Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

US 10,282,692 B2
Filed: 10/13/2018
Issued: 05/07/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method of identifying and responding to one or more potential risk triggers based on a data model, the method comprising:

identifying, by at least one processor, one or more potential risk triggers for an entity;

assessing and analyzing, by the at least one processor, the one or more potential risk triggers to determine a relevance of a risk posed to the entity by the one or more potential risk triggers, wherein determining the relevance of the risk posed to the entity comprises;

identifying one or more similarly situated entities, the one or more similarly situated entities being situated similarly to the entity,comparing, the one or more potential risk triggers to one or more previous risk triggers experienced by the one or more similarly situated entities,identifying one or more similar risk triggers from the one or more previous risk triggers, the one or more similar risk triggers being similar to the one or more potential risk triggers,analyzing the one or more similar risk triggers to determine a relevance, determined by the one or more similarly situated entities, of the one or more similar risk triggers, anddetermining the relevance of the risk posed by the one or more potential risk triggers based at least in part on the determined relevance of the one or more similar risk triggers determined by the one or more similarly situated entities;

identifying, by the at least one processor using one or more data modeling techniques, one or more data assets, associated with the entity, that may be affected by the risk, wherein identifying the one or more data assets that may be affected by the risk comprises;

scanning a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes, andanalyzing each respective digital inventory to determine one or more inventory attributes that may be affected by the risk;

determining, by the at least one processor, based at least in part on the one or more identified data assets and the relevance of the risk posed to the entity by the one or more potential risk triggers, whether to take one or more actions in response to the one or more potential risk triggers; and

in response to determining to take the one or more actions, taking, by the at least one processor, the one or more actions to remediate the risk.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.

345 Citations

16 Claims

1. A computer-implemented data processing method of identifying and responding to one or more potential risk triggers based on a data model, the method comprising:
- identifying, by at least one processor, one or more potential risk triggers for an entity;
  
  assessing and analyzing, by the at least one processor, the one or more potential risk triggers to determine a relevance of a risk posed to the entity by the one or more potential risk triggers, wherein determining the relevance of the risk posed to the entity comprises;
  
  identifying one or more similarly situated entities, the one or more similarly situated entities being situated similarly to the entity,comparing, the one or more potential risk triggers to one or more previous risk triggers experienced by the one or more similarly situated entities,identifying one or more similar risk triggers from the one or more previous risk triggers, the one or more similar risk triggers being similar to the one or more potential risk triggers,analyzing the one or more similar risk triggers to determine a relevance, determined by the one or more similarly situated entities, of the one or more similar risk triggers, anddetermining the relevance of the risk posed by the one or more potential risk triggers based at least in part on the determined relevance of the one or more similar risk triggers determined by the one or more similarly situated entities;
  
  identifying, by the at least one processor using one or more data modeling techniques, one or more data assets, associated with the entity, that may be affected by the risk, wherein identifying the one or more data assets that may be affected by the risk comprises;
  
  scanning a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes, andanalyzing each respective digital inventory to determine one or more inventory attributes that may be affected by the risk;
  
  determining, by the at least one processor, based at least in part on the one or more identified data assets and the relevance of the risk posed to the entity by the one or more potential risk triggers, whether to take one or more actions in response to the one or more potential risk triggers; and
  
  in response to determining to take the one or more actions, taking, by the at least one processor, the one or more actions to remediate the risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented data processing method of claim 1, whereineach respective digital inventory comprises one or more inventory attributes selected from a group consisting of:
    - one or more processing activities associated with each respective data asset;
      
      transfer data associated with each respective data asset; and
      
      one or more pieces of personal data associated with each respective data asset.
  - 3. The computer-implemented data processing method of claim 1, wherein the one or more potential risk triggers comprise a change to one or more regulations related to the storage of personal data by the one or more data assets.
  - 4. The computer-implemented data processing method of claim 1, wherein the one or more potential risk triggers comprise a data breach associated with the one or more data assets.
  - 5. The computer-implemented data processing method of claim 1, wherein determining the relevance of the risk comprises calculating a risk level of the one or more potential risk triggers based at least in part on one or more risk factors.
  - 6. The computer-implemented data processing method of claim 1, wherein determining the relevance of the risk posed by the one or more potential risk triggers further comprises:
    - identifying one or more particular previous risk triggers experienced by the entity;
      
      identifying one or more particular similar risk triggers from the one or more particular previous risk triggers, the one or more particular similar risk triggers being similar to the one or more particular previous risk triggers; and
      
      determining the relevance of a risk posed by the one or more potential risk triggers based at least in part on a previously determined relevance of the one or more particular similar risk triggers.
  - 7. The computer-implemented data processing method of claim 6, wherein determining whether to take one or more actions in response to the one or more potential risk triggers comprises determining whether to take the one or more actions based at least in part on one or more actions taken by the entity in response to the one or more particular similar risk triggers.
  - 8. The computer-implemented data processing method of claim 1, wherein identifying the one or more similarly situated entities comprises identifying one or more similarly situated entities from a group of potentially similarly situated entities based at least in part on one or more factors selected from the group consisting of:
    - (1) a location of each potentially similarly situated entity; and
      
      (2) an industry of each potentially similarly situated entity.
  - 9. The computer-implemented data processing method of claim 8, wherein determining whether to take one or more actions in response to the one or more potential risk triggers comprises determining whether to take the one or more actions based at least in part on one or more actions taken by the one or more similarly situated entities in response to the one or more similar risk triggers.
  - 10. The computer-implemented data processing method of claim 9, wherein:
    - the one or more similarly situated entities comprise one or more entities selected from the group consisting of;
      
      (1) one or more other entities in a similar location as the entity that has identified the one or more potential risk triggers;
      
      (2) one or more other entities in a similar industry to an industry of the entity that has identified the one or more potential risk triggers;
      
      (3);
      
      one or more entities of a similar size to the entity that has identified the one or more potential risk triggers; and
      
      (4) one or more entities that are governed by one or more regulations that are similar to regulations that govern the entity that has identified the one or more potential risk triggers.
  - 11. The computer-implemented data processing method of claim 1, wherein the at least one processor takes the one or more actions to remediate the risk in response to identifying the one or more potential risk triggers.

12. A computer-implemented data processing method for updating risk remediation data of a data model, the method comprising:
- accessing, by at least one processor, risk remediation data for an entity that has identified one or more suitable actions to remediate a risk in response to identifying one or more data assets of the entity that may be affected by one or more potential risk triggers;
  
  receiving, by the at least one processor, an indication of an update to the one or more data assets;
  
  identifying, by the at least one processor, one or more potential new risk triggers for an entity that have arisen due to the update of the one or more data assets;
  
  assessing and analyzing, by the at least one processor, the one or more potential new risk triggers to determine a relevance of a risk posed to the entity by the one or more potential new risk triggers, wherein assessing and analyzing the one or more potential new risk triggers to determine the relevance of the risk posed to the entity comprises;
  
  identifying one or more similarly situated entities, the one or more similarly situated entities being situated similarly to the entity,comparing the one or more potential risk triggers to one or more previous risk triggers experienced by the one or more similarly situated entities,identifying one or more similar risk triggers from the one or more previous risk triggers, the one or more similar risk triggers being similar to the one or more potential new risk triggers,analyzing the one or more similar risk triggers to determine a relevance of the one or more similar risk triggers experienced by the one or more similarly situated entities, anddetermining the relevance of the risk posed by the one or more potential risk triggers based at least in part on a determined relevance of the one or more similar risk triggers that has been determined by the one or more similarly situated entities;
  
  identifying, by the at least one processor using one or more data modeling techniques, one or more data assets associated with the entity that may be affected by the risk, wherein identifying the one or more data assets that may be affected by the risk comprises;
  
  scanning a respective digital inventory for each of the one or more data assets, each respective digital inventory comprising one or more inventory attributes, andanalyzing each respective digital inventory to determine one or more inventory attributes that may be affected by the risk;
  
  updating, by the at least one processor, the risk remediation data to include the one or more actions to remediate the risk in response to identifying the one or more potential updated risk triggers;
  
  determining, by the at least one processor, based at least in part on the one or more identified data assets and the relevance of the risk, whether to take the one or more actions in response to the one or more potential updated risk triggers; and
  
  taking, by the at least one processor, the one or more actions to remediate the risk in response to identifying the one or more potential risk triggers.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The computer-implemented data processing method of claim 12, wherein the update to the risk remediation data is performed automatically.
  - 14. The computer-implemented data processing method of claim 12, whereinthe one or more inventory attributes are selected from a group consisting of:
    - processing activities associated with each respective data asset;
      
      transfer data associated with each respective data asset; and
      
      one or more pieces of personal data associated with each respective data asset.
  - 15. The computer-implemented data processing method of claim 12, wherein the one or more potential risk triggers comprise a change to one or more regulations related to the storage of personal data by the one or more data assets.
  - 16. The computer-implemented data processing method of claim 12, wherein the one or more potential risk triggers comprise a data breach associated with the one or more data assets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Karanjkar, Mihir S., Finch, Steven W., Browne, Ken A., Heard, Nathan W., Patel, Aakash H., Sabourin, Jason L., Daniel, Richard L., Patton-Kuhl, Dylan D., Jones, Kevin, Brannon, Jonathan Blake
Primary Examiner(s)
Deng, Anna C

Application Number

US16/159,634
Publication Number

US 20190050766A1
Time in Patent Office

206 Days
Field of Search

717101
US Class Current
CPC Class Codes

G06F 15/76   Architectures of general pu...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/067   Enterprise or organisation ...

H04L 63/04   for providing a confidentia...

H04L 63/1433   Vulnerability analysis

H04W 12/02   Protecting privacy or anony...

H04W 12/63   Location-dependent; Proximi...

Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

345 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

345 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links