Data processing systems and methods for efficiently assessing the risk of privacy campaigns

US 10,706,131 B2
Filed: 12/02/2019
Issued: 07/07/2020
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:

receiving, by one or more computer processors, an audited privacy template, wherein the audited privacy template has been audited for compliance with one or more privacy standards, and wherein the audited privacy template comprises a plurality of question/answer pairings regarding a particular vendor, product, or service to be used as part of the privacy campaign;

receiving, by one or more computer processors, analysis of one or more data records associated with the particular vendor, product, or service;

identifying, by one or more computer processors, a particular weighting factor for each question/answer pairing of the plurality of question/answer pairings;

determining, by one or more computer processors, a relative risk rating for each question/answer pairing of the plurality of question/answer pairings based on the respective particular weighting factor for each question/answer pairing of the plurality of question/answer pairings;

electronically calculating, by one or more computer processors, an overall risk rating for the particular vendor, product, or service based upon the relative risk rating for each question/answer pairing of the plurality of question/answer pairings and the analysis of the one or more data records;

determining whether the overall risk rating for the particular vendor, product, or service satisfies certain pre-determined criteria; and

in response to determining that the overall risk rating for the particular vendor, product, or service does not satisfy the pre-determined criteria, generating an alert to a user indicating that the overall risk rating for the particular vendor, product, or service does not satisfy the pre-determined criteria.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities'"'"' respective business endeavors that involve the relevant vendors, products, or services.

Citations

20 Claims

1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, an audited privacy template, wherein the audited privacy template has been audited for compliance with one or more privacy standards, and wherein the audited privacy template comprises a plurality of question/answer pairings regarding a particular vendor, product, or service to be used as part of the privacy campaign;
  
  receiving, by one or more computer processors, analysis of one or more data records associated with the particular vendor, product, or service;
  
  identifying, by one or more computer processors, a particular weighting factor for each question/answer pairing of the plurality of question/answer pairings;
  
  determining, by one or more computer processors, a relative risk rating for each question/answer pairing of the plurality of question/answer pairings based on the respective particular weighting factor for each question/answer pairing of the plurality of question/answer pairings;
  
  electronically calculating, by one or more computer processors, an overall risk rating for the particular vendor, product, or service based upon the relative risk rating for each question/answer pairing of the plurality of question/answer pairings and the analysis of the one or more data records;
  
  determining whether the overall risk rating for the particular vendor, product, or service satisfies certain pre-determined criteria; and
  
  in response to determining that the overall risk rating for the particular vendor, product, or service does not satisfy the pre-determined criteria, generating an alert to a user indicating that the overall risk rating for the particular vendor, product, or service does not satisfy the pre-determined criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented data processing method of claim 1, wherein the one or more data records comprise one or more data records related to one or more government bodies with which the particular vendor, product, or service is associated.
  - 3. The computer-implemented data processing method of claim 2, wherein the one or more data records related to the one or more government bodies comprise an indication of one or more security certifications obtained by the particular vendor, product, or service.
  - 4. The computer-implemented data processing method of claim 2, wherein the one or more data records related to the one or more government bodies comprise an indication of use of the particular vendor, product, or service by at least one of the one or more government bodies.
  - 5. The computer-implemented data processing method of claim 1, further comprising, in response to determining that the overall risk rating for the particular vendor, product, or service does not satisfy the pre-determined criteria, storing an indication that the overall risk rating for the particular vendor, product, or service does not satisfy the pre-determined criteria in a database accessible by a plurality of third parties via an online portal.
  - 6. The computer-implemented data processing method of claim 1, further comprising facilitating the electronic transfer of one or more pieces of data based on the audited privacy template, via one or more computer networks, to at least one computer system associated with a government regulatory agency.
  - 7. The computer-implemented data processing method of claim 1, further comprising facilitating a selection of one or more of the plurality of question/answer pairings to not consider in calculating the overall risk rating for the particular vendor, product, or service;
    - andin response to receiving the selection, adjusting the respective particular weighting factor for the selected one or more of the plurality of question/answer pairings.

8. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, an audited privacy template, wherein the audited privacy template has been audited for compliance with one or more privacy standards, wherein the audited privacy template comprises a plurality of question/answer pairings regarding a particular product or service provided by a vendor, and wherein each of the plurality of question/answer pairings identify a parameter selected from a group consisting of;
  
  an encryption status of one or more pieces of personal data stored by the particular product or service;
  
  storage information for the one or more pieces of personal data collected by the particular product or service; and
  
  access permission data associated with the one or more pieces of personal data collected by the particular product or service; and
  
  in response to receiving the audited privacy template, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented data processing method of claim 8, wherein the audited privacy template is received from a centralized repository of privacy templates.
  - 10. The computer-implemented data processing method of claim 9, wherein the audited privacy template has been audited for compliance with the one or more privacy standards at the centralized repository of privacy templates.
  - 11. The computer-implemented data processing method of claim 8, further comprising:
    - analyzing one or more pieces of publicly available data associated with the vendor; and
      
      calculating a risk score for the vendor based on the analyzed one or more pieces of publicly available data.
  - 12. The computer-implemented data processing method of claim 11, wherein at least one of the one or more pieces of publicly available data associated with the vendor is selected from a group consisting of:
    - one or more pieces of data retrieved from one or more social networking websites;
      
      one or more pieces of data retrieved from one or more job search websites; and
      
      one or more pieces of data retrieved from one or more business networking web sites.
  - 13. The computer-implemented data processing method of claim 11, wherein at least one of the one or more pieces of publicly available data associated with the vendor is selected from a group consisting of:
    - one or more privacy disclaimers associated with the particular product or service;
      
      one or more privacy notices associated with one or more websites associated with the vendor;
      
      one or more pieces of data retrieved from one or more credit bureau databases;
      
      one or more pieces of data retrieved from one or more websites that indicate one or more privacy-related positions with the vendor; and
      
      one or more pieces of data retrieved from one or more industry certification databases.
  - 14. The computer-implemented data processing method of claim 11, further comprising facilitating the electronic transfer of the risk score, via one or more computer networks, to the plurality of computer systems for use in the different entities'"'"' respective computerized assessments of the at least one respective privacy campaign.

15. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor;
  
  determining, by one or more computer processors based on the completed privacy template, to request an updated version of the completed privacy template from the vendor;
  
  requesting, by one or more computer processors, the updated version of the completed privacy template from the vendor;
  
  receiving, by one or more computer processors, the updated version of the completed privacy template, the updated completed privacy template comprising an updated plurality of question/answer pairings regarding the particular product or service;
  
  in response to receiving the updated completed privacy template, automatically coordinating, by one or more computer processors, an audit of the updated completed privacy template for compliance with one or more privacy standards;
  
  receiving, by one or more computer processors, an audited updated completed privacy template;
  
  calculating a risk rating for the particular product or service based on the audited updated completed privacy template; and
  
  facilitating the electronic transfer of the audited updated completed privacy template and the risk rating for the particular product or service, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of the particular product or service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented data processing method of claim 15, wherein determining to request the updated version of the completed privacy template from the vendor is further based on determining that particular product or service has been revised.
  - 17. The computer-implemented data processing method of claim 15, wherein determining to request the updated version of the completed privacy template from the vendor is further based on determining that a privacy template upon which the completed privacy template is based has been updated.
  - 18. The computer-implemented data processing method of claim 15, wherein the updated plurality of question/answer pairings regarding the particular product or service comprises a question/answer pairing requesting a scheduled implementation date of the particular product or service.
  - 19. The computer-implemented data processing method of claim 15, further comprising:
    - generating a summary of the audited updated completed privacy template; and
      
      presenting the summary of the audited updated completed privacy template to a privacy officer associated with the vendor on a graphical user interface.
  - 20. The computer-implemented data processing method of claim 15, further comprising generating one or more tasks based on the audited updated completed privacy template.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Brannon, Jonathan Blake
Primary Examiner(s)
Powers, William S

Application Number

US16/700,049
Publication Number

US 20200104470A1
Time in Patent Office

218 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3438   monitoring of user actions ...

G06F 21/316   by observing the pattern of...

G06F 21/6245   Protecting personal data, e...

G06F 2201/81   Threshold

G06F 2221/2111   Location-sensitive, e.g. ge...

Y02D 10/00   Energy efficient computing,...

Data processing systems and methods for efficiently assessing the risk of privacy campaigns

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and methods for efficiently assessing the risk of privacy campaigns

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links