Automated data processing systems and methods for automatically processing requests for privacy-related information
First Claim
1. A computer-implemented data processing method for processing data subject access requests, the method comprising:
- receiving, by at least one computer processor, a data subject access request that requests data regarding a data subject, the data subject access request comprising a request to execute at least one action selected from a group consisting of;
(a) deleting personal data of the data subject;
(b) modifying personal data of the data subject; and
(c) providing personal data of the data subject;
at least partially in response to receiving the data subject access request, determining, by at least one computer processor, the data subject based on the data subject access request;
at least partially in response to receiving the data subject access request, generating, by at least one computer processor, a unique session ID based on the data subject;
associating, by at least one computer processor in a computer memory, the unique session ID with the data subject;
at least partially in response to receiving the data subject access request, determining, by at least one computer processor, whether the data subject access request was initiated by an automated source;
in response to determining that the data subject access request was initiated by an automated source, automatically taking at least one action, by at least one computer processor, to have the data subject access request reinitiated by a human source, wherein the at least one action comprises, at least partially in response to receiving the data subject access request;
(i) generating a unique, temporary uniform resource locator (URL) based on the unique session ID; and
(ii) at least temporarily providing access to an electronic form for completing a second data subject access request at the unique URL; and
at least partially in response to determining that the data subject access request was initiated by a human, automatically facilitating the fulfillment of the data subject access request.
2 Assignments
0 Petitions
Accused Products
Abstract
A data processing system, according to various embodiments, may receive a data subject access request that includes a request to delete personal data of a particular data subject, modify personal data of the data subject, and/or provide personal data of the data subject. At least partially in response to receiving the data subject access request, the system may determine whether the data subject access request was initiated by an automated source. At least partially in response to determining that the data subject access request was initiated by an automated source, the system may automatically take at least one action to have the data subject access request reinitiated by a human source. At least partially in response to determining that the data subject access request was initiated by a human, the system may automatically facilitate the fulfillment of the data subject access request.
-
Citations
27 Claims
-
1. A computer-implemented data processing method for processing data subject access requests, the method comprising:
-
receiving, by at least one computer processor, a data subject access request that requests data regarding a data subject, the data subject access request comprising a request to execute at least one action selected from a group consisting of; (a) deleting personal data of the data subject; (b) modifying personal data of the data subject; and (c) providing personal data of the data subject; at least partially in response to receiving the data subject access request, determining, by at least one computer processor, the data subject based on the data subject access request; at least partially in response to receiving the data subject access request, generating, by at least one computer processor, a unique session ID based on the data subject; associating, by at least one computer processor in a computer memory, the unique session ID with the data subject; at least partially in response to receiving the data subject access request, determining, by at least one computer processor, whether the data subject access request was initiated by an automated source; in response to determining that the data subject access request was initiated by an automated source, automatically taking at least one action, by at least one computer processor, to have the data subject access request reinitiated by a human source, wherein the at least one action comprises, at least partially in response to receiving the data subject access request; (i) generating a unique, temporary uniform resource locator (URL) based on the unique session ID; and (ii) at least temporarily providing access to an electronic form for completing a second data subject access request at the unique URL; and at least partially in response to determining that the data subject access request was initiated by a human, automatically facilitating the fulfillment of the data subject access request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable medium storing computer-executable instructions for:
-
receiving a data subject access request that requests data regarding a particular data subject, the data subject access request comprising a request to execute at least one action selected from a group consisting of; (a) deleting personal data of the data subject; (b) modifying personal data of the data subject; and (c) providing information regarding the use, by a particular entity, of the data subject'"'"'s personal data; at least partially in response to receiving the data subject access request, determining the data subject based on the data subject access request; at least partially in response to receiving the data subject access request, generating a unique session ID based on the data subject; associating, in a computer memory, the unique session ID with the data subject; at least partially in response to receiving the data subject access request, determining whether the data subject access request was initiated was initiated robotically; at least partially in response to determining that the data subject access request was initiated robotically; (i) preventing fulfillment of the robotically-generated data subject access request; (ii) generating a unique, temporary uniform resource locator (URL) based on the unique session ID; and (iii) at least temporarily providing access to an electronic form for completing a second data subject access request at the unique URL; and at least partially in response to determining that the data subject access request was initiated by a human, automatically facilitating the fulfillment of the data subject access request. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer system for processing data subject access requests, the system comprising:
-
at least one computer processor; and computer memory storing computer-executable instructions that, when executed by the at least one computer processor, are operable for; receiving, by the at least one computer processor, a data subject access request that requests data regarding a data subject, the data subject access request comprising a request to execute at least one action selected from a group consisting of; (a) deleting personal data of the data subject; (b) modifying personal data of the data subject; and (c) providing personal data of the data subject; at least partially in response to receiving the data subject access request, determining, by the at least one computer processor, the data subject based on the data subject access request; at least partially in response to receiving the data subject access request, generating, by the at least one computer processor, a unique session ID based on the data subject; associating, by the at least one computer processor in the computer memory, the unique session ID with the data subject; at least partially in response to receiving the data subject access request, determining, by the at least one processor, whether the data subject access request was submitted by an automated source; at least partially in response to determining that the data subject access request was submitted by an automated source, automatically taking at least one defensive action, by the at least one computer processor, to block a successful submission of the data subject access request by the automated source and to instead have the data subject access request resubmitted by a human source, wherein the at least one defensive action comprises; (i) preventing fulfillment of the data subject access request submitted by the automated source; (ii) generating a unique, temporary uniform resource locator (URL) based on the session ID; and at least temporarily providing access to an electronic form for completing a second data subject access request at the unique URL; and at least partially in response to determining that the data subject access request was submitted by a human, automatically facilitating, by the at least one computer processor, the fulfillment of the data subject access request. - View Dependent Claims (24, 25, 26, 27)
-
Specification