Data processing and communications systems and methods for the efficient implementation of privacy by design

US 10,496,846 B1
Filed: 07/15/2019
Issued: 12/03/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium storing computer-executable instructions for demonstrating compliance with privacy-by-design practices, the computer-executable instructions comprising computer-executable instructions for:

automatically electronically analyzing computer code to determine one or more privacy-related attributes of the computer code, each of the privacy-related attributes indicating one or more types of personal information that the computer code collects or accesses;

in response to determining that at least one of the one or more privacy-related attributes indicates that the computer code collects or accesses one or more particular types of personal information;

(A) executing the steps of;

(i) electronically displaying one or more prompts to one or more first individuals requesting that the one or more first individuals input information regarding the particular privacy-related attribute;

(ii) receiving input information from the one or more first individuals regarding the particular privacy-related attribute; and

(iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a first privacy assessment of the computer code;

receiving, by one or more computer processors, from the one or more second individuals, an indication of one or more revisions to the design of the computer code, the one or more revisions comprising one or more steps that would facilitate the compliance of the computer code with one or more privacy standards;

in response to receiving the indication of the one or more revisions, automatically initiating the generation of at least one task that is to be used in managing the design of the computer code, the at least one task comprising one or more tasks that, if completed, would individually or collectively result in the one or more revisions to the computer code;

receiving, by one or more computer processors, a notification that the at least one task has been completed;

at least partially in response to receiving the notification that the at least one task has been completed, generating a second, updated privacy assessment for the computer code that reflects the fact that the one or more revisions have been completed; and

saving data to computer memory indicating that the one or more revisions have been completed, wherein the computer-executable instructions comprise computer-executable instructions for;

receiving a go-live date for the computer code;

saving the go-live date to memory; and

conducting one or more audits to facilitate completion of the one or more revisions to the computer code before the go-live date.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer-readable mediums, according to various embodiments, store computer-executable instructions for: (1) scanning computer code to determine what types of personal information the computer code collects or analyzes; (2) prompting a first one or more individuals for information regarding this aspect of the computer code (e.g., why the computer code is collecting the personal information); (3) communicating this information to a second set of one or more individuals; (4) receiving, from the second set of individuals, a recommended revision to the computer code that would facilitate the compliance of the computer code with one or more privacy standards; (5) facilitating the implementation of the revision; and (6) after the revision has been completed, generating an updated privacy assessment for the computer code that reflects the fact that the one or more revisions have been completed; and (7) generating a report listing the one or more revisions that have been completed.

512 Citations

26 Claims

1. A non-transitory computer-readable medium storing computer-executable instructions for demonstrating compliance with privacy-by-design practices, the computer-executable instructions comprising computer-executable instructions for:
- automatically electronically analyzing computer code to determine one or more privacy-related attributes of the computer code, each of the privacy-related attributes indicating one or more types of personal information that the computer code collects or accesses;
  
  in response to determining that at least one of the one or more privacy-related attributes indicates that the computer code collects or accesses one or more particular types of personal information;
  
  (A) executing the steps of;
  
  (i) electronically displaying one or more prompts to one or more first individuals requesting that the one or more first individuals input information regarding the particular privacy-related attribute;
  
  (ii) receiving input information from the one or more first individuals regarding the particular privacy-related attribute; and
  
  (iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a first privacy assessment of the computer code;
  
  receiving, by one or more computer processors, from the one or more second individuals, an indication of one or more revisions to the design of the computer code, the one or more revisions comprising one or more steps that would facilitate the compliance of the computer code with one or more privacy standards;
  
  in response to receiving the indication of the one or more revisions, automatically initiating the generation of at least one task that is to be used in managing the design of the computer code, the at least one task comprising one or more tasks that, if completed, would individually or collectively result in the one or more revisions to the computer code;
  
  receiving, by one or more computer processors, a notification that the at least one task has been completed;
  
  at least partially in response to receiving the notification that the at least one task has been completed, generating a second, updated privacy assessment for the computer code that reflects the fact that the one or more revisions have been completed; and
  
  saving data to computer memory indicating that the one or more revisions have been completed, wherein the computer-executable instructions comprise computer-executable instructions for;
  
  receiving a go-live date for the computer code;
  
  saving the go-live date to memory; and
  
  conducting one or more audits to facilitate completion of the one or more revisions to the computer code before the go-live date.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The non-transitory computer-readable medium of claim 1, further comprising:
    - analyzing the one or more revisions to determine whether the one or more revisions substantively impact the computer code'"'"'s compliance with one or more privacy standards.
  - 3. The non-transitory computer-readable medium of claim 2, wherein the step of analyzing the one or more revisions to determine whether the one or more revisions substantively impact the computer code'"'"'s compliance with one or more privacy standards comprises determining whether the one or more revisions revise the computer code by executing a step selected from a group consisting of:
    - (i) anonymizing personal data, and (ii) encrypting personal data.
  - 4. The non-transitory computer-readable medium of claim 2, wherein the step of analyzing the one or more revisions to determine whether the one or more revisions substantively impact the computer code'"'"'s compliance with one or more privacy standards comprises determining whether the one or more revisions revise the product to minimize the use of personal data.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the one or more first individuals include one or more software developers.
  - 6. The non-transitory computer-readable medium of claim 5, wherein the one or more second individuals comprise one or more privacy officers.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the computer code is a particular version of a particular software application.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions comprise computer-executable instructions for:
    - analyzing any changes to the computer code that are implemented prior to the go-live date; and
      
      automatically differentiating between;
      
      (a) substantive privacy-protecting changes; and
      
      (b) non-substantive changes.
  - 9. The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions comprise computer-executable instructions for automatically monitoring the development of the computer code to determine whether the at least one task has been completed.
  - 10. The non-transitory computer-readable medium of claim 9, wherein the computer-executable instructions comprise computer-executable instructions for providing a notification to privacy compliance software that the at least one task has been completed.
  - 11. The non-transitory computer-readable medium of claim 1, wherein the computer-executable instructions comprise computer-executable instructions for displaying the updated privacy assessment to one or more users on a display screen.
  - 12. The non-transitory computer-readable medium of claim 1, wherein the at least one task comprises changing the particular computer code to modify the way that it obtains, uses, or stores personal data.
  - 13. The non-transitory computer-readable medium of claim 1, wherein the one or more revisions are selected from a group consisting of:
    - (1) revising the computer code to limit the time period that personal data is stored by a system implementing the computer code; and
      
      (2) revising the computer code to anonymize personal data.

14. A non-transitory computer-readable medium storing computer-executable instructions for demonstrating the compliance of an organization with privacy-by-design practices, the computer-executable instructions comprising computer-executable instructions for:
- receiving a location of computer code from one or more individuals;
  
  automatically electronically analyzing the computer code to determine one or more privacy-related attributes of the computer code, each of the privacy-related attributes indicating one or more types of personal information that the computer code collects or accesses;
  
  in response to determining that the computer code has a particular one of the one or more privacy-related attributes, executing steps of;
  
  (i) receiving input information from one or more first individuals regarding the particular privacy-related attribute; and
  
  (ii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a first privacy assessment of the computer code;
  
  receiving, from the one or more second individuals, one or more revisions to the computer code that would facilitate the compliance of the computer code with one or more privacy standards;
  
  in response to receiving the one or more revisions, automatically initiating a generation of at least one task that, if completed, would individually or collectively result in the one or more revisions to the computer code;
  
  receiving a notification that the at least one task has been completed;
  
  at least partially in response to receiving the notification that the at least one task has been completed, facilitating the completion of a second, updated privacy assessment for the computer code that reflects the fact that the one or more revisions have been completed; and
  
  generating an output documenting that;
  
  (1) the first privacy assessment has been conducted;
  
  (2) the one or more revisions have been made to the computer code to facilitate the compliance of the computer code with the one or more privacy standards; and
  
  (3) the updated privacy assessment has been conducted, wherein the computer-executable instructions comprise computer-executable instructions for;
  
  receiving a go-live date for the computer code;
  
  saving the go-live date to memory; and
  
  conducting one or more audits to facilitate completion of the one or more revisions to the computer code before the go-live date.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The non-transitory computer-readable medium of claim 14, wherein the one or more first individuals comprise one or more software developers.
  - 16. The non-transitory computer-readable medium of claim 14, wherein the one or more second individuals comprise one or more privacy officers.
  - 17. The non-transitory computer-readable medium of claim 14, wherein:
    - the output is a report; and
      
      the computer-executable instructions comprise computer-executable instructions for displaying the report to one or more users on a display screen.
  - 18. The non-transitory computer-readable medium of claim 14, wherein the at least one task comprises changing the computer code to anonymize personal data.

19. A non-transitory computer-readable medium storing computer-executable instructions for efficiently demonstrating the compliance by an organization with privacy-by-design practices, the computer-executable instructions comprising computer-executable instructions for:
- monitoring one or more computer storage locations to determine whether any new versions of a particular computer product have been stored in the one or more computer storage locations;
  
  determining that a new version of the particular computer product has been stored in the one or more computer storage locations;
  
  automatically electronically analyzing the new version of the particular computer product to determine one or more privacy-related attributes of the particular computer product, each of the privacy-related attributes indicating one or more types of personal information that the particular computer product collects or accesses;
  
  in response to determining that the new version of the particular computer product has a particular one of the one or more privacy-related attributes;
  
  (A) executing the steps of;
  
  (i) electronically displaying one or more prompts to one or more first individuals requesting that the one or more first individuals input information regarding the particular privacy-related attribute; and
  
  (ii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a first privacy assessment of the new version of the particular computer product; and
  
  (B) changing an indicator associated with the new version of the particular computer product to indicate that, before the new version of the particular computer product is launched, the new version of the particular computer product should be modified to not include the particular privacy-related attribute;
  
  receiving, from the one or more second individuals, a listing of one or more revisions to a design of the particular computer product, the one or more revisions comprising one or more steps that would facilitate the compliance of the particular computer product with one or more privacy standards;
  
  in response to receiving the listing of the one or more revisions, automatically facilitating the completion of at least one task that is to be used in managing the design of the particular computer product, the at least one task comprising one or more tasks that, if completed, would individually or collectively result in the one or more revisions to the design of the particular computer code;
  
  receiving a notification that the at least one task has been completed;
  
  at least partially in response to receiving the notification that the at least one task has been completed, facilitating the generation of an updated privacy assessment for the particular computer product that reflects the fact that the one or more revisions have been completed; and
  
  generating a report indicating that the one or more revisions have been completed wherein the computer-executable instructions comprise computer-executable instructions for;
  
  receiving a go-live date for the computer code;
  
  saving the go-live date to memory; and
  
  conducting one or more audits to facilitate completion of the one or more revisions to the computer code before the go-live date.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the one or more first individuals comprise one or more software developers.
  - 21. The non-transitory computer-readable medium of claim 19, wherein the one or more second individuals comprise one or more privacy officers.
  - 22. The non-transitory computer-readable medium of claim 19, wherein:
    - the computer product is a particular software application, andthe at least one task comprises changing the particular software application to modify the way that it obtains, uses, or stores personal data.
  - 23. The non-transitory computer-readable medium of claim 19, wherein the computer-executable instructions comprise computer-executable instructions for:
    - analyzing any changes that to the computer code that are implemented prior to the go-live date; and
      
      automatically differentiating between;
      
      (a) substantive privacy-protecting changes; and
      
      (b) non-substantive changes.
  - 24. The non-transitory computer-readable medium of claim 19, wherein the computer-executable instructions comprise computer-executable instructions for automatically monitoring the development of the computer code to determine whether the at least one task has been completed.
  - 25. The non-transitory computer-readable medium of claim 24, wherein the computer-executable instructions comprise computer-executable instructions for providing a notification to privacy compliance software that the at least one task has been completed.
  - 26. The non-transitory computer-readable medium of claim 19, wherein the one or more privacy standards comprise at least one of the General Data Protection Regulation or the California Consumer Privacy Act.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US16/511,700
Publication Number

US 20190362096A1
Time in Patent Office

141 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 2221/033   Test or assess software

G06F 8/20   Software design

G06F 8/71   Version control security ar...

G06F 8/75   Structural analysis for pro...

G06F 8/77   Software metrics

Data processing and communications systems and methods for the efficient implementation of privacy by design

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

512 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing and communications systems and methods for the efficient implementation of privacy by design

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

512 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links