Authorized Agent Requests
Under some privacy laws data subjects are allowed to authorize other individuals or organizations to submit data subject requests on their behalf. You can learn more about authorized agent requests in .
Some authorized agent services scrape a user's email inbox, compile a list based on the communications found there, and then bulk send templated emails to each organization requesting data access or deletion. This can result in a large number of requests coming in outside your normal Privacy Center workflow. This doc outlines two ways you can choose to handle these requests.
For example, you may choose to use JWT Account Login to have customers verify their identity by logging directly into their account, but instead use Email Verification for Authorized Agent requests. This way authorized agents can input the email address and additional information they have on the data subject when submitting the request.
The user for whom the request was submitted will receive an email where they’ll be required to click a link and confirm the request before it can be completed. This can be configured to send as a two-factor authentication step in addition to account login.
Once the email is verified, Transcend will programmatically map the verified email to a User ID or other user identifiers that may be associated with that email address and move forward with fulfilling the request across connected systems. If you wish, you can also add a manual review step to approve all requests of this type before they begin processing.
Important: when following the manual submission steps linked above, we highly reccomend you turn on the option to send an email verification link to the data subject to help verify their identity before the request is processed.