Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

US 10,282,559 B2
Filed: 10/13/2018
Issued: 05/07/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for generating a visualization of one or more data transfers between one or more data assets, the method comprising:

identifying, by one or more computer processors, one or more data assets associated with a particular entity;

analyzing, by the one or more computer processors, the one or more data assets to identify one or more data elements stored in the identified one or more data assets, wherein the step of analyzing the one or more data assets comprises analyzing the one or more data assets using one or more intelligent identity scanning techniques comprising;

scanning one or more databases to generate a catalog of one or more individuals and one or more pieces of information associated with the one or more individuals,scanning one or more data repositories based at least in part on the generated catalog to identify one or more attributes of data associated with the particular one or more individuals,analyzing and correlating the one or more attributes with metadata for the scanned one or more data repositories,using one or more machine learning techniques to categorize one or more data elements from the generated catalog,analyzing a flow of the data elements among the one or more data repositories, andcategorizing the one or more data elements based on a confidence score;

defining, by the one or more computer processors, a plurality of physical locations and identifying, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations;

analyzing, by the one or more computer processors, the identified one or more data elements to determine one or more data transfers between the one or more data assets in different particular physical locations;

determining, by the one or more computer processors, one or more regulations that relate to the one or more data transfers; and

generating, by the one or more computer processors, a visual representation of the one or more data transfers based at least in part on the one or more regulations, wherein generating the visual representation of the one or more data transfers comprises;

generating a visual representation of a map comprising the plurality of physical locations,superimposing an indicia for each of the one or more data assets that indicates the respective particular physical location of the plurality of physical locations for each of the one or more data assets, andgenerating a visual indication of the one or more data transfers between the one or more data assets.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.

437 Citations

24 Claims

1. A computer-implemented data processing method for generating a visualization of one or more data transfers between one or more data assets, the method comprising:
- identifying, by one or more computer processors, one or more data assets associated with a particular entity;
  
  analyzing, by the one or more computer processors, the one or more data assets to identify one or more data elements stored in the identified one or more data assets, wherein the step of analyzing the one or more data assets comprises analyzing the one or more data assets using one or more intelligent identity scanning techniques comprising;
  
  scanning one or more databases to generate a catalog of one or more individuals and one or more pieces of information associated with the one or more individuals,scanning one or more data repositories based at least in part on the generated catalog to identify one or more attributes of data associated with the particular one or more individuals,analyzing and correlating the one or more attributes with metadata for the scanned one or more data repositories,using one or more machine learning techniques to categorize one or more data elements from the generated catalog,analyzing a flow of the data elements among the one or more data repositories, andcategorizing the one or more data elements based on a confidence score;
  
  defining, by the one or more computer processors, a plurality of physical locations and identifying, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations;
  
  analyzing, by the one or more computer processors, the identified one or more data elements to determine one or more data transfers between the one or more data assets in different particular physical locations;
  
  determining, by the one or more computer processors, one or more regulations that relate to the one or more data transfers; and
  
  generating, by the one or more computer processors, a visual representation of the one or more data transfers based at least in part on the one or more regulations, wherein generating the visual representation of the one or more data transfers comprises;
  
  generating a visual representation of a map comprising the plurality of physical locations,superimposing an indicia for each of the one or more data assets that indicates the respective particular physical location of the plurality of physical locations for each of the one or more data assets, andgenerating a visual indication of the one or more data transfers between the one or more data assets.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented data processing method of claim 1, wherein the method further comprises using at least one data model to identify the one or more data elements stored in the one or more identified data assets, the data model comprising:
    - a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes selected from the group consisting of;
      
      one or more processing activities associated with each respective data asset;
      
      transfer data associated with each respective data asset; and
      
      one or more pieces of personal data associated with each respective data asset; and
      
      a data map identifying one or more electronic associations between at least two of the one or more data assets.
  - 3. The computer-implemented data processing method of claim 2, wherein the one or more data elements comprise the one or more inventory attributes.
  - 4. The computer-implemented data processing method of claim 3, wherein determining one or more regulations that relate to the one or more data transfers comprises analyzing the transfer data associated with each respective data asset to identify the one or more regulations.
  - 5. The computer-implemented data processing method of claim 4, wherein the one or more regulations comprise one or more transfer restrictions.
  - 6. The computer-implemented data processing method of claim 5, wherein:
    - the one or more data transfers comprise a first transfer from a first data asset in a first location to a second data asset in a second location;
      
      the one or more inventory attributes associated with the first data asset comprise one or more first data storage attributes; and
      
      the one or more inventory attributes associated with the second data asset comprise one or more second data storage attributes.
  - 7. The computer-implemented data processing method of claim 6, wherein:
    - the one or more transfer restrictions comprise a first transfer restriction related to the first transfer; and
      
      the first transfer restriction comprises a restriction that the one or more second data storage attributes comprise one or more second data security restrictions that are at least as stringent as one or more first data security restrictions associated with the one or more first data storage attributes.
  - 8. The computer-implemented data processing method of claim 6, wherein:
    - the one or more regulations comprise a first regulation related to the first transfer; and
      
      the first regulation comprises a regulation based at least in part on one or more regulations selected from the group consisting of;
      
      one or more binding corporate rules;
      
      a privacy shield;
      
      a safe harbor regulation; and
      
      one or more contract provisions.
  - 9. The computer-implemented data processing method of claim 1, wherein generating the visual representation of the one or more data transfers further comprises:
    - modifying the visual representation such that each visual indication of the one or more data transfers is color coded based at least in part on the one or more regulations.
  - 10. The computer-implemented data processing method of claim 1, wherein the one or more intelligent identity scanning techniques further comprise:
    - receiving input from one or more users confirming or denying a categorization of the one or more data elements; and
      
      in response to receiving the input, modifying the confidence score.
  - 11. The computer-implemented data processing method of claim 10, further comprising:
    - providing a software application for installation on a computing device that is networked with one or more data repositories associated with an organization; and
      
      providing a communication channel between one or more remote scanning servers and the software application, wherein;
      
      the software application is configured to communicate with the one or more remote scanning servers; and
      
      the software application is configured to transmit the one or more attributes of data associated with the particular entity to the one or more remote scanning servers.
  - 12. The computer-implemented data processing method of claim 11, wherein:
    - the step of categorizing the one or more data elements is performed by the one or more remote scanning servers.

13. A computer-implemented method of identifying and responding to one or more potential risk triggers based on a data model, the method comprising:
- identifying, by at least one computer processor, one or more potential risk triggers for an entity;
  
  assessing and analyzing, by the at least one processor, the one or more potential risk triggers to determine a relevance of a risk posed to the entity by the one or more potential risk triggers, wherein determining the relevance of the risk posed to the entity comprises;
  
  identifying one or more particular previous risk triggers experienced by the entity,identifying one or more particular similar risk triggers from the one or more particular previous risk triggers, the one or more particular similar risk triggers being similar to the one or more potential risk triggers, anddetermining the relevance of a risk posed by the one or more potential risk triggers based at least in part on a previously determined relevance of the one or more particular similar risk triggers;
  
  identifying, by the at least one processor using one or more data modeling techniques, one or more data assets associated with the entity that may be affected by the risk, wherein identifying the one or more data assets that may be affected by the risk comprises;
  
  scanning a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes, andanalyzing each respective digital inventory to determine one or more inventory attributes that may be affected by the risk;
  
  determining, by the at least one processor, based at least in part on the one or more identified data assets and the relevance of the risk posed to the entity by the one or more potential risk triggers, whether to take one or more actions in response to the one or more potential risk triggers; and
  
  in response to determining to take the one or more actions, taking, by the at least one processor, the one or more actions to remediate the risk.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The computer-implemented data processing method of claim 13, wherein:
    - each respective digital inventory comprises one or more inventory attributes selected from the group consisting of;
      
      one or more processing activities associated with each respective data asset;
      
      transfer data associated with each respective data asset; and
      
      one or more pieces of personal data associated with each respective data asset.
  - 15. The computer-implemented data processing method of claim 13, wherein the one or more potential risk triggers comprise a change to one or more regulations related to the storage of personal data by the one or more data assets.
  - 16. The computer-implemented data processing method of claim 13, wherein the one or more potential risk triggers comprise a data breach associated with the one or more data assets.
  - 17. The computer-implemented data processing method of claim 13, wherein determining the relevance of the risk comprises calculating a risk level of the one or more potential risk triggers based at least in part on one or more risk factors.
  - 18. The computer-implemented data processing method of claim 13, wherein determining whether to take one or more actions in response to the one or more potential risk triggers comprises determining whether to take the one or more actions based at least in part on one or more actions taken by the entity in response to the one or more similar risk triggers.
  - 19. The computer-implemented data processing method of claim 13, wherein determining the relevance of the risk posed to the entity by the one or more potential risk triggers further comprises:
    - identifying one or more similarly situated entities, the one or more similarly situated entities being situated similarly to the entity;
      
      comparing the one or more potential risk triggers to one or more previous risk triggers experienced by the one or more similarly situated entities;
      
      identifying one or more similar risk triggers from the one or more previous risk triggers, the one or more similar risk triggers being similar to the one or more potential risk triggers;
      
      analyzing the one or more similar risk triggers to determine a relevance of the one or more similar risk triggers determined by the one or more similarly situated entities; and
      
      determining the relevance of the risk posed by the one or more potential risk triggers based at least in part on the determined relevance of the one or more similar risk triggers determined by the one or more similarly situated entities.
  - 20. The computer-implemented data processing method of claim 19, wherein identifying the one or more similarly situated entities comprises identifying one or more similarly situated entities from a group of potentially similarly situated entities based at least in part on one or more factors selected from the group consisting of:
    - (1) a location of each potentially similarly situated entity from the group of potentially similarly situated entities; and
      
      (2) an industry of each potentially similarly situated entity from the group of potentially similarly situated entities.
  - 21. The computer-implemented data processing method of claim 20, wherein determining whether to take one or more actions in response to the one or more potential risk triggers comprises determining whether to take the one or more actions based at least in part on one or more actions taken by the one or more similarly situated entities in response to the one or more similar risk triggers.
  - 22. The computer-implemented data processing method of claim 14, wherein each respective digital inventory comprises one or more processing activities associated with each respective data asset.
  - 23. The computer-implemented data processing method of claim 14, wherein each respective digital inventory comprises transfer data associated with each respective data asset.
  - 24. The computer-implemented data processing method of claim 14, wherein each respective digital inventory comprises one or more pieces of personal data associated with each respective data asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Karanjkar, Mihir S., Finch, Steven W., Browne, Ken A., Heard, Nathan W., Patel, Aakash H., Sabourin, Jason L., Daniel, Richard L., Patton-Kuhl, Dylan D., Jones, Kevin, Brannon, Jonathan Blake
Primary Examiner(s)
Deng, Anna C

Application Number

US16/159,632
Publication Number

US 20190050596A1
Time in Patent Office

206 Days
Field of Search

717101
US Class Current
CPC Class Codes

G06F 16/9038   Presentation of query results

G06F 21/577   Assessing vulnerabilities a...

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/1433   Vulnerability analysis

Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

437 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

437 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links