Subject Rights Request Management Under CCPA

Download the e-Book

Simply fill out this form to download:


Dos and Don’ts of Managing Subject Rights Requests Under CCPA


If you collect, process or sell data about California residents, it’s time to prepare for a steady stream of consumer data requests. Large B2C companies are already receiving thousands each year and expect many times that number after CCPA becomes law.

Under CCPA, consumers in California have the right to request access to the data businesses collect about them. They can ask about general categories and purposes as well as specific data. They can also request that their information be corrected, deleted, moved and prevented from being sold.

Subject Rights Requests – or, in CCPA parlance, “verifiable consumer requests” – can be tricky to handle. Mismanaging the Subject Rights Request process increases your risk of a data breach and your potential liability.

We’ve put together this guide to help you architect an efficient, secure Subject Rights Request process. Inside Dos and Don’ts to Managing Subject Rights Requests, you’ll find practical advice to adopt and common pitfalls to avoid.

Mitigate Risk

WireWheel helps you create a secure and streamlined process to manage subject rights requests — one that doesn’t depend on email or manual processes that expose you to data losses, regulatory and trust risk.

Save Time and Money

The WireWheel Platform lets you leverage automation and pre-configured workflows to free up valuable time and resources, and reduce the costs associated with subject rights request program management and fulfillment.

Stay Ahead of Regulations

We’ve combined years of experience, industry best practices, and continuing conversations with regulators, business leaders, and other experts into a solution that remains up to date through ongoing agile development.

DSAR, VCR, SRR and other acronyms are related to the same thing: managing requests regarding consumer data. Some terms you’ll hear with respect to the request process are tied to specific privacy regulations and indicate different requirements
Verify and Authenticate All Requestors Identities

Allow known customers to authenticate using existing credentials and use the WireWheel automated identity verification tool to authenticate unregistered or unknown requestors.


Automatically Ticket and Assign Requests

Leverage automation to easily assign tickets, track progress, and send reminders for each request.


Collect, Manage, and Review Internal Data to Fulfill Requests

Help team members collect, classify, and verify data from internal data stores, and utilize WireWheel’s data extraction APIs to handle volume of requests at scale.

Encrypt and Securely Deliver Information

Implement an end-to-end encryption delivery system for all uploads, reducing data leakage risk by allowing only the sender and receiver to see the data.


Track, Review, and Approve Requests

Demonstrate compliance by recording all communications, reviews, and approvals, and maintaining complete audit trails of your subject rights request actions.

42% of the more than 18,000 data protection-related complaints lodged in 2016 with the Information Commissioner’s Office in the UK were about individuals’ rights to access their personal data.