Subject Access Request reporting
UK users need to be able to provide Subject Access Reporting (by law). Everyone is entitled to a copy of their data held in the system.
Box needs to be able to report on that. Search (content and/or metadata) will provide the results, but we need a list of this content in a report as well as the ability to download all this content in a zip file.
See specific GDPR requirements here: https://ico.org.uk/for-organizations/guide-to-data-protection/principle-6-rights/subject-access-request/
Hello, I would like to learn more about the problem described in the request, Please reach out to me if you like to share some feedback.
It’s pretty apparent there is no good methodology to search and report from Box that is comprehensive. Given the limitations (no interface search capability, limited to search indexing only the first 10k characters of a document), we are unable to get full searchable scans.
To clarify – we are not looking for actions done by, or files owned by, this person as a Box user. We are looking for files where the content of the file contains the person’s name and/or email address. Such as, if I am looking for all mentions of “Klaus Hargreeves”, I wouldn’t do a user search on Klaus Hargreeves, especially if we don’t have a user account for anyone with that name.
We attempted this with content search, and it returned a list of over 22,000 files, and there is no mechanism to sort or filter that, or to download a report. Only to click on each file to open it. What we really need is a report that would show the file names, paths, and dates.
Here’s an overview of GDPR and DSAR, if it helps with some of these generic things stipulated by the law, like the 30 days:
The GDPR and Data Subject Access Rights (DSARs) - dummies [dummies.com]
DSAR is not simply files created by a particular individual, but any files that have mention of the requester, created anywhere on the organisations systems.
This is a requirement in UK to be able to provide this information in a timely manner and at present BOX does not seem to be able to provide this facility.
The only possible option currently is to have a account that has full access to every file and then search using that account. Box file indexing has further limitations as this will only scan the first 10,000 characters of a document. As stated here, https://community.box.com/t5/Managing-Files-and-Folders/Search-for-Files-Folders-and-Content/ta-p/19269?advanced=false&collapse_discussion=true&filter=location&location=category:English&q=search%20for%20files&search_type=thread
This feature needs to be available so that UK organisations can comply with UK laws.
The way we proceed is by going to the content manager and making a search for a user. The search results look satisfactory. The issue we have is that there's no option to download all content easily. That means we have some users with 746 pages of results, and content has to be downloaded as a zip archive for each separate page. We need the ability to download all at once.