Authorized Agent Requests
Under some privacy laws data subjects are allowed to authorize other individuals or organizations to submit data subject requests on their behalf. You can learn more about authorized agent requests in our blog post on the subject.
Some authorized agent services scrape a user's email inbox, compile a list based on the communications found there, and then bulk send templated emails to each organization requesting data access or deletion. This can result in a large number of requests coming in outside your normal Privacy Center workflow. This doc outlines two ways you can choose to handle these requests.
Directing the requester to use your self-serve Transcend Privacy Center to authenticate and submit their request ensures you have the authorization and all information needed to fully process the request.
You can have multiple Data Subject types in your privacy center, each with their own Authentication Method. (See: End-User Identity Verification.)
For example, you may choose to use JWT Account Login to have customers verify their identity by logging directly into their account, but instead use Email Verification for Authorized Agent requests. This way authorized agents can input the email address and additional information they have on the data subject when submitting the request.
The user for whom the request was submitted will receive an email where they’ll be required to click a link and confirm the request before it can be completed. This can be configured to send as a two-factor authentication step in addition to account login.
Once the email is verified, Transcend will programmatically map the verified email to a User ID or other user identifiers that may be associated with that email address and move forward with fulfilling the request across connected systems. If you wish, you can also add a manual review step to approve all requests of this type before they begin processing.
If you prefer, you can instead enter the information from the authorized agent directly into the Transcend admin dashboard and initiate a request by following the steps for manual request submission.
Important: when following the manual submission steps linked above, we highly reccomend you turn on the option to send an email verification link to the data subject to help verify their identity before the request is processed.