Data processing systems and methods for generating personal data inventories for organizations and other entities
First Claim
1. A computer-implemented data processing method for automatically generating an inventory of personal data stored by a particular organization, the data processing method comprising, for each of a plurality of particular privacy campaigns:
- presenting, on one or more computer user interfaces, a plurality of prompts for the input of data mapping data related to the particular privacy campaign, wherein each of the plurality of particular privacy campaigns utilizes personal data collected from one or more persons or one or more entities;
electronically receiving the data mapping data via input by one or more users, wherein the data mapping data comprises;
a descriptor of the particular privacy campaign;
an identification of one or more types of particular personal data to be acquired or used during the privacy campaign;
data indicating one or more locations in computer memory where the particular personal data is to be stored; and
data identifying one or more particular types of individuals who will have access to the particular personal data;
processing the data mapping data by electronically associating the data mapping data with a record for the particular privacy campaign;
digitally storing, in memory, the data mapping data associated with the record for the particular campaign;
determining, based at least in part on the data mapping data, a risk value associated with the privacy campaign, wherein determining the risk value comprises;
electronically retrieving, from memory, the data mapping data associated with the record for the privacy campaign;
electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of the risk factors comprises;
the descriptor of the particular privacy campaign;
the identification of one or more type of particular personal data to be acquired or used during the privacy campaign;
the data indicating one or more locations in computer memory where the particular personal data is to be store; and
the data identifying one or more particular types of individual who will have access to the particular personal data;
electronically determining a relative risk rating for each of the plurality of risk factors; and
electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and
storing the risk value in computer memory,wherein the computer-implemented data processing method further comprises;
receiving, via a user interface, a request to generate an inventory of personal data for the particular organization; and
in response to receiving the request, generating the requested inventory of personal data for the particular organization, wherein the requested inventory comprises the data mapping data for each of the plurality of particular privacy campaigns.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods, according to various embodiments, are configured for generating personal data inventories for an organization by: (1) conducting, by one or more computer processors, privacy impact assessments for each of the organization'"'"'s new business initiatives, the privacy impact assessments including both data-mapping and non-data-mapping questions; (2) flagging, by one or more computer processors, any data-mapping questions within the privacy impact assessments as data mapping questions; and (3) generating, one or more computer processors, personal data inventories on-demand based on the flagged data-mapping data.
134 Citations
23 Claims
-
1. A computer-implemented data processing method for automatically generating an inventory of personal data stored by a particular organization, the data processing method comprising, for each of a plurality of particular privacy campaigns:
-
presenting, on one or more computer user interfaces, a plurality of prompts for the input of data mapping data related to the particular privacy campaign, wherein each of the plurality of particular privacy campaigns utilizes personal data collected from one or more persons or one or more entities; electronically receiving the data mapping data via input by one or more users, wherein the data mapping data comprises; a descriptor of the particular privacy campaign; an identification of one or more types of particular personal data to be acquired or used during the privacy campaign; data indicating one or more locations in computer memory where the particular personal data is to be stored; and data identifying one or more particular types of individuals who will have access to the particular personal data; processing the data mapping data by electronically associating the data mapping data with a record for the particular privacy campaign; digitally storing, in memory, the data mapping data associated with the record for the particular campaign; determining, based at least in part on the data mapping data, a risk value associated with the privacy campaign, wherein determining the risk value comprises; electronically retrieving, from memory, the data mapping data associated with the record for the privacy campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of the risk factors comprises; the descriptor of the particular privacy campaign; the identification of one or more type of particular personal data to be acquired or used during the privacy campaign; the data indicating one or more locations in computer memory where the particular personal data is to be store; and the data identifying one or more particular types of individual who will have access to the particular personal data; electronically determining a relative risk rating for each of the plurality of risk factors; and electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and storing the risk value in computer memory, wherein the computer-implemented data processing method further comprises; receiving, via a user interface, a request to generate an inventory of personal data for the particular organization; and in response to receiving the request, generating the requested inventory of personal data for the particular organization, wherein the requested inventory comprises the data mapping data for each of the plurality of particular privacy campaigns. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented data processing method for automatically generating an inventory of personal data stored by a particular organization, the data processing method comprising:
for each of a plurality of particular privacy campaigns, wherein each of the plurality of particular privacy campaigns utilizes personal data collected from one or more persons or one or more entities; receiving, via a computer user interface, a command to create an electronic record for the particular privacy campaign; in response to receiving the command, creating an electronic record for the particular privacy campaign and digitally storing the record in memory; presenting, on one or more computer user interfaces, a plurality of prompts for the input of data mapping data related to the privacy campaign; electronically receiving data mapping data input by one or more users, wherein the data mapping data comprises; a description of the privacy campaign; an identification of one or more types of particular personal data related to the privacy campaign; data identifying a particular type of subject from which the personal data was collected; data indicating one or more locations in computer memory where the personal data is to be stored; and data identifying one or more particular types of individual who will have access to the particular personal data; processing the data mapping data by electronically associating the data mapping data with the record for the particular privacy campaign; and digitally storing, in memory, the data mapping data associated with the record for the particular campaign; determining, based at least in part on the data mapping data, a risk value associated with the privacy campaign, wherein determining the risk value comprises; electronically retrieving, from memory, the data mapping data associated with the record for the privacy campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; the identification of one or more types of particular personal data related to the privacy campaign; the data identifying a particular type of subject from which the personal data was collected; and the data indicating one or more locations in computer memory where the particular personal data is to be stored, electronically determining a relative risk rating for each of the plurality of risk factors; electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; storing the risk value in computer memory; receiving a request, from a user, to display an inventory of personal data for the particular organization that includes the data mapping data for each of the plurality of particular campaigns; and in response to receiving the request to display the inventory of personal data for the particular organization that includes the data mapping data for each of the plurality of particular campaigns, displaying, on a display screen, the inventory of personal data for the particular organization. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
15. A computer-implemented data processing method for embedding a subset of prompts for information describing data mapping data in a set of prompts that comprises a plurality of prompts for information describing non-data mapping data in relation to a privacy campaign for a particular organization, the data processing method comprising:
-
electronically receiving, by one or more computer processors, a request to initiate the privacy campaign, wherein the privacy campaign utilizes personal data collected from one or more persons or one or more entities; initiating, by one or more computer processors, a privacy impact assessment in response to the request to initiate the privacy campaign, the privacy impact assessment including a plurality of prompts requesting non-data mapping data, wherein the non-data mapping data is data that is not selected from a group consisting of; a descriptor of the particular privacy campaign; one or more types of personal data to be acquired or used during the privacy campaign; one or more locations in computer memory where personal data is stored; and identifying information for one or more individuals who will have access to the personal data; embedding a subset of prompts for information requesting data mapping data in a set of prompts that comprises the plurality of prompts requesting non-data mapping data, wherein the data mapping data comprises at least one of a group of data consisting of; a descriptor of the particular privacy campaign; one or more types of personal data to be acquired or used during the privacy campaign; one or more locations in computer memory where personal data is stored; and identifying information for one or more individuals who will have access to the personal data; generating, by one or more computer processors, the privacy impact assessment to be provided on one or more computer user interfaces, the privacy impact assessment including the plurality of prompts for information requesting non-data mapping data and the subset of prompts requesting data mapping data; displaying, by one or more computer processors, the privacy impact assessment, via one or more computer user interfaces, in order to facilitate the input of privacy data in response to the plurality of prompts for information describing non-data mapping data and the subset of prompts for information describing data mapping data; receiving a response to the privacy impact assessment by receiving input of privacy data mapping data in response to the plurality of prompts for information describing non-data mapping data and the subset of prompts for information describing data mapping data; digitally storing, in memory, both the input of non-data mapping data and the input of data mapping data; determining, based at least in part on the data mapping data, a risk value associated with the privacy campaign, wherein determining the risk value comprises; electronically retrieving, from memory, the data mapping data associated with the privacy campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; the one or more types of personal data to be acquired or used during the privacy campaign; and the one or more locations in computer memory where personal data is stored; electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and digitally storing, in computer memory, the risk value for the privacy campaign. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A computer-implemented data processing method for automatically generating a privacy impact assessment template for a privacy campaign, the data processing method comprising:
-
receiving, by one or more computer processors, template design data, the template design data comprising a plurality of prompts for input for use in a template of privacy impact assessment questions, the plurality of prompts for input comprising; one or more prompts for an input of data mapping data; and one or more prompts for an input of non-data-mapping data; at least partially in response to receiving the template design data, generating a privacy impact assessment template for the privacy campaign that includes both;
(A) the one or more prompts for an input of data mapping data; and
(B) the one or more prompts for an input of non-data mapping data, wherein the data mapping data comprises;a description of the privacy campaign; an identification of one or more types of particular personal data related to the privacy campaign; data indicating one or more locations in computer memory where the personal data is to be stored; and data identifying one or more particular types of individual who will have access to the particular personal data; flagging, in computer memory, each of the one or more prompts for input of data mapping data as a data mapping question; communicating the privacy impact assessment template to one or more users; after communicating the privacy impact assessment template to one or more users, receiving respective answer data from the one or more users in response to;
(A) each of the one or more prompts for input of data mapping data; and
(B) each of the one or more prompts for input of non-data mapping data;saving the answer data to computer memory in association with the privacy campaign so that each respective answer is associated in computer memory with its respective question as a question/answer pairing; determining, based at least in part on the answer data for the one or more prompts for input of data mapping data, a risk value associated with the privacy campaign, wherein determining the risk value comprises; electronically retrieving, from memory, the answer data, associated with the privacy campaign, for the one or more prompts for input of data mapping data; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; data indicating one or more locations in computer memory wherein the personal data is the be stored; and data identifying one or more particular types of individuals who will have access to the particular personal data; electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and digitally storing the risk value associated with the privacy campaign. - View Dependent Claims (22, 23)
-
Specification