Data processing systems for orphaned data identification and deletion and related methods
First Claim
1. A computer-implemented data processing method for identifying one or more pieces of personal data that are not associated with one or more privacy campaigns of a particular entity, the method comprising:
- accessing, by one or more processors, via one or more computer networks, one or more data assets of the particular entity;
scanning, by the one or more processors, the one or more data assets to generate a catalog of one or more privacy campaigns and one or more pieces of personal information associated with one or more individuals;
storing, by the one or more processors, the generated catalog in computer memory;
scanning, by the one or more processors, the one or more data assets based at least in part on the generated catalog to identify a first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity, wherein identifying the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity comprises;
determining that one or more privacy campaigns have been terminated within the one or more data assets of the particular entity,scanning the one or more data assets based at least in part on the generated catalog to identify the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns, andgenerating an indication that the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns are included in the first portion of the one or more pieces of personal data;
generating, by the one or more processors, an indication that the first portion of one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity is to be removed from the one or more data assets based at least in part on the indication that the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns are included in the first portion of the one or more pieces of personal data;
presenting, by the one or more processors, the indication to one or more individuals associated with the particular entity; and
removing, by the one or more processors, the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity from the one or more data assets.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, an Orphaned Data Action System is configured to analyze one or more data systems (e.g., data assets), identify one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization, and notify one or more individuals of the particular organization of the one or more pieces of personal data that are one or more pieces of personal data that are not associated with one or more privacy campaigns of the particular organization.
657 Citations
15 Claims
-
1. A computer-implemented data processing method for identifying one or more pieces of personal data that are not associated with one or more privacy campaigns of a particular entity, the method comprising:
-
accessing, by one or more processors, via one or more computer networks, one or more data assets of the particular entity; scanning, by the one or more processors, the one or more data assets to generate a catalog of one or more privacy campaigns and one or more pieces of personal information associated with one or more individuals; storing, by the one or more processors, the generated catalog in computer memory; scanning, by the one or more processors, the one or more data assets based at least in part on the generated catalog to identify a first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity, wherein identifying the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity comprises; determining that one or more privacy campaigns have been terminated within the one or more data assets of the particular entity, scanning the one or more data assets based at least in part on the generated catalog to identify the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns, and generating an indication that the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns are included in the first portion of the one or more pieces of personal data; generating, by the one or more processors, an indication that the first portion of one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity is to be removed from the one or more data assets based at least in part on the indication that the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns are included in the first portion of the one or more pieces of personal data; presenting, by the one or more processors, the indication to one or more individuals associated with the particular entity; and removing, by the one or more processors, the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity from the one or more data assets. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented data processing method for removing one or more pieces of personal data that are not associated with one or more privacy campaigns of a particular entity, the method comprising:
-
accessing, by one or more processors, via one or more computer networks, one or more data models that map an association between (i) one or more pieces of personal data associated with one or more individuals stored within one or more data assets of the particular entity and (ii) one or more privacy campaigns of the particular entity; analyzing, by the one or more processors, the one or more data models to identify a first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns, wherein identifying the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity comprises; determining that one or more privacy campaigns have been terminated within the one or more data assets of the particular entity, analyzing the one or more data models to identify one or more pieces of personal data that are associated with the terminated one or more privacy campaigns, and generating an indication that the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns are included in the first portion of the one or more pieces of personal data; generating, by the one or more processors, an indication that the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity is to be removed from the one or more data assets of the particular entity based at least in part on the indication that the one or more pieces of personal data that are associated with the terminated one or more privacy campaigns are included in the first portion of the one or more pieces of personal data; presenting, by the one or more processors, the indication to one or more individuals associated with the particular entity; and automatically removing the first portion of the one or more pieces of personal data that are not associated with the one or more privacy campaigns of the particular entity from the one or more data assets. - View Dependent Claims (9, 10, 11)
-
-
12. A computer-implemented data processing method for generating a privacy data report of a particular entity, the method comprising:
-
accessing, by one or more processors, via one or more computer networks, one or more data models that map an association between (i) one or more pieces of personal information of one or more individuals stored within one or more data assets of the particular entity and (ii) one or more privacy campaigns of the particular entity; accessing, by the one or more processors, a data collection policy of the particular entity that is based at least in part on one or more collection parameters defining how one or more pieces of personal data of one or more individuals are collected by the particular entity and one or more storage parameters associated with storing the one or more pieces of personal data of the one or more individuals; accessing, via the one or more processors, one or more data retention metrics of the particular entity that are based at least in part on a collection of data under the data collection policy, wherein the one or more data retention metrics comprise at least one data retention metric selected from;
a storage location of the one or more pieces of personal data, a period of time the one or more pieces of personal data are stored by the particular entity, a number of the one or more privacy campaigns accessing the one or more pieces of personal data, and an amount of the one or more pieces of personal data being collected by the particular entity;analyzing, by the one or more processors, the one or more data models to identify one or more pieces of personal data that are not associated with the one or more privacy campaigns; generating, by one or more processors, a privacy data report based at least in part on (i) analyzing the one or more data models to identify one or more pieces of personal data that are not associated with the one or more privacy campaigns, (ii) the data collection policy of the particular entity, and (iii) the one or more data retention metrics of the particular entity; and providing, by one or more processors, the privacy data report to one or more individuals associated with the particular entity, wherein the privacy data report comprises a comparison of the data collection policy and the one or more data retention metrics of the particular entity to one or more industry standard data collection policies and one or more industry standard data retention metrics. - View Dependent Claims (13, 14, 15)
-
Specification