A USG data subject request (DSR) is a petition to a USG organization or institution by a data subject looking to confirm whether or not the USG is holding personal data about the data subject. To determine if the data subject is real, a data subject of the USG and any actions necessary by the USG in accordance with the data subject request, USG organizations and institutions are requested to develop a DSR Process.

The development of a DSR Process by all USG organizations and institutions is in accordance with BPM Sections 12.4.2, 12.6.2 and 12.6.5. In order for a DSR Process to be in place, USG organizations and institutions must provide a way for a data subject to submit a formal DSR.

The DSR process shall include the following eight-step process.

Step One: The DSR is submitted by a data subject to a process manager and governance within the organization.

Step Two: The DSR is managed using a tracking system, which includes recording the request and any actions taken.

Step Three: The data subject’s identity is verified.

Step Four: The DSR’s legitimacy is verified.

Step Five: Analyze the DSR (to include who needs to be involved and what systems ) and determine any necessary actions.

Step Six: The necessary actions requested are analyzed and verified.

Step Seven: Verified actions to the DSR are implemented.

Step Eight: The completed DSR is reviewed by legal counsel and closed.