Data processing systems and methods for efficiently assessing the risk of privacy campaigns

US 9,892,442 B2
Filed: 06/09/2017
Issued: 02/13/2018
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:

receiving, by one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding a particular vendor, product or service to be used as part of the privacy campaign;

after receiving the completed privacy template, receiving, from a user, a particular weighting factor that is to be applied to at least a particular one of the question/answer pairings in processing data to calculate a risk rating for the privacy campaign;

after receiving the particular weighting factor, using the particular weighting factor and the content of the particular question/answer pairing to calculate a risk rating for the privacy campaign by;

identifying a respective weighting factor for each of the plurality of question/answer pairings, wherein the plurality of question answer pairings identify at least;

a nature of data collected by the particular vendor, product or service to be used as part of the privacy campaign;

a physical storage location of the data collected by the particular vendor, product or service to be used as part of the privacy campaign;

a number of individuals having access to the data collected by the particular vendor, product or service to be used as part of the privacy campaign; and

a type of individual from which the data is collected by the particular vendor, product or service to be used as part of the privacy campaign;

electronically determining a relative risk rating for each of the plurality of question/answer pairings; and

electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;

determining whether the risk rating for the privacy campaign meets certain pre-determined criteria; and

in response to determining that the risk rating for the privacy campaign does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the privacy campaign does not satisfy the pre-determined criteria.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities'"'"' respective business endeavors that involve the relevant vendors, products, or services.

386 Citations

23 Claims

1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding a particular vendor, product or service to be used as part of the privacy campaign;
  
  after receiving the completed privacy template, receiving, from a user, a particular weighting factor that is to be applied to at least a particular one of the question/answer pairings in processing data to calculate a risk rating for the privacy campaign;
  
  after receiving the particular weighting factor, using the particular weighting factor and the content of the particular question/answer pairing to calculate a risk rating for the privacy campaign by;
  
  identifying a respective weighting factor for each of the plurality of question/answer pairings, wherein the plurality of question answer pairings identify at least;
  
  a nature of data collected by the particular vendor, product or service to be used as part of the privacy campaign;
  
  a physical storage location of the data collected by the particular vendor, product or service to be used as part of the privacy campaign;
  
  a number of individuals having access to the data collected by the particular vendor, product or service to be used as part of the privacy campaign; and
  
  a type of individual from which the data is collected by the particular vendor, product or service to be used as part of the privacy campaign;
  
  electronically determining a relative risk rating for each of the plurality of question/answer pairings; and
  
  electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;
  
  determining whether the risk rating for the privacy campaign meets certain pre-determined criteria; and
  
  in response to determining that the risk rating for the privacy campaign does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the privacy campaign does not satisfy the pre-determined criteria.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented data processing method of claim 1, wherein:
    - the particular weighting factor is a first weighting factor;
      
      the particular one of the question/answer pairings is a first particular one of the question/answer pairings;
      
      the risk rating for the privacy campaign is a first risk rating for the privacy campaign; and
      
      the system is further adapted for;
      
      receiving, by one or more computer processors, an updated version of the completed privacy template from the centralized repository of completed privacy templates, the updated completed privacy template comprising an updated plurality of question/answer pairings regarding the particular vendor, product or service;
      
      after receiving the updated completed privacy template, receiving, from a user, a second weighting factor that is to be applied to at least a specific one of the question/answer pairings in calculating a risk rating for the privacy campaign;
      
      after receiving the second weighting factor, using the second weighting factor and the content of the specific question/answer pairing to calculate a second risk rating for the privacy campaign;
      
      determining whether the second risk rating for the privacy campaign meets particular pre-determined criteria; and
      
      in response to determining that the second risk rating for the privacy campaign does not satisfy the particular pre-determined criteria, generating an alert to a user indicating that the second risk rating for the privacy campaign does not satisfy the particular pre-determined criteria.
  - 3. The computer-implemented data processing method of claim 1, further comprising facilitating, by one or more computer processors, a selection of one or more of the question/answer pairings to not consider in calculating the risk rating for the privacy campaign;
    - andin response to receiving the selection, not considering the question/answer pairing in calculating the risk rating for the privacy campaign.
  - 4. The computer-implemented data processing method of claim 1, wherein the completed privacy template has been centrally pre-audited prior to the step of receiving, by one or more computer processors, the completed privacy template from a centralized repository of completed privacy templates.

5. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a particular vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor, the plurality of question answer pairings comprising each of;
  
  an identification of one or more types of personal data collected by the particular product or service;
  
  storage information for one or more pieces of personal data collected by the particular product or service; and
  
  access permission data associated with the one or more pieces of personal data collected by the particular product or service;
  
  in response to receiving the completed privacy template, automatically coordinating, by one or more computer processors, an audit of the completed privacy template, wherein;
  
  coordinating the audit comprises calculating a risk rating for the particular product or service provided by the vendor based at least in part on the one or more types of personal data collected by the particular product or service, the storage information for the one or more pieces of personal data collected by the particular product or service, and the access permission data associated with the one or more nieces of personal data collected by the particular product or service by; and
  
  calculating the risk rating for the particular product or service comprises;
  
  identifying a weighting factor for each of the plurality of question/answer pairings;
  
  electronically determining a relative risk rating for each of the plurality of question/answer pairings; and
  
  electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;
  
  digitally storing the risk level for the particular product or service and the audited privacy template in computer memory; and
  
  after the audit is complete, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template.
- View Dependent Claims (6, 7)
- - 6. The computer-implemented method of claim 5, further comprising:
    - receiving, by one or more computer processors, an updated version of the completed privacy template, the updated completed privacy template comprising an updated plurality of question/answer pairings regarding the particular vendor, product or service;
      
      in response to receiving the updated completed privacy template, automatically coordinating, by one or more computer processors, an audit of the updated completed privacy template; and
      
      after the audit of the updated completed privacy template is complete, facilitating the electronic transfer of the audited updated completed privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template.
  - 7. The computer-implemented method of claim 5, wherein the audit of the completed privacy template is an audit for compliance with one or more privacy standards.

8. A computer-implemented data processing method for providing templates having privacy audit results comprising:
- digitally storing a plurality of sets of digital data comprising audit results in an electronic repository, wherein;
  
  each of the plurality of sets of digital data relate to software provided by a vendor;
  
  the audit results comprise prompts and responses that relate to compliance with one or more assessment standards related to privacy, and wherein;
  
  the prompts and responses have been audited for privacy compliance; and
  
  the method comprises determining the audit results by calculating a risk level for each of the plurality of sets of digital data by;
  
  identifying a weighting factor for each of the prompts and response, the prompts and responses including;
  
  an identification of a type of personal data collected by the software provided by the vendor;
  
  an identification of a physical storage location of the personal data collected by the software; and
  
  an identification of a length of time that the personal data collected by the software will be stored;
  
  electronically determining a relative risk rating for each of the prompts and responses; and
  
  electronically calculating the risk level based upon, for each of the prompts and responses, the relative risk rating and the weighting factor;
  
  displaying, in a graphical user interface, a plurality of visual representations, each visual representation corresponding to one of the plurality of sets of digital data comprising the audit results;
  
  receiving a selection by a customer indicating a desire to acquire rights to use one or more of the plurality of sets of digital data comprising the audit results; and
  
  in response to the customer selection, electronically making available for access to the customer one or more of the plurality of sets of digital data comprising the audit results.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The data processing method of claim 8, wherein each of the plurality of sets of digital data comprises a data element relating to a classification of the software to which each set of digital data relates.
  - 10. The data processing method of claim 9, wherein displaying in a graphical user interface the plurality of visual representations further comprises displaying a subset of the plurality of visual representations based on a command by the customer to display the visual representations based on the classification of the software.
  - 11. The data processing method of claim 8, wherein electronically making available for access to the customer comprises associating the one or more of the plurality of sets of digital data comprising the audit results with an account of the customer.
  - 12. The data processing method of claim 8, further comprising displaying on a display device of the customer one or more visual representations of the one or more of the plurality of sets of digital data associated with the customer'"'"'s account.

13. A computer-implemented data processing method for selecting audit results of a template for use with privacy audits associated with a privacy campaign comprising:
- receiving a customer command to add a privacy campaign, the privacy campaign having associated with it a software application;
  
  receiving an electronic selection by a customer indicating a desire to associate with the privacy campaign a set of digital data comprising audit results, wherein;
  
  the audit results comprise prompts and responses that relate to compliance with one or more assessment standards related to privacy, and wherein the method comprises auditing the prompts and responses for privacy compliance by;
  
  identifying a weighting factor for each of the prompts and responses, the prompts and responses including;
  
  an identification of a type of personal data collected by the software application;
  
  an identification of a physical storage location of the personal data collected by the software application; and
  
  an identification of a length of time that the personal data collected by the software application will be stored;
  
  electronically determining a relative risk rating for each of the prompts and responses;
  
  electronically calculating a risk level based upon, for each of the prompts and responses, the relative risk rating and the weighting factor, andassociating the risk level with the audit results;
  
  associating the set of digital data selected by the customer with the privacy campaign;
  
  digitally storing the set of digital data selected by the customer as an electronic record associated with the privacy campaign.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The data processing method of claim 13, wherein the software application is provided by a third party to the customer.
  - 15. The data processing method of claim 13, further comprising:
    - displaying one or more audit results of the set of digital data on a graphical user interface using one or more visual indicators selected from a group consisting of;
      
      an icon, a tile, a folder, an image, and a filename.
  - 16. The data processing method of claim 15, wherein displaying one or more audit results further comprises:
    - storing a data element regarding the one or more assessment standards to which each of the one or more audit results relate; and
      
      using the data element to digitally determine which audit results of the one of the plurality of first sets of digital data associated with the privacy campaign to display based on a customer'"'"'s selection of an assessment standard; and
      
      displaying the one or more audit results based on the data element regarding the one or more assessment standards.
  - 17. The data processing method of claim 13, further comprising:
    - displaying a selector associated with each audit result that allows a customer to choose whether to include the audit results with the privacy campaign.
  - 18. The data processing method of claim 17, further comprising:
    - receiving an electronic input from the customer assigning a relative risk rating to each audit result that the customer chooses to include with the privacy campaign; and
      
      using the relative risk rating for each audit result to determine an aggregate risk score associated with the software application associated with the privacy campaign.
  - 19. The data processing method of claim 17, further comprising:
    - receiving an electronic input from the customer assigning a relative risk rating to each audit result that the customer chooses to include; and
      
      receiving an electronic input from the customer assigning a weighting factor to each audit result that the customer chooses to include; and
      
      using the relative risk rating for each audit result and the weighting factor assigned to each audit result, determining an aggregate risk score associated with the software application associated with the privacy campaign.
  - 20. The data processing method of claim 19, further comprising:
    - presenting a customer with prompts for information regarding the customer'"'"'s implementation of the software application associated with the privacy campaign, wherein the prompts regarding the customer'"'"'s implementation relates to one or more privacy assessment standards; and
      
      accepting responses to the prompts for information regarding the customer'"'"'s implementation.
  - 21. The data processing method of claim 19, further comprising:
    - receiving an electronic input from the customer assigning a relative risk rating to one or more prompts for information regarding the customer'"'"'s implementation and the responses to the prompts for information regarding the customer'"'"'s implementation; and
      
      receiving an electronic input from the customer assigning a weighting factor to one or more prompts for information regarding the customer'"'"'s implementation and the responses to the prompts for information regarding the customer'"'"'s implementation; and
      
      calculating an aggregate risk level for the privacy campaign using;
      
      the relative risk rating for each audit result and the weighting factor assigned to each audit result; and
      
      the relative risk rating for each prompt and response regarding the customer'"'"'s implementation and the weighting factor assigned for each prompt and response regarding the customer'"'"'s implementation.
  - 22. The data processing method of claim 21, further comprising:
    - receiving from the customer a command to add a new prompt regarding the customer'"'"'s implementation.
  - 23. The data processing method of claim 22, further comprising:
    - generating for display a computer-generated user interface comprising an inventory page, wherein the inventory page displays a list of a plurality of campaigns and visual indicators that relate to the risk level for each listed campaign.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Ouellette, Jonathan P

Application Number

US15/619,212
Publication Number

US 20170287030A1
Time in Patent Office

249 Days
Field of Search

705 11-912, 705325
US Class Current
CPC Class Codes

G06Q 10/063114   Status monitoring or status...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

Data processing systems and methods for efficiently assessing the risk of privacy campaigns

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

386 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Data processing systems and methods for efficiently assessing the risk of privacy campaigns

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

386 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others