Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design

US 9,851,966 B1
Filed: 06/10/2017
Issued: 12/26/2017
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for designing a product to comply with one or more privacy standards, the method comprising:

presenting, by one or more computer processors via a first computer software application, to a first set of one or more users, a plurality of questions of question/answer pairings regarding a design of the product;

receiving, by the one or more computer processors via the first computer software application, from the first set of one or more users, respective answers of the plurality of question/answer pairings regarding the design of the product;

generating, by the one or more computer processors, an initial privacy impact assessment for the product based, at least in part, on the respective answers of the plurality of question/answer pairings regarding the design of the product;

receiving, by the one or more computer processors, an implementation date for the product and saving the implementation date in a memory;

after receiving the respective answers of the plurality of question/answer pairings regarding the design of the product from the first set of one or more users, displaying, by the one or more computer processors, at least one of the respective answers of the plurality of question/answer pairings to a second set of one or more users;

after displaying the at least one of the respective answers of the plurality of question/answer pairings regarding the design of the product to the second set of one or more users, receiving, by the one or more computer processors, from the second set of users, one or more recommended steps to be implemented as part of the design of the product and before the implementation date, the one or more recommended steps comprising one or more steps facilitating the design of the product to comply with the one or more privacy standards;

in response to receiving the one or more recommended steps from the second set of one or more users, automatically, by the one or more computer processors via the first computer software application, initiating a generation of a task in a second computer software application, the second computer software application comprising project management software that is to be used in managing the design of the product, and the task being a task that, if completed, would advance a completion of the one or more recommended steps;

receiving, by the second computer software application, an indication that the task has been completed;

in response to the second computer software application receiving the indication that the task has been completed, providing, by the second computer software application, a notification that the task has been completed to the first computer software application; and

at least partially in response to the first computer software application receiving the notification that the task has been completed, generating, by the one or more computer processors, an updated privacy impact assessment for the product that reflects a fact that the task has been completed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods for: (1) receiving, via privacy data compliance software, from a first set of users, respective answers for question/answer pairings regarding the proposed design of a product; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying, via the privacy data compliance software, the plurality of question/answer pairings to a second set of users, and receiving recommended steps to be implemented, before the product'"'"'s implementation date, as part of the design of the product; (4) initiating the generation of one or more tasks in project management software that would advance the completion of the recommended steps; and (5) after the tasks have been completed, generating, by the privacy data compliance software, an updated privacy impact assessment for the product that reflects the fact that the tasks have been completed.

103 Citations

20 Claims

1. A computer-implemented data processing method for designing a product to comply with one or more privacy standards, the method comprising:
- presenting, by one or more computer processors via a first computer software application, to a first set of one or more users, a plurality of questions of question/answer pairings regarding a design of the product;
  
  receiving, by the one or more computer processors via the first computer software application, from the first set of one or more users, respective answers of the plurality of question/answer pairings regarding the design of the product;
  
  generating, by the one or more computer processors, an initial privacy impact assessment for the product based, at least in part, on the respective answers of the plurality of question/answer pairings regarding the design of the product;
  
  receiving, by the one or more computer processors, an implementation date for the product and saving the implementation date in a memory;
  
  after receiving the respective answers of the plurality of question/answer pairings regarding the design of the product from the first set of one or more users, displaying, by the one or more computer processors, at least one of the respective answers of the plurality of question/answer pairings to a second set of one or more users;
  
  after displaying the at least one of the respective answers of the plurality of question/answer pairings regarding the design of the product to the second set of one or more users, receiving, by the one or more computer processors, from the second set of users, one or more recommended steps to be implemented as part of the design of the product and before the implementation date, the one or more recommended steps comprising one or more steps facilitating the design of the product to comply with the one or more privacy standards;
  
  in response to receiving the one or more recommended steps from the second set of one or more users, automatically, by the one or more computer processors via the first computer software application, initiating a generation of a task in a second computer software application, the second computer software application comprising project management software that is to be used in managing the design of the product, and the task being a task that, if completed, would advance a completion of the one or more recommended steps;
  
  receiving, by the second computer software application, an indication that the task has been completed;
  
  in response to the second computer software application receiving the indication that the task has been completed, providing, by the second computer software application, a notification that the task has been completed to the first computer software application; and
  
  at least partially in response to the first computer software application receiving the notification that the task has been completed, generating, by the one or more computer processors, an updated privacy impact assessment for the product that reflects a fact that the task has been completed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented data processing method of claim 1, wherein the first computer software application is data privacy compliance software.
  - 3. The computer-implemented data processing method of claim 2, wherein:
    - the product is a particular software application; and
      
      the task comprises changing the particular software application to modify the way that it obtains, uses, or stores personal data.
  - 4. The computer-implemented data processing method of claim 1, wherein the updated privacy impact assessment is generated by the first computer software application.
  - 5. The computer-implemented data processing method of claim 1, wherein the product is a software application and the first set of one or more users includes one or more software developers.
  - 6. The computer-implemented data processing method of claim 5, wherein the second set of one or more users comprises one or more privacy officers.
  - 7. The computer-implemented data processing method of claim 1, wherein the implantation date is a launch date of the product.
  - 8. The computer-implemented data processing method of claim 1, wherein the product is a particular version of a particular software application.
  - 9. The computer-implemented data processing method of claim 1, wherein the product is a computerized appliance.
  - 10. The computer-implemented data processing method of claim 1, further comprising the step of displaying the updated privacy impact assessment to one or more users on a display screen.

11. A computer-implemented data processing method for designing a particular version of a software application to comply with one or more privacy standards, the method comprising:
- receiving, by the one or more processors, an implementation date of the particular version of the software application and saving the implementation date in a memory;
  
  receiving, by a project management software executed by one or more processors, from data privacy compliance software that is distinct from the project management software, one or more recommended steps for use as part of the design of the particular version of the software application before the implementation date of the particular version of the software application;
  
  in response to receiving the one or more recommended steps, automatically, by the one or more computer processors executing the project management software, generating one or more tasks within the project management software, each of the one or more tasks being a respective task that, if completed, would advance a completion of the one or more recommended steps;
  
  inserting, by the project management software executed by the one or more processors, each of the one or more respective tasks as a respective step in a series of steps to be executed in the design of the particular version of the software application so that each of the one or more respective tasks is completed prior to the implementation date;
  
  determining, by the project management software executed by the one or more processors, that each of the one or more respective tasks has been completed;
  
  in response to determining that each of the one or more respective tasks has been completed, transmitting, by the project management software to the data privacy compliance software, a notification that the one or more respective tasks have been completed;
  
  receiving, by the data privacy compliance software, the notification that the one or more respective tasks have been completed; and
  
  in response to receiving the notification, generating, by the data privacy compliance software, a privacy impact assessment for the particular version of the software application that reflects a fact that the one or more respective tasks have been completed.
- View Dependent Claims (12, 13)
- - 12. The computer-implemented data processing method of claim 11, wherein the one or more respective tasks comprises changing the particular software application to modify the way that it obtains, uses, or stores personal data.
  - 13. The computer-implemented data processing method of claim 11, further comprising the step of displaying the updated privacy impact assessment to one or more users on a display screen.

14. A non-transitory computer-readable medium storing computer-executable instructions for generating a privacy impact assessment for a particular software application, the computer-executable instructions comprising instructions for:
- presenting, to a first set of one or more users, a plurality of questions of question/answer pairings regarding the particular software application;
  
  receiving, from the first set of the one or more users, respective answers of the plurality of question/answer pairings regarding the particular software application;
  
  generating an initial privacy impact assessment for the particular software application based on the respective answers, from the first set of one or more users, of the plurality of question/answer pairings;
  
  receiving, from a second set of one or more users, one or more recommended changes to the particular software application to comply with at least one privacy regulation, the one or more recommended changes being based, at least in part, on the plurality of question/answer pairings regarding the particular software application, wherein the one or more recommended changes are implemented based on a generation of at least one task that is initiated, by data privacy compliance software, for managing changes to the particular software application;
  
  after receiving the one or more recommended changes, applying the one or more recommended changes to the particular software application; and
  
  generating an updated privacy impact assessment for the particular software application that reflects a fact that the one or more recommended changes have been applied to the particular software application.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable medium of claim 14, wherein the one or more recommended changes modify the particular software application to change the way that the particular software application obtains, uses, or stores personal data.
  - 16. The non-transitory computer-readable medium of claim 14, wherein the first set of one or more users comprises one or more software developers.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the second set of one or more users comprises one or more privacy officers.
  - 18. The non-transitory computer-readable medium of claim 14, wherein:
    - the one or more recommended changes comprise requiring personal data collected by the software to be encrypted; and
      
      the at least one task comprises revising the software so that it encrypts any personal data that it collects.
  - 19. The non-transitory computer-readable medium of claim 14, further comprising the step of displaying the updated privacy impact assessment to one or more users on a display screen.
  - 20. The non-transitory computer-readable medium of claim 14, wherein at least one question of the question/answer pairings is a question regarding what type of data the particular software application collects from one or more users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
DENG, ANNA CHEN

Application Number

US15/619,455
Publication Number

US 20170357502A1
Time in Patent Office

199 Days
Field of Search

717101
US Class Current
CPC Class Codes

G06F 8/70 Software maintenance or man...

G06Q 10/06 Resources, workflows, human...

Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links