Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns

US 9,691,090 B1
Filed: 09/02/2016
Issued: 06/27/2017
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:

displaying on a graphical user interface a prompt to create an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;

receiving a command to create an electronic record for the privacy campaign;

creating an electronic record for the privacy campaign and digitally storing the record;

presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign;

electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of;

a description of the campaign;

an identification of one or more types of personal data collected as part of the campaign;

at least one subject from which the personal data was collected;

a storage location where the personal data is to be stored; and

data indicating who will have access to the personal data;

processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;

digitally storing the campaign data associated with the record for the campaign;

using one or more computer processors, calculating a risk level for the campaign based on the campaign data and electronically associating the risk level with the record for the campaign, wherein calculating the risk level for the campaign comprises;

electronically retrieving, from a database, the campaign data associated with the record for the campaign;

electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors includes;

a nature of the personal data associated with the campaign;

a physical location of the personal data associated with the campaign;

a number of individuals having access to the personal data associated with the campaign;

a length of time that the personal data associated with the campaign will be retained in storage;

a type of individual from which the personal data associated with the campaign originated; and

a country of residence of at least one subject from which the personal data was collected;

electronically determining a relative risk rating for each of the plurality of risk factors; and

electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and

digitally storing the risk level associated with the record for the campaign.

View all claims

2 Assignments

Timeline View

Assignment View

1 Petition

Accused Products

Abstract

Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.

Citations

25 Claims

1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
- displaying on a graphical user interface a prompt to create an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
  
  receiving a command to create an electronic record for the privacy campaign;
  
  creating an electronic record for the privacy campaign and digitally storing the record;
  
  presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign;
  
  electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of;
  
  a description of the campaign;
  
  an identification of one or more types of personal data collected as part of the campaign;
  
  at least one subject from which the personal data was collected;
  
  a storage location where the personal data is to be stored; and
  
  data indicating who will have access to the personal data;
  
  processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;
  
  digitally storing the campaign data associated with the record for the campaign;
  
  using one or more computer processors, calculating a risk level for the campaign based on the campaign data and electronically associating the risk level with the record for the campaign, wherein calculating the risk level for the campaign comprises;
  
  electronically retrieving, from a database, the campaign data associated with the record for the campaign;
  
  electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors includes;
  
  a nature of the personal data associated with the campaign;
  
  a physical location of the personal data associated with the campaign;
  
  a number of individuals having access to the personal data associated with the campaign;
  
  a length of time that the personal data associated with the campaign will be retained in storage;
  
  a type of individual from which the personal data associated with the campaign originated; and
  
  a country of residence of at least one subject from which the personal data was collected;
  
  electronically determining a relative risk rating for each of the plurality of risk factors; and
  
  electronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and
  
  digitally storing the risk level associated with the record for the campaign.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the one or more users comprises an owner of the campaign.
  - 3. The method of claim 1, wherein the one or more users comprises a privacy officer, and wherein the privacy officer inputs an initial portion of the campaign data.
  - 4. The method of claim 3, wherein the initial portion of campaign data comprises the name of the campaign, the description of the campaign, and the business group responsible for administering the privacy operations related to that campaign.
  - 5. The method of claim 1, wherein the method further comprises:
    - accepting an input to add a collaborator designated by the one or more users to input campaign data;
      
      sending an electronic message to the collaborator regarding the addition of the collaborator for adding campaign data for the privacy campaign;
      
      accepting one or more inputs of campaign data from the one or more collaborators; and
      
      electronically associating the campaign data received from the input of the one or more collaborators with the record of the campaign; and
      
      digitally storing the campaign data received from the input of the collaborator with the record for the campaign.
  - 6. The method of claim 5, wherein the added collaborator comprises a business representative.
  - 7. The method of claim 1, wherein the plurality of prompts for the input of campaign data are presented to the one or more users through a series of computer-generated graphical user interfaces, wherein each of the series of computer-generated graphical user interfaces displays one or more of the plurality of prompts, and wherein each of the computer-generated graphical user interfaces are presented one at a time.
  - 8. The method claim 7, wherein one or more of the computer-generated graphical user interfaces displaying the plurality of prompts displays an indicator, wherein, upon selection of the indicator, a real-time communication session is electronically instantiated between the user and the one or more collaborators in a computer-generated window, wherein the window having the real-time communications session overlays the one or more computer generated interfaces, covering at least a portion of the computer-generated graphical user interface.
  - 9. The method of claim 1, wherein one or more fields for the entry of data inputs is automatically populated based on the data input history of the one or more users.
  - 10. The method of claim 1, wherein one or more fields for the entry of data inputs is automatically populated based on the type of campaign data entered from a previous input.
  - 11. The method of claim 1, wherein electronically receiving campaign data input by one or more users further comprises:
    - based on the input of campaign data received from the one or more users, presenting further prompts related to the campaign data that was input.
  - 12. The method of claim 1, wherein the method further comprises:
    - determining that required campaign data has not been received, andin response to determining that required campaign data has not been received, sending one or more electronic notifications that indicates that the required campaign data has not yet been provided.
  - 13. The method of claim 1, wherein the weighting factor is electronically assigned a higher numerical value if the risk associated with the factor is higher.
  - 14. The method of claim 13, wherein risk level is electronically calculated as the sum of a plurality of:
    - a weighting factor multiplied by the relative risk rating of the factor.
  - 15. The method of claim 1, wherein the method further comprises:
    - electronically retrieving the campaign record and the campaign data associated with the record; and
      
      generating for display a computer-generated user interface comprising an inventory page.
  - 16. The method of claim 15, wherein the inventory page displays a list of a plurality of campaigns and visual indicators that relate to the risk level for each listed campaign.
  - 17. The method of claim 15, wherein the method further comprises:
    - receiving login information from the one or more users;
      
      based upon the identity of the one or more users, determining which campaign-related data the one or more users is authorized to view;
      
      retrieving only the campaign data that the one or more users is authorized to view; and
      
      displaying the campaign-related data that the one or more users is authorized to view on one or more graphical user interfaces, wherein one of the graphical user interfaces comprises the inventory page.
  - 18. The method of claim 16, wherein the visual indicators represent an overall risk assessment for the campaign.
  - 19. The method of claim 16, wherein the visual indicators comprise at least one type of visual indicator selected from a group indicators consisting of:
    - an upward pointing arrow;
      
      a downward pointing arrow; and
      
      different colors for each overall risk assessment level.
  - 20. The method of claim 1, wherein the type of individual is a type of individual selected from a group consisting of:
    - (1) a minor;
      
      (2) an employee; and
      
      (3) a non-employee.

21. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data input, comprising:
- creating an electronic record for a privacy campaign and digitally storing the record, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
  
  presenting on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign;
  
  electronically receiving campaign data input by one or more users, wherein the campaign data comprises each of;
  
  a description of the campaign;
  
  an identification of one or more types of personal data collected as part of the campaign;
  
  at least one subject from which the personal data was collected;
  
  a storage location where the personal data is to be stored; and
  
  data indicating who will have access to the personal data;
  
  initiating electronic communications to facilitate the input of campaign data by the one or more users;
  
  processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;
  
  digitally storing the campaign data associated with the record for the campaign;
  
  calculating a risk level for the campaign based on the campaign data and electronically associating the risk level with the record for the campaign, wherein calculating the risk level for the campaign comprises;
  
  electronically retrieving, from a database, the campaign data associated with the record for the campaign;
  
  electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors includes;
  
  a nature of the personal data associated with the campaign;
  
  a physical location of the personal data associated with the campaign;
  
  a number of individuals having access to the personal data associated with the campaign;
  
  a length of time that the personal data associated with the campaign will be retained in storage;
  
  a type of individual from Which the personal data associated with the campaign originated; and
  
  a country of residence of at least one subject from which the personal data was collected;
  
  electronically assigning a relative risk rating for each of the plurality of factors, andelectronically calculating a risk level for the campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the risk factor; and
  
  digitally storing the risk level associated with the record for the campaign.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The method of claim 21, wherein initiating electronic communications to facilitate the input of campaign data by the one or more users comprises sending an electronic message to a collaborator assigned by the one or more users that the collaborator has been designated to provide at least a portion of campaign data.
  - 23. The method of claim 22, wherein the portion of campaign data comprises data input in response to a question.
  - 24. The method of claim 22, wherein initiating electronic communications to facilitate the input of campaign data by the one or more users comprises sending an electronic message reminding one or more collaborators that they have not yet input at least a portion of the campaign data that they were designated to input.
  - 25. The method of claim 23, wherein the electronic communications comprise a real-time communications session.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Ouellette, Jonathan

Application Number

US15/256,419
Time in Patent Office

298 Days
Field of Search

705 11-912, 705325
US Class Current
CPC Class Codes

G06F 16/958   Organisation or management ...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06Q 10/063114   Status monitoring or status...

G06Q 10/063116   Schedule adjustment for a p...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/101   Collaborative creation, e.g...

G06Q 30/018   Certifying business or prod...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/26   Government or public servic...

G06Q 50/265   Personal security, identity...

G16H 10/60   for patient-specific data, ...

G16H 40/63   for local operation

Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns

First Claim

2 Assignments

1 Petition

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns

First Claim

2 Assignments

Subscription Required

Subscription Required

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links