DATA PROCESSING SYSTEMS FOR THE IDENTIFICATION AND DELETION OF PERSONAL DATA IN COMPUTER SYSTEMS

US 20190332803A1
Filed: 07/08/2019
Published: 10/31/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for processing a request to delete personal data associated with a data subject from one or more computer systems of an organization, the method comprising:

receiving, by one or more computer processors, a request from a data subject to delete the personal data associated with the data subject from one or more computer systems of an organization; and

at least partially in response to receiving the request;

processing the request by one or more computer processors;

automatically identifying, by one or more computer processors, one or more computing devices on the one or more computer systems on which the personal data associated with the data subject is stored; and

in response to determining, by one or more computer processors, the one or more computing devices storing the personal data associated with the data subject, automatically facilitating the deletion of the personal data associated with the data subject from the one or more computing devices.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In particular embodiments, in response a data subject submitting a request to delete their personal data from an organization'"'"'s systems, the system may: (1) automatically determine where the data subject'"'"'s personal data is stored; and (2) in response to determining the location of the data (which may be on multiple computing systems), automatically facilitate the deletion of the data subject'"'"'s personal data from the various systems (e.g., by automatically assigning a plurality of tasks to delete data across multiple business systems to effectively delete the data subject'"'"'s personal data from the systems).

Citations

20 Claims

1. A computer-implemented data processing method for processing a request to delete personal data associated with a data subject from one or more computer systems of an organization, the method comprising:
- receiving, by one or more computer processors, a request from a data subject to delete the personal data associated with the data subject from one or more computer systems of an organization; and
  
  at least partially in response to receiving the request;
  
  processing the request by one or more computer processors;
  
  automatically identifying, by one or more computer processors, one or more computing devices on the one or more computer systems on which the personal data associated with the data subject is stored; and
  
  in response to determining, by one or more computer processors, the one or more computing devices storing the personal data associated with the data subject, automatically facilitating the deletion of the personal data associated with the data subject from the one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented data processing method of claim 1, wherein automatically facilitating the deletion of the personal data associated with the data subject from the one or more computing devices comprises overwriting the personal data associated with the data subject from computer memory associated with the one or more computing devices.
  - 3. The computer-implemented data processing method of claim 1, wherein the step of identifying the one or more computing devices on which the personal data associated with the data subject is stored comprises using a data model to make the identification, the data model comprising information regarding a respective storage location of a plurality of different items of personal data associated with the data subject.
  - 4. The computer-implemented data processing method of claim 3, the method further comprising:
    - accessing, by one or more processors, the data model, the data model defining;
      
      at least one storage location utilized in the storage of a plurality of personal data as part of a processing activity;
      
      at least one transfer location to which the at least one storage location transfers the plurality of personal data; and
      
      scanning, by one or more processors, using a unique identifier associated with the data subject, the plurality of personal data to identify the personal data associated with the data subject.
  - 5. The computer-implemented data processing method of claim 4, wherein facilitating the deletion of the personal data associated with the data subject from the one or more computing devices comprises facilitating the deletion from the at least one storage location and the at least one transfer location.
  - 6. The computer-implemented data processing method of claim 4, wherein the unique identifier associated with the data subject comprises a unique identifier generated in response to consent provided by the data subject for the initial storage of the personal data associated with the data subject as part of the processing activity.
  - 7. The computer-implemented data processing method of claim 1, wherein one or more computing devices on the one or more computer systems on which the personal data associated with the data subject is stored comprises identifying the one or more computing devices using one or more data modeling means.
  - 8. The computer-implemented data processing method of claim 1, wherein:
    - processing the request comprises identifying a first processing activity under which the data subject has previously provided consent for the collection of personal data;
      
      the method further comprises;
      
      electronically accessing a first data inventory associated with the first processing activity, the first data inventory identifying;
      
      a first data asset of the one or more computer systems on which the personal data collected as part of the first processing activity is stored;
      
      transfer data associated with the first data asset; and
      
      access data associated with the first data asset; and
      
      facilitating the deletion of the personal data associated with the data subject from the one or more computing devices by;
      
      automatically assigning a first task to delete the personal data associated with the data subject from the first data asset;
      
      identifying a second data asset based at least in part on the transfer data;
      
      automatically assigning a second task to delete the personal data associated with the data subject from the second data asset;
      
      identifying a third data asset based at least in part on the access data; and
      
      automatically assigning a third task to delete the personal data associated with the data subject from the third data asset.

9. A computer-implemented data processing method for deleting one or more pieces of personal data in response to a data subject access request, the method comprising:
- receiving, using one or more electronic receiving means, a data subject access request from a requestor comprising one or more request parameters;
  
  processing the request by identifying, using one or more data mapping means, a respective storage location of each of the one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization;
  
  determining whether the one or more request parameters comprise a request to delete the one or more pieces of personal data; and
  
  in response to determining that the one or more request parameters comprise the request to delete, automatically facilitating the deletion, using one or more data deletion means, the one or more pieces of personal data.
- View Dependent Claims (10)
- - 10. The computer-implemented data processing method of claim 9, wherein:
    - the method further comprises identifying, using one or more consent receipt management means, one or more processing activities undertaken by the particular organization that involved the storage of the one or more pieces of personal data; and
      
      processing the request further comprises identifying the respective storage location of each of the one or more pieces of personal data based at least in part on storage data associated with the one or more processing activities.

11. A personal data processing and deletion system comprising;
- one or more processors;
  
  one or more data assets that store a plurality of personal data associated with a plurality of data subjects, each piece of the plurality of personal data being associated with a respective particular processing activity of a plurality of processing activities undertaken by an organization; and
  
  computer memory, wherein;
  
  the computer memory stores one or more data models defining one or more data transfers among the one or more data assets; and
  
  the data processing and deletion system is configured for;
  
  receiving a first data subject request associated with a first data subject from a remote computing device, the first data subject request comprising a request to delete one or more first pieces of personal data from the personal data processing and deletion system, one or more first pieces of personal data being associated with the first data subject;
  
  in response to receiving the first data subject request, identifying, based at least in part on the one or more data models and the plurality of processing activities undertaken by the organization, a respective storage location of each of the one or more first pieces of personal data on the one or more data assets; and
  
  in response to identifying the storage location of each of the one or more pieces of personal data, automatically facilitating the deletion of each of the one or more first pieces of personal data from each respective storage location.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The personal data processing and deletion system of claim 11, wherein automatically facilitating the deletion of each of the one or more first pieces of personal data from each respective storage location comprises overwriting each of the one or more first pieces of personal data at each respective storage location.
  - 13. The personal data processing and deletion system of claim 11, identifying the respective storage location of each of the one or more first pieces of personal data on the one or more data assets comprises:
    - determining, for each of the plurality of processing activities, whether the first data subject provided valid consent for collection, by the personal data processing and deletion system, of the one or more first pieces of personal data;
      
      in response to determining that the first data subject provided valid consent for the collection of the one or more first pieces of personal data for a first particular processing activity of the plurality of processing activities, identifying one or more storage locations on the one or more data assets associated with the first particular processing activity; and
      
      automatically deleting the one or more first pieces of personal data from the one or more storage locations.
  - 14. The personal data processing and deletion system of claim 13, wherein determining whether the first data subject provided valid consent for the collection of the one or more first pieces of personal data for a first particular processing activity of the plurality of processing activities comprises:
    - identifying a unique identifier associated with the first data subject generated in response to the first data subject providing the valid consent; and
      
      scanning a consent receipt management system to identify the first particular processing activity based at least in part on the unique identifier.
  - 15. The personal data processing and deletion system of claim 14, wherein the personal data processing and deletion system is further configured for scanning the one or more data assets using the unique identifier to identify the respective storage location of each of the one or more first pieces of personal data on the one or more data assets.
  - 16. The personal data processing and deletion system of claim 14, wherein the personal data processing and deletion system is further configured for, in response to receiving the first data subject request, electronically disassociating the unique identifier and each of the plurality of processing activities.
  - 17. The personal data processing and deletion system of claim 11, wherein identifying, based at least in part on the one or more data models and the plurality of processing activities undertaken by the organization, the respective storage location of each of the one or more first pieces of personal data on the one or more data assets comprises:
    - accessing each of the one or more data models;
      
      scanning each of the one or more data assets based on the one or more data models to identify one or more data attributes associated with each of the one or more data assets; and
      
      analyzing each of the one or more data attributes to identify the one or more first pieces of personal data.
  - 18. The personal data processing and deletion system of claim 17, wherein:
    - analyzing each of the one or more data attributes to identify the one or more first pieces of personal data comprises scanning the one or more data attributes using an identifier associated with the first data asset to locate particular data attributes that contain any of the one or more first pieces of personal data; and
      
      the personal data processing and deletion system is further configured for causing the deletion of the particular data attributes.
  - 19. The personal data processing and deletion system of claim 11, wherein the personal data processing and deletion system is further configured for:
    - electronically accessing a first data inventory associated with the first processing activity, the first data inventory identifying;
      
      a first data asset of the plurality of data assets;
      
      transfer data associated with the first data asset; and
      
      access data associated with the first data asset; and
      
      facilitating the deletion of each of the one or more first pieces of personal data by;
      
      automatically assigning a first task to delete the one or more first pieces of personal data from the first data asset;
      
      identifying a second data asset of the plurality of data assets based at least in part on the transfer data;
      
      automatically assigning a second task to delete the one or more first pieces of personal data from the second data asset;
      
      identifying a third data asset of the plurality of data assets based at least in part on the access data; and
      
      automatically assigning a third task to delete the one or more first pieces of personal data from the third data asset.
  - 20. The personal data processing and deletion system of claim 19, wherein automatically assigning the first task to delete the one or more first pieces of personal data from the first data asset comprises causing the personal data processing and deletion system to mark one or more memory addresses associated with the one or more first pieces of personal data as free.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Sabourin, Jason L., Brannon, Jonathan Blake, Karanjkar, Mihir S., Jones, Kevin

Granted Patent

US 10,776,514 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 15/76   Architectures of general pu...

G06F 21/552   involving long-term monitor...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 3/0605   by facilitating the interac...

G06F 3/0608   Saving storage space on sto...

G06F 3/0611   in relation to response time

G06F 3/0652   Erasing, e.g. deleting, dat...

G06F 3/067   Distributed or networked st...

G06F 9/4843   by program, e.g. task dispa...

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

DATA PROCESSING SYSTEMS FOR THE IDENTIFICATION AND DELETION OF PERSONAL DATA IN COMPUTER SYSTEMS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROCESSING SYSTEMS FOR THE IDENTIFICATION AND DELETION OF PERSONAL DATA IN COMPUTER SYSTEMS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links