Data processing systems for identity validation of data subject access requests and related methods
First Claim
1. A computer-implemented data processing method for processing a data subject access request, the computer-implemented data processing method comprising:
- receiving a data subject access request from a data subject that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with the data subject that the particular organization has obtained on the data subject, wherein the data subject access request comprises one or more request parameters,wherein at least one of the one or more pieces of personal data associated with the data subject was not provided to the particular organization by the data subject,wherein the data subject access request has a request type selected from the group consisting of;
a first request type, wherein the one or more actions comprise a first request to delete the one or more pieces of personal data associated with the data subject;
a second request type, wherein the one or more actions comprise a second request to provide a copy of the one or more pieces of personal data associated with the data subject to the data subject; and
a third request type, wherein the one or more actions comprise a third request to modify the one or more pieces of personal data associated with the data subject,wherein the one or more request parameters comprise the request type,wherein the first request type is associated with a first authentication type requiring a first number of identity validation methods,wherein the second request type is associated with a second authentication type requiring a second number of identity validation methods, andwherein the second number of identity validation methods is greater than the first number of identity validation methods;
in response to receiving the data subject access request from the data subject, validating an identity of the data subject by;
automatically detecting a type of authentication required to validate the identity of the data subject based at least in part on the one or more request parameters wherein the type of authentication required to validate the identity of the data subject is based on the request type;
prompting the data subject to provide one or more pieces of information based at least in part on the type of authentication required;
receiving, from the data subject, the one or more pieces of information;
in response to receiving the one or more pieces of information, confirming the validity of the one or more pieces of information; and
in response to confirming the validity of the one or more pieces of information, validating the identity of the data subject;
in response to validating the identity of the data subject, processing the data subject access request by automatically identifying one or more pieces of personal data associated with the data subject, wherein the one or more pieces of personal data associated with the data subject are stored in one or more data repositories associated with the particular organization; and
in response to automatically identifying the one or more pieces of personal data associated with the data subject, automatically taking the one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to the one or more pieces of personal data associated with the data subject.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a computer-implemented data processing method for responding to a data subject access request comprises: (A) receiving a data subject access request from a requestor comprising one or more request parameters; (B) validating an identity of the requestor by prompting the requestor to identify information associated with the requestor; (C) in response to validating the identity of the requestor, processing the request by identifying one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization; and (D) taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data.
825 Citations
11 Claims
-
1. A computer-implemented data processing method for processing a data subject access request, the computer-implemented data processing method comprising:
-
receiving a data subject access request from a data subject that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with the data subject that the particular organization has obtained on the data subject, wherein the data subject access request comprises one or more request parameters, wherein at least one of the one or more pieces of personal data associated with the data subject was not provided to the particular organization by the data subject, wherein the data subject access request has a request type selected from the group consisting of; a first request type, wherein the one or more actions comprise a first request to delete the one or more pieces of personal data associated with the data subject; a second request type, wherein the one or more actions comprise a second request to provide a copy of the one or more pieces of personal data associated with the data subject to the data subject; and a third request type, wherein the one or more actions comprise a third request to modify the one or more pieces of personal data associated with the data subject, wherein the one or more request parameters comprise the request type, wherein the first request type is associated with a first authentication type requiring a first number of identity validation methods, wherein the second request type is associated with a second authentication type requiring a second number of identity validation methods, and wherein the second number of identity validation methods is greater than the first number of identity validation methods; in response to receiving the data subject access request from the data subject, validating an identity of the data subject by; automatically detecting a type of authentication required to validate the identity of the data subject based at least in part on the one or more request parameters wherein the type of authentication required to validate the identity of the data subject is based on the request type; prompting the data subject to provide one or more pieces of information based at least in part on the type of authentication required; receiving, from the data subject, the one or more pieces of information; in response to receiving the one or more pieces of information, confirming the validity of the one or more pieces of information; and in response to confirming the validity of the one or more pieces of information, validating the identity of the data subject; in response to validating the identity of the data subject, processing the data subject access request by automatically identifying one or more pieces of personal data associated with the data subject, wherein the one or more pieces of personal data associated with the data subject are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the data subject, automatically taking the one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to the one or more pieces of personal data associated with the data subject. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented data processing method for responding to a data subject access request, the computer-implemented data processing method comprising:
-
receiving a data subject access request from a requestor comprising one or more request parameters for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with the requestor that the particular organization has obtained on the requestor, wherein at least one of the one or more pieces of personal data associated with the requestor was not provided to the particular organization by the requestor; determining, based in part on the request type of the data subject access request, a number of identity validation methods required to validate an identity of the requestor; providing the required number of identity validation methods to the requestor, wherein each identity validation method of the required number of identity validation methods includes prompting the requestor to identify different information associated with the requestor for each identity validation method of the required number of identity validation methods, wherein the data subject access request has a request type selected from the group consisting of; a first request type, wherein the one or more actions comprise a first request to delete the one or more pieces of personal data associated with the requestor; a second request type, wherein the one or more actions comprise a second request to provide a copy of the one or more pieces of personal data associated with the requestor to the requestor; and a third request type, wherein the one or more actions comprise a third request to modify the one or more pieces of personal data associated with the requestor, wherein the one or more request parameters comprise the request type, wherein the first request type is associated with a first authentication type requiring a first number of identity validation methods, wherein the second request type is associated with a second authentication type requiring a second number of identity validation methods, and wherein the second number of identity validation methods is greater than the first number of identity validation methods; validating an identity of the requestor by prompting the requestor to identify information associated with the requestor; in response to validating the identity of the requestor, processing the data subject access request by automatically identifying one or more pieces of personal data associated with the requestor, wherein the one or more pieces of personal data associated with the requestor are stored in one or more data repositories associated with a particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the requestor, automatically taking one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to the one or more pieces of personal data associated with the requestor. - View Dependent Claims (7, 8, 9)
-
-
10. A computer system processing a data subject access request, the computer system comprising:
-
one or more computer processors; and a computer memory embodied in one or more computer storage locations operatively coupled to the one or more computer processors that store particular computer code, wherein the computer system is configured to; receive a data subject access request from a data subject that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with the data subject that the particular organization has obtained on the data subject, wherein the data subject access request comprises one or more request parameters; wherein at least one of the one or more pieces of personal data associated with the data subject was not provided to the particular organization by the data subject, wherein the data subject access request has a request type selected from the group consisting of; a first request type, wherein the one or more actions comprise a first request to delete the one or more pieces of personal data associated with the data subject; a second request type, wherein the one or more actions comprise a second request to provide a copy of the one or more pieces of personal data associated with the data subject to the data subject; and a third request type, wherein the one or more actions comprise a third request to modify the one or more pieces of personal data associated with the data subject, wherein the one or more request parameters comprise the request type, wherein the first request type is associated with a first authentication level requiring a first threshold number of questions the data subject must answer correctly, wherein the second request type is associated with a second authentication level requiring a second threshold number of questions the data subject must answer correctly, and wherein the second threshold number of questions is greater than the first threshold number of questions; in response to receiving the data subject access request from the data subject, validate an identity of the data subject by; automatically detecting a level of authentication required to validate the identity of the data subject based at least in part on the one or more request parameters, wherein the level of authentication comprises a threshold number of questions the data subject must answer correctly and a threshold number of additional pieces of information the data subject must provide to validate the identity of the data subject, and wherein the level of authentication required to validate the identity of the data subject is based on the request type; prompting the data subject to provide one or more responses to the threshold number of questions and the threshold number of additional pieces of information; receiving, from the data subject, the threshold number of additional pieces of information and the one or more responses to the threshold number of questions; in response to receiving the threshold number of additional pieces of information and the one or more responses to the threshold number of questions, confirming an accuracy of the threshold number of additional pieces of information and the one or more responses to the threshold number of questions; and in response to confirming an accuracy of the threshold number of additional pieces of information and the one or more responses to the threshold number of questions, validating the identity of the data subject; in response to validating the identity of the data subject, process the data subject access request by automatically identifying one or more pieces of personal data associated with the data subject, wherein the one or more pieces of personal data associated with the data subject are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the data subject, automatically take the one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to the one or more pieces of personal data associated with the data subject. - View Dependent Claims (11)
-
Specification