Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments

US 10,169,788 B2
Filed: 02/12/2018
Issued: 01/01/2019
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for efficiently conducting privacy risk assessments for a plurality of privacy campaigns, the method comprising, for each of the plurality of privacy campaigns:

presenting, by one or more processors, a threshold privacy assessment to a user that includes a first set of one or more questions for a first plurality of question/answer pairings that identify one or more privacy characteristics of a particular privacy campaign;

receiving, by one or more processors, respective answers for the first plurality of question/answer pairings regarding the one or more privacy characteristics of the particular privacy campaign;

determining, by one or more processors, a threshold privacy risk score for the particular privacy campaign that identifies a level of risk for one or more of the privacy characteristics indicated in the question/answer pairings, wherein determining the threshold privacy risk score for the particular privacy campaign comprises determining a risk level based at least in part on the one or more privacy characteristics;

comparing, by one or more processors, the threshold privacy risk score to a threshold privacy risk value, the threshold privacy risk value indicating a pre-determined level of risk regarding the one or more privacy characteristics of the particular privacy campaign;

determining, by one or more processors, whether the threshold privacy risk score exceeds the threshold privacy risk value;

in response to determining that the threshold privacy risk score exceeds the threshold privacy risk value;

providing, by one or more processors, a privacy impact assessment to the user that includes a second set of questions for a second plurality of question/answer pairings that identify one or more privacy characteristics of the particular privacy campaign, the second set of one or more questions including one or more questions that are different from questions within the first set of one or more questions; and

determining, by one or more processors, a second risk score based at least in part on the second plurality of question/answer pairings by;

determining a weighting factor for each of the second plurality of question/answer pairings, the second plurality of question/answer pairings including;

a nature of personal data collected as part of the particular privacy campaign;

electronically determining a relative risk rating for each of the second plurality of question/answer pairings;

electronically calculating the second risk score based upon, for each of the second plurality of question/answer pairings, the relative risk rating and the weighting factor; and

electronically associating the second risk score with the particular privacy campaign.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing computer systems, in various embodiments, are adapted for: (1) presenting a threshold privacy assessment that includes a first set of privacy-related questions for a privacy campaign; (2) receiving respective answers to the first set of questions; (3) using this initial set of answers to calculate an initial privacy risk score for the privacy campaign; (4) determining whether the privacy risk score exceeds the threshold privacy risk value; (5) in response to the privacy risk score exceeding the threshold privacy risk value, providing one or more supplemental questions to the user to facilitate the completion of a full privacy impact assessment. In some embodiments, in response to determining that the privacy risk score does not exceed the threshold privacy risk value, the systems and methods provide an indication that the particular privacy campaign is a relatively low privacy campaign.

255 Citations

19 Claims

1. A computer-implemented data processing method for efficiently conducting privacy risk assessments for a plurality of privacy campaigns, the method comprising, for each of the plurality of privacy campaigns:
- presenting, by one or more processors, a threshold privacy assessment to a user that includes a first set of one or more questions for a first plurality of question/answer pairings that identify one or more privacy characteristics of a particular privacy campaign;
  
  receiving, by one or more processors, respective answers for the first plurality of question/answer pairings regarding the one or more privacy characteristics of the particular privacy campaign;
  
  determining, by one or more processors, a threshold privacy risk score for the particular privacy campaign that identifies a level of risk for one or more of the privacy characteristics indicated in the question/answer pairings, wherein determining the threshold privacy risk score for the particular privacy campaign comprises determining a risk level based at least in part on the one or more privacy characteristics;
  
  comparing, by one or more processors, the threshold privacy risk score to a threshold privacy risk value, the threshold privacy risk value indicating a pre-determined level of risk regarding the one or more privacy characteristics of the particular privacy campaign;
  
  determining, by one or more processors, whether the threshold privacy risk score exceeds the threshold privacy risk value;
  
  in response to determining that the threshold privacy risk score exceeds the threshold privacy risk value;
  
  providing, by one or more processors, a privacy impact assessment to the user that includes a second set of questions for a second plurality of question/answer pairings that identify one or more privacy characteristics of the particular privacy campaign, the second set of one or more questions including one or more questions that are different from questions within the first set of one or more questions; and
  
  determining, by one or more processors, a second risk score based at least in part on the second plurality of question/answer pairings by;
  
  determining a weighting factor for each of the second plurality of question/answer pairings, the second plurality of question/answer pairings including;
  
  a nature of personal data collected as part of the particular privacy campaign;
  
  electronically determining a relative risk rating for each of the second plurality of question/answer pairings;
  
  electronically calculating the second risk score based upon, for each of the second plurality of question/answer pairings, the relative risk rating and the weighting factor; and
  
  electronically associating the second risk score with the particular privacy campaign.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented data processing method of claim 1, wherein the second plurality of question/answer pairings further includes at least one additional question/answer pairing related to one or more privacy characteristics selected from the group consisting of:
    - a physical storage location of the personal data collected as part of the particular privacy campaign;
      
      a length of time that the personal data collected as part of the particular privacy campaign will be retained in storage; and
      
      a country of residence of at least one data subject from which the personal data was collected as part of the particular privacy campaign.
  - 3. The computer-implemented data processing method of claim 1, the method further comprising automatically initiating the privacy impact assessment that includes the second set of questions in response to determining that the threshold privacy risk score exceeds the threshold privacy risk value.
  - 4. The computer-implemented data processing method of claim 1, wherein the second plurality of question/answer pairings comprises a greater number of question/answer pairings than the first plurality of question/answer pairings.
  - 5. The computer-implemented data processing method of claim 1, wherein determining the threshold privacy risk score for the particular privacy campaign comprises determining a risk level based at least in part on the one or more privacy characteristics by assigning a weighting factor to each of the one or more privacy characteristics.
  - 6. The computer-implemented data processing method of claim 1, the system is configured to receive the threshold privacy risk value from one or more privacy officers associated with the privacy campaign.
  - 7. The computer-implemented data processing method of claim 6, wherein the system is configured adjusted the threshold privacy risk value based on a type of campaign for the particular privacy campaign.
  - 8. The computer-implemented data processing method of claim 1, wherein:
    - the respective answers for the first plurality of question/answer pairings regarding the one or more privacy characteristics of the particular privacy campaign comprise an indication of a particular type of personal data collected as part of the particular privacy campaign; and
      
      the method further comprises;
      
      assigning a risk level to the particular type of personal data that exceeds the threshold privacy risk value; and
      
      automatically initiating the privacy impact assessment that includes the second set of questions in response to the respective answers for the first plurality of question/answer pairings regarding the one or more privacy characteristics of the particular privacy campaign comprising the indication that the particular type of personal data is collected as part of the particular privacy campaign.
  - 9. The computer-implemented data processing method of claim 1, wherein the particular type of personal data comprises credit card information.

10. A computer-implemented data processing method for efficiently conducting privacy risk assessments for a plurality of privacy campaigns, the method comprising, for each of the plurality of privacy campaigns:
- presenting, by one or more processors, a threshold privacy assessment to a user that includes a first set of one or more questions for a first plurality of question/answer pairings that identify one or more privacy characteristics of the particular privacy campaign;
  
  receiving, by one or more processors, respective answers for the first plurality of question/answer pairings regarding the one or more privacy characteristics of the particular privacy campaign;
  
  determining, by one or more processors, a privacy risk score for the particular privacy campaign that identifies a level of risk for one or more of the privacy characteristics indicated in the first plurality of question/answer pairings;
  
  comparing, by one or more processors, the privacy risk score to a threshold privacy risk value, the threshold privacy risk value indicating a pre-determined level of risk regarding the one or more privacy characteristics of the particular privacy campaign;
  
  determining, by one or more processors, that the privacy risk score exceeds the threshold privacy risk value;
  
  providing, by one or more processors and to one or more privacy officers, (1) a first selection option to initiate a privacy impact assessment to be provided to the user that includes a second set of questions for a second plurality of question/answer pairings that identify one or more privacy characteristics of the particular privacy campaign, the second set of one or more questions includes one or more questions that are supplemental to the first set of one or more questions and (2) a second selection option to indicate that the particular privacy campaign is a low privacy risk campaign;
  
  in response to receiving an indication of selection of the first selection option by the one or more privacy officers, providing, by one or more processors, the full privacy impact assessment to the user;
  
  in response to providing the full privacy assessment to the user;
  
  receiving, by one or more processors, respective answers for the second plurality of question/answer pairings regarding the one or more privacy characteristics of the particular privacy campaign;
  
  using one or more computer processors to calculate a risk score based on the respective answers for the second plurality of question/answer pairings and the one or more privacy characteristics of the particular privacy campaign, wherein calculating the risk score comprises;
  
  electronically identifying a weighting factor for each of the second plurality of question/answer pairings, wherein the one or more privacy characteristics include;
  
  a number of individuals having access to the personal data associated with the particular privacy campaign; and
  
  a type of individual from which the personal data associated with the particular privacy campaign originated; and
  
  electronically identifying a relative risk rating for each of the second plurality of question/answer pairings; and
  
  electronically calculating the risk score based upon, for each respective one of the second plurality of question/answer pairings, the relative risk rating, and the weighting factor; and
  
  in response to receiving an indication of selection of the second selection option by the one or more privacy officers, storing, by one or more processors, an indication that the particular privacy campaign is a low privacy risk campaign.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The computer-implemented data processing method of claim 10, wherein the privacy risk score is determined by associating a weighting factor with each question in the first set of questions.
  - 12. The computer-implemented data processing method of claim 11, wherein associating a weighting factor for each question in the first set of questions further comprises:
    - determining that a first question in the first set of questions identifies a greater privacy impact than a second question in the first set of questions; and
      
      assigning a weight to the first question in the first set of questions that is greater than a weight to be assigned to the second question in the first set of questions.
  - 13. The computer-implemented data processing method of claim 10, wherein determining the privacy risk score for the particular campaign further comprises:
    - determining that a question in a particular question/answer pairing for the first plurality of question/answer pairings includes an answer, for the particular question/answer pairing, that provides a particular response; and
      
      automatically determining that the privacy risk score for the particular privacy campaign exceeds the threshold privacy risk value in response to determining that the question in the particular question/answer pairing for the first plurality of question/answer pairings includes the answer that provides the particular response.
  - 14. The computer-implemented data processing method of claim 13, wherein the threshold privacy risk value is based at least in part on a type of campaign for the particular privacy campaign.
  - 15. The computer-implemented data processing method of claim 14, wherein the one or more privacy characteristics comprise a nature of the personal data collected as part of the particular privacy campaign.
  - 16. The computer-implemented data processing method of claim 10, wherein the first plurality of question/answer pairings include one or more answers that indicate a physical storage location of personal data collected as part of the particular privacy campaign.
  - 17. The computer-implemented data processing method of claim 10, wherein:
    - the second plurality of question/answer pairings include one or more answers that indicate a country to which the personal data collected as part of the particular privacy campaign will be transferred; and
      
      the one or more privacy characteristics comprise inter-country transfer data for the personal data collected as part of the particular privacy campaign.
  - 18. The computer-implemented data processing method of claim 10, wherein:
    - the first plurality of question/answer pairings include one or more answers that indicate purpose of collecting the personal data collected as part of the particular privacy campaign; and
      
      determining the privacy risk score for the particular privacy campaign that identifies a level of risk for one or more of the privacy characteristics indicated in the first plurality of question/answer pairings comprises determining the privacy risk score based at least in part on the purpose of collecting the personal data.
  - 19. The computer-implemented data processing method of claim 10, the method further comprising automatically providing, by one or more computer processors, the full privacy assessment to the user in response to determining that the privacy risk score exceeds the threshold privacy risk value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Ouellette, Jonathan P

Application Number

US15/894,809
Publication Number

US 20180182008A1
Time in Patent Office

323 Days
Field of Search

705 11-912, 705325
US Class Current
CPC Class Codes

G06Q 10/063114   Status monitoring or status...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

255 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links