Data processing systems for fulfilling data subject access requests and related methods
First Claim
1. A privacy management computer system for receiving and facilitating the processing of data subject access requests via a webform, the system comprising:
- one or more computer processors; and
computer memory storing instructions that are executed by the one or more computer processors, wherein the one or more computer processors are adapted for;
displaying a webform on a computer display, the webform being adapted to receive data subject access requests for processing;
receiving, via the webform, a data subject access request from a data subject access requestor;
automatically determining a type of the data subject access request, the determined type of data subject access request being selected from a group consisting of;
(1) a request to delete personal data of the requestor that is being stored by a particular organization;
(2) a request to provide, to the requestor, personal data of the requestor that is being stored by the particular organization;
(3) a request to update personal data of the requestor that is being stored by the particular organization; and
(4) a request to opt out of having the particular organization use the requestor'"'"'s personal information in one or more particular ways;
determining, based at least partially on the determined type of data subject access request, an authentication methodology that is to be used to verify the requestor'"'"'s identity before the system facilitates completion of the data subject access request;
using the determined type of authentication methodology to verify the requestor'"'"'s identity; and
at least partially in response to verifying the requestor'"'"'s identity via the determined type of authentication methodology, executing at least one processing step to advance the completion of the data subject access request, wherein the one or more computer processors are adapted for;
at least partially in response to determining that the type of data subject access request is a request to delete personal data of the requestor that is being stored by the organization;
(A) requiring the requestor to input a first predetermined number of types of information to authenticate the requestor, (B) using each of the first predetermined number of types of information to authenticate the requestor, and (C) after authenticating the requestor, fulfilling the request to delete personal data; and
at least partially in response to determining that the type of data subject access request is a request to provide, to the requestor, personal data of the requestor that is being stored by the organization;
(A) requiring the requestor to input a second predetermined number of types of information to authenticate the requestor, (B) using each of the second predetermined number of types of information to authenticate the requestor, and (C) after authenticating the requestor, fulfilling the request to provide personal data.
2 Assignments
0 Petitions
Accused Products
Abstract
A privacy management system that is adapted for, in the course of processing a particular data subject access request, automatically determining a type of the data subject access request, such as: (1) a request to delete personal data of the requestor that is being stored by a particular organization; (2) a request to provide, to the requestor, personal data of the requestor that is being stored by the particular organization; (3) a request to update personal data of the requestor that is being stored by the particular organization; and (4) a request to opt out of having the particular organization use the requestor'"'"'s personal information in one or more particular ways. After making this determination, the system may determine, based on the determined type of data subject access request, a particular workflow to follow in processing the data subject access request, and then execute the determined workflow.
560 Citations
16 Claims
-
1. A privacy management computer system for receiving and facilitating the processing of data subject access requests via a webform, the system comprising:
-
one or more computer processors; and computer memory storing instructions that are executed by the one or more computer processors, wherein the one or more computer processors are adapted for; displaying a webform on a computer display, the webform being adapted to receive data subject access requests for processing; receiving, via the webform, a data subject access request from a data subject access requestor; automatically determining a type of the data subject access request, the determined type of data subject access request being selected from a group consisting of;
(1) a request to delete personal data of the requestor that is being stored by a particular organization;
(2) a request to provide, to the requestor, personal data of the requestor that is being stored by the particular organization;
(3) a request to update personal data of the requestor that is being stored by the particular organization; and
(4) a request to opt out of having the particular organization use the requestor'"'"'s personal information in one or more particular ways;determining, based at least partially on the determined type of data subject access request, an authentication methodology that is to be used to verify the requestor'"'"'s identity before the system facilitates completion of the data subject access request; using the determined type of authentication methodology to verify the requestor'"'"'s identity; and at least partially in response to verifying the requestor'"'"'s identity via the determined type of authentication methodology, executing at least one processing step to advance the completion of the data subject access request, wherein the one or more computer processors are adapted for; at least partially in response to determining that the type of data subject access request is a request to delete personal data of the requestor that is being stored by the organization;
(A) requiring the requestor to input a first predetermined number of types of information to authenticate the requestor, (B) using each of the first predetermined number of types of information to authenticate the requestor, and (C) after authenticating the requestor, fulfilling the request to delete personal data; andat least partially in response to determining that the type of data subject access request is a request to provide, to the requestor, personal data of the requestor that is being stored by the organization;
(A) requiring the requestor to input a second predetermined number of types of information to authenticate the requestor, (B) using each of the second predetermined number of types of information to authenticate the requestor, and (C) after authenticating the requestor, fulfilling the request to provide personal data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method for receiving and facilitating the processing of data subject access requests, the method comprising:
-
receiving, by at least one computer processor, a data subject access request from a data subject access requestor; automatically determining, by at least one computer processor, a type of the data subject access request, the determined type of data subject access request being selected from a group consisting of;
(1) a request to delete personal data of the requestor that is being stored by a particular organization;
(2) a request to provide, to the requestor, personal data of the requestor that is being stored by the particular organization;
(3) a request to update personal data of the requestor that is being stored by the particular organization; and
(4) a request to opt out of having the particular organization use the requestor'"'"'s personal information in on or more particular ways;determining, by at least one processor, based at least partially on the determined type of data subject access request, a workflow that is to be used to process the request; and after determining the workflow, facilitating, by at least one processor, the processing of the request via the computer-implemented workflow, wherein; the computer-implemented workflow comprises one or more steps for validating the identity of an individual; and the computer-implemented method comprises; at least partially in response to determining that the type of data subject access request is a request to delete personal data of the requestor that is being stored by the organization;
(1) requiring, as part of the computer-implemented workflow, the requestor to input a first predetermined number of types of information to authenticate the requestor, (2) using each of the first predetermined number of types of information to authenticate the requestor, and (3) after authenticating the requestor, executing the request to delete personal data; andat least partially in response to determining that the type of data subject access request is a request to provide, to the requestor, personal data of the requestor that is being stored by the organization;
(1) requiring, as part of the computer-implemented workflow, the requestor to input a second predetermined number of types of information to authenticate the requestor, (2) using each of the second predetermined number of types of information to authenticate the requestor;
(3) after authenticating the requestor, executing the request to provide personal data. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification