Data processing systems and methods for efficiently assessing the risk of privacy campaigns
First Claim
1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding a particular vendor, product or service to be used as part of the privacy campaign;
after receiving the completed privacy template, receiving, from a user, a particular weighting factor that is to be applied to at least a particular one of the question/answer pairings in processing data to calculate a risk rating for the privacy campaign;
after receiving the particular weighting factor, using the particular weighting factor and the content of the particular question/answer pairing to calculate a risk rating for the privacy campaign by;
identifying a respective weighting factor for each of the plurality of question/answer pairings, wherein the plurality of question answer pairings identify at least;
a nature of data collected by the particular vendor, product or service to be used as part of the privacy campaign;
a physical storage location of the data collected by the particular vendor, product or service to be used as part of the privacy campaign;
a number of individuals having access to the data collected by the particular vendor, product or service to be used as part of the privacy campaign; and
a type of individual from which the data is collected by the particular vendor, product or service to be used as part of the privacy campaign;
electronically determining a relative risk rating for each of the plurality of question/answer pairings; and
electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;
determining whether the risk rating for the privacy campaign meets certain pre-determined criteria; and
in response to determining that the risk rating for the privacy campaign does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the privacy campaign does not satisfy the pre-determined criteria.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities'"'"' respective business endeavors that involve the relevant vendors, products, or services.
386 Citations
23 Claims
-
1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
-
receiving, by one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding a particular vendor, product or service to be used as part of the privacy campaign; after receiving the completed privacy template, receiving, from a user, a particular weighting factor that is to be applied to at least a particular one of the question/answer pairings in processing data to calculate a risk rating for the privacy campaign; after receiving the particular weighting factor, using the particular weighting factor and the content of the particular question/answer pairing to calculate a risk rating for the privacy campaign by; identifying a respective weighting factor for each of the plurality of question/answer pairings, wherein the plurality of question answer pairings identify at least; a nature of data collected by the particular vendor, product or service to be used as part of the privacy campaign; a physical storage location of the data collected by the particular vendor, product or service to be used as part of the privacy campaign; a number of individuals having access to the data collected by the particular vendor, product or service to be used as part of the privacy campaign; and a type of individual from which the data is collected by the particular vendor, product or service to be used as part of the privacy campaign; electronically determining a relative risk rating for each of the plurality of question/answer pairings; and electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor; determining whether the risk rating for the privacy campaign meets certain pre-determined criteria; and in response to determining that the risk rating for the privacy campaign does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the privacy campaign does not satisfy the pre-determined criteria. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
-
receiving, by one or more computer processors, a completed privacy template from a particular vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor, the plurality of question answer pairings comprising each of; an identification of one or more types of personal data collected by the particular product or service; storage information for one or more pieces of personal data collected by the particular product or service; and access permission data associated with the one or more pieces of personal data collected by the particular product or service; in response to receiving the completed privacy template, automatically coordinating, by one or more computer processors, an audit of the completed privacy template, wherein; coordinating the audit comprises calculating a risk rating for the particular product or service provided by the vendor based at least in part on the one or more types of personal data collected by the particular product or service, the storage information for the one or more pieces of personal data collected by the particular product or service, and the access permission data associated with the one or more nieces of personal data collected by the particular product or service by; and calculating the risk rating for the particular product or service comprises; identifying a weighting factor for each of the plurality of question/answer pairings; electronically determining a relative risk rating for each of the plurality of question/answer pairings; and electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor; digitally storing the risk level for the particular product or service and the audited privacy template in computer memory; and after the audit is complete, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template. - View Dependent Claims (6, 7)
-
-
8. A computer-implemented data processing method for providing templates having privacy audit results comprising:
digitally storing a plurality of sets of digital data comprising audit results in an electronic repository, wherein; each of the plurality of sets of digital data relate to software provided by a vendor; the audit results comprise prompts and responses that relate to compliance with one or more assessment standards related to privacy, and wherein; the prompts and responses have been audited for privacy compliance; and the method comprises determining the audit results by calculating a risk level for each of the plurality of sets of digital data by; identifying a weighting factor for each of the prompts and response, the prompts and responses including;
an identification of a type of personal data collected by the software provided by the vendor;
an identification of a physical storage location of the personal data collected by the software; and
an identification of a length of time that the personal data collected by the software will be stored;electronically determining a relative risk rating for each of the prompts and responses; and electronically calculating the risk level based upon, for each of the prompts and responses, the relative risk rating and the weighting factor; displaying, in a graphical user interface, a plurality of visual representations, each visual representation corresponding to one of the plurality of sets of digital data comprising the audit results; receiving a selection by a customer indicating a desire to acquire rights to use one or more of the plurality of sets of digital data comprising the audit results; and in response to the customer selection, electronically making available for access to the customer one or more of the plurality of sets of digital data comprising the audit results. - View Dependent Claims (9, 10, 11, 12)
-
13. A computer-implemented data processing method for selecting audit results of a template for use with privacy audits associated with a privacy campaign comprising:
-
receiving a customer command to add a privacy campaign, the privacy campaign having associated with it a software application; receiving an electronic selection by a customer indicating a desire to associate with the privacy campaign a set of digital data comprising audit results, wherein; the audit results comprise prompts and responses that relate to compliance with one or more assessment standards related to privacy, and wherein the method comprises auditing the prompts and responses for privacy compliance by; identifying a weighting factor for each of the prompts and responses, the prompts and responses including; an identification of a type of personal data collected by the software application; an identification of a physical storage location of the personal data collected by the software application; and an identification of a length of time that the personal data collected by the software application will be stored; electronically determining a relative risk rating for each of the prompts and responses; electronically calculating a risk level based upon, for each of the prompts and responses, the relative risk rating and the weighting factor, and associating the risk level with the audit results; associating the set of digital data selected by the customer with the privacy campaign; digitally storing the set of digital data selected by the customer as an electronic record associated with the privacy campaign. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification