data by pulling automatically from integrated sources and allowing manual file uploads for manually-integrated systems to generate a single, secure access report.

In order to collect data, there are two options:

• Automated Sources: MineOS automatically retrieves data from integrated sources within your tech stack. Click 'Collect data' to run the API integrations and collect data.

• Manual Sources: For sources without active integrations or those that don't support automated copying, you must manually gather the data.

MineOS supports a wide range of file formats for manual data uploads, including:

• Documents: .pdf, .pdf/a, .doc, .docx, .docm, .dotx, .txt, .text, text/plain

• Spreadsheets: .csv, .tsv, .xls, .xlsx, .xlsm

• Presentations: .ppt, .pptx, .pptm, .ppsx

• Images: .png, .jpg, .jpeg, .tiff

• Email & Data: .msg, .pst, .mbox, .mbx, .log

You can upload up to 20 files per manual integration, with a maximum size of 10MB per file.

Once all files have been collected, click 'Compile report' to generate the Copy report that will be sent out to the data subject.

Select "Preview report" to review the final copy report and verify exactly what the user will see before it is sent.

To edit the link, click "Edit report." This will bring you back to the Process stage, where you can uncheck the box not to include a data source or upload another file.

Stage 3 - Redact content

Before finalizing and sending the copy report, you may need to redact sensitive or irrelevant information to ensure compliance with data minimization principles and protect the privacy of third parties. MineOS provides flexibility in how data is presented and redacted based on your organization's needs.

Understanding Copy Report Data Formats:

Copy reports aggregate user data in two primary formats:

• JSON Files: Structured data retrieved from automated integrations is typically presented as JSON files, offering a clear, machine-readable format of the data subject's personal information organized by integrated systems in the copy report.
• Documents: Unstructured data from manual uploads or document-based integrations (such as Google Drive, OneDrive, or email systems) is presented as the original files, which may contain mixed content requiring careful review.

Redaction Options:

MineOS offers two approaches to content redaction, allowing you to choose the method that best fits your workflow and technical capabilities:

• Manual redaction tool from documents: For hands-on review and redaction of data from unstructured integrations, use MineOS's built-in redaction interface to manually identify and remove sensitive information from documents. This tool automatically detects and highlights sensitive data types such as PII (emails, phone numbers, SSNs, credit cards) and technical identifiers (IP addresses, MAC addresses), while allowing you to manually select additional content for redaction.
• eDiscovery agent - Automated redaction tool from structured integrations (JSON records): Leverage AI-powered automation to intelligently identify and redact sensitive information across large volumes of documents, streamlining the redaction process while maintaining accuracy and compliance.

After completing any necessary redactions, proceed to generate the final copy report.

Stage 4 - Reply

Finalize the request by clicking "Reply to user" and selecting a predefined template to automatically share the secure data link.

The default "Copy Completion" template pre populates with the secure data link, though you can also insert it as a dynamic variable into any custom reply.

Upon completing your response, select “Send & close request"

Stage 4 - Close

Congratulations! You have successfully fulfilled a Data Subject Access Request.

By clicking on "See request history", you can view all the request's logs, including the agent who handled the request, all conversations with the user, and the deletion timestamps.