Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns
First Claim
1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
- displaying on a graphical user interface a prompt to create an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
receiving a command to create an electronic record for the privacy campaign;
creating an electronic record for the privacy campaign and digitally storing the record;
presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign;
electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of;
a description of the campaign;
an identification of one or more types of personal data collected as part of the campaign;
at least one subject from which the personal data was collected;
a storage location where the personal data is to be stored; and
data indicating who will have access to the personal data;
processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;
digitally storing the campaign data associated with the record for the campaign;
using one or more computer processors, calculating a risk level for the campaign based on the campaign data and electronically associating the risk level with the record for the campaign, wherein calculating the risk level for the campaign comprises;
electronically retrieving, from a database, the campaign data associated with the record for the campaign;
electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors includes;
a nature of the personal data associated with the campaign;
a physical location of the personal data associated with the campaign;
a number of individuals having access to the personal data associated with the campaign;
a length of time that the personal data associated with the campaign will be retained in storage;
a type of individual from which the personal data associated with the campaign originated; and
a country of residence of at least one subject from which the personal data was collected;
electronically determining a relative risk rating for each of the plurality of risk factors; and
electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and
digitally storing the risk level associated with the record for the campaign.
2 Assignments
1 Petition
Accused Products
Abstract
Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.
-
Citations
25 Claims
-
1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
-
displaying on a graphical user interface a prompt to create an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; receiving a command to create an electronic record for the privacy campaign; creating an electronic record for the privacy campaign and digitally storing the record; presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of; a description of the campaign; an identification of one or more types of personal data collected as part of the campaign; at least one subject from which the personal data was collected; a storage location where the personal data is to be stored; and data indicating who will have access to the personal data; processing the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing the campaign data associated with the record for the campaign; using one or more computer processors, calculating a risk level for the campaign based on the campaign data and electronically associating the risk level with the record for the campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a database, the campaign data associated with the record for the campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors includes; a nature of the personal data associated with the campaign; a physical location of the personal data associated with the campaign; a number of individuals having access to the personal data associated with the campaign; a length of time that the personal data associated with the campaign will be retained in storage; a type of individual from which the personal data associated with the campaign originated; and a country of residence of at least one subject from which the personal data was collected; electronically determining a relative risk rating for each of the plurality of risk factors; and electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and digitally storing the risk level associated with the record for the campaign. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
-
creating an electronic record for a privacy campaign and digitally storing the record, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of; a description of the campaign; an identification of one or more types of personal data collected as part of the campaign; at least one subject from which the personal data was collected; a storage location where the personal data is to be stored; and data indicating who will have access to the personal data; initiating electronic communications to facilitate the input of campaign data by the one or more users; processing the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing the campaign data associated with the record for the campaign; calculating a risk level for the campaign based on the campaign data and electronically associating the risk level with the record for the campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a database, the campaign data associated with the record for the campaign; electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors includes; a nature of the personal data associated with the campaign; a physical location of the personal data associated with the campaign; a number of individuals having access to the personal data associated with the campaign; a length of time that the personal data associated with the campaign will be retained in storage; a type of individual from Which the personal data associated with the campaign originated; and a country of residence of at least one subject from which the personal data was collected; electronically assigning a relative risk rating for each of the plurality of factors, and electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and digitally storing the risk level associated with the record for the campaign. - View Dependent Claims (22, 23, 24, 25)
-
Specification