Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications

US 9,898,769 B2
Filed: 06/10/2017
Issued: 02/20/2018
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data inputs comprising:

providing a software application for installation on a mobile computing device;

displaying on a graphical user interface, via the software application, a prompt to create an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;

receiving a command to create an electronic record for the privacy campaign;

creating an electronic record for the privacy campaign and digitally storing the record;

presenting, on one or more graphical user interfaces, a plurality of prompts for the input of campaign data related to the privacy campaign;

electronically receiving campaign data input by one or more users via the graphical user interface, wherein the campaign data identifies each of;

a description of the campaign;

one or more types of personal data related to the campaign;

a subject from which the personal data was collected;

the storage of the personal data; and

access to the personal data;

processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;

receiving, via the software application, one or more inputs related to the privacy campaign, the one or more inputs comprising an image of a privacy incident captured using the mobile computing device;

automatically scanning the image of the privacy incident;

analyzing the scanned image to identify the privacy campaign associated with the privacy incident;

modifying the electronic record for the privacy campaign based at least in part on the one or more inputs;

,analyzing the image to identify one or more contents in the image;

determining, based at least in part on the one or more contents, whether to modify a risk level for the privacy campaign; and

in response to determining to modify the risk level, calculating an updated risk level for the privacy campaign by;

identifying a plurality of risk factors for the privacy campaign, wherein each of the plurality of risk factors has an associated weighting factor and the plurality of risk factors includes;

a type of the personal data collected as part of the privacy campaign; and

storage information for the personal data collected as part of the privacy campaign;

electronically modifying the associated weighting factor for at least one of the plurality factors;

after modifying the associated weighting factor for at least one of the plurality of risk factors, electronically calculating the updated risk level of the privacy campaign based upon, for each respective one of the plurality of risk factors, the weighting factor for the risk factor; and

digitally storing the updated risk level associated with the record for the campaign.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods for receiving data regarding a plurality of data privacy campaigns and for using that data to modify stored data associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) automatically assess and display a relative risk associated with each campaign; and (3) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign. In some embodiments, the system is configured to provide a mobile application via which a user may view information related to the privacy campaign, modify that data, etc.

385 Citations

20 Claims

1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a risk level for the privacy campaign based on the data inputs comprising:
- providing a software application for installation on a mobile computing device;
  
  displaying on a graphical user interface, via the software application, a prompt to create an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
  
  receiving a command to create an electronic record for the privacy campaign;
  
  creating an electronic record for the privacy campaign and digitally storing the record;
  
  presenting, on one or more graphical user interfaces, a plurality of prompts for the input of campaign data related to the privacy campaign;
  
  electronically receiving campaign data input by one or more users via the graphical user interface, wherein the campaign data identifies each of;
  
  a description of the campaign;
  
  one or more types of personal data related to the campaign;
  
  a subject from which the personal data was collected;
  
  the storage of the personal data; and
  
  access to the personal data;
  
  processing the campaign data by electronically associating the campaign data with the record for the privacy campaign;
  
  receiving, via the software application, one or more inputs related to the privacy campaign, the one or more inputs comprising an image of a privacy incident captured using the mobile computing device;
  
  automatically scanning the image of the privacy incident;
  
  analyzing the scanned image to identify the privacy campaign associated with the privacy incident;
  
  modifying the electronic record for the privacy campaign based at least in part on the one or more inputs;
  
  ,analyzing the image to identify one or more contents in the image;
  
  determining, based at least in part on the one or more contents, whether to modify a risk level for the privacy campaign; and
  
  in response to determining to modify the risk level, calculating an updated risk level for the privacy campaign by;
  
  identifying a plurality of risk factors for the privacy campaign, wherein each of the plurality of risk factors has an associated weighting factor and the plurality of risk factors includes;
  
  a type of the personal data collected as part of the privacy campaign; and
  
  storage information for the personal data collected as part of the privacy campaign;
  
  electronically modifying the associated weighting factor for at least one of the plurality factors;
  
  after modifying the associated weighting factor for at least one of the plurality of risk factors, electronically calculating the updated risk level of the privacy campaign based upon, for each respective one of the plurality of risk factors, the weighting factor for the risk factor; and
  
  digitally storing the updated risk level associated with the record for the campaign.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented data processing method of claim 1, wherein the method further comprises:
    - electronically calculating the updated risk level for the campaign based upon one or more factors selected from the group consisting of;
      
      a nature of the personal data associated with the campaign;
      
      a physical storage location of the personal data associated with the campaign;
      
      a length of time that the personal data associated with the campaign will be retained in storage; and
      
      a type of individual from which the personal data associated with the campaign originated; and
      
      digitally storing the updated risk level associated with the record for the campaign.
  - 3. The computer-implemented data processing method of claim 1, wherein the one or more inputs comprise one or more images of one or more privacy incidents.
  - 4. The computer-implemented data processing method of claim 3, wherein:
    - the one or more images comprise one or more pieces of the personal data; and
      
      the method further comprises analyzing the one or more images to identify the one or more pieces of personal data.
  - 5. The computer-implemented data processing method of claim 4, wherein modifying the electronic record for the privacy campaign based at least in part on the one or more inputs comprises adjusting the risk level associated with the privacy campaign based on the one or more pieces of personal data.
  - 6. The computer-implemented data processing method of claim 4, wherein modifying the electronic record for the privacy campaign based at least in part on the one or more inputs comprises modifying an audit schedule of the privacy campaign based on the one or more pieces of personal data.
  - 7. The computer-implemented data processing method of claim 4, wherein the one or more images are one or more images selected from the group consisting of:
    - one or more images captured with an imaging device associated with the mobile computing device; and
      
      one or more screenshots from a display screen associated with the mobile computing device.
  - 8. The computer-implemented data processing method of claim 1, wherein:
    - the method further comprises measuring a privacy maturity of a particular organization;
      
      the one or more inputs related to the privacy campaign comprise one or more responses to one or more training questionnaires; and
      
      measuring the privacy maturity of the particular organization comprises modifying the measured privacy maturity based at least on part on the one or more responses.
  - 9. The computer-implemented data processing method of claim 8, further comprising:
    - modifying a risk level associated with the privacy campaign based at least in part on the measured privacy maturity.

10. A computer-implemented data processing method comprising:
- providing a software application for installation on a mobile computing device;
  
  displaying on a graphical user interface, via the software application, a prompt to modify an electronic record for a privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
  
  receiving, from a user of the mobile computing device, first information associated with the privacy campaign;
  
  modifying the electronic record for the privacy campaign based at least in part on the first information;
  
  receiving, via the software application, an input of second information related to the privacy campaign, wherein the second information comprises an image of a particular privacy incident,scanning one or more contents of the second information;
  
  identifying one or more keywords in the one or more contents of the second information;
  
  determining, based at least in apart on the one or more keywords identified in the second information, whether to modify a risk level for the particular privacy campaign; and
  
  in response to determining to modify the risk level;
  
  modifying at least one weighting factor of a plurality of weighting factors used to calculate the risk level, wherein each of the plurality of weighting factors is associated with a respective piece of the first information; and
  
  calculating an updated risk level for the privacy campaign based at least in part on the modified at least one weighting factor, the plurality of weighting factors, and each perspective piece of the first information; and
  
  displaying, on the graphical user interface, the second information associated with the privacy campaign, wherein;
  
  the second information comprises information selected from a group consisting of;
  
  one or more responses to one or more screening questions;
  
  one or more pieces of information related to the particular privacy incident associated with the privacy campaign;
  
  one or more response to one or more training quizzes.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The computer-implemented data processing method of claim 10, wherein:
    - the first information comprises the one or more pieces of information related to the particular privacy incident; and
      
      the method further comprises;
      
      analyzing the one or more pieces of information related to the particular privacy incident; and
      
      modifying an audit schedule for the privacy campaign based at least in part on the analysis.
  - 12. The computer-implemented data processing method of claim 11, wherein the one or more pieces of information related to the particular privacy incident comprise at least one unique identifier associated with the campaign.
  - 13. The computer-implemented data processing method of claim 12, wherein the electronic record digitally stores campaign data related to a privacy campaign, and the campaign data identifies each of:
    - a description of the privacy campaign;
      
      one or more types of personal data related to the privacy campaign;
      
      a subject from which the personal data was collected;
      
      a storage location of the personal data; and
      
      one or more access permissions related to the personal data.
  - 14. The computer-implemented data processing method of claim 13, wherein modifying the electronic record for the privacy campaign based at least in part on the first information comprises populating the campaign data in the electronic record based at least in part on the first information.
  - 15. The computer-implemented data processing method of claim 14, further comprising calculating risk level for the privacy campaign based on the campaign data, wherein calculating the risk level for the campaign comprises:
    - electronically retrieving the campaign data associated with the electronic record for the campaign;
      
      electronically determining a plurality of weighting factors for the campaign, wherein the plurality of weighting factors are based upon a plurality of factors including;
      
      a nature of the personal data associated with the campaign;
      
      a physical storage location of the personal data associated with the campaign;
      
      a length of time that the personal data associated with the campaign will be retained in storage; and
      
      a type of individual from which the personal data associated with the campaign originated;
      
      electronically assigning a relative risk rating for each of the plurality of factors; and
      
      electronically calculating a risk level for the campaign based upon the plurality of weighting factors and the relative risk rating for each of the plurality of factors; and
      
      digitally storing the risk level associated with the record for the campaign.
  - 16. The computer-implemented data processing method of claim 14, wherein modifying the electronic record for the privacy campaign based at least in part on the first information comprises:
    - calculating the risk level for the campaign based on the first information; and
      
      modifying the risk level based at least in part on the first information.
  - 17. The computer-implemented data processing method of claim 16, further comprising electronically determining an audit schedule for the campaign based at least in part on the risk level.
  - 18. The computer-implemented data processing method of claim 10, wherein the first information associated with the privacy campaign comprises one or more images captured using one or more imaging devices of the mobile computing device.
  - 19. The computer-implemented data processing method of claim 10, wherein the method further comprises analyzing the one or more images to identify the first information.
  - 20. The computer-implemented data processing method of claim 19, wherein the method further comprises analyzing the one or more images to identify the privacy campaign.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Ouellette, Jonathan P

Application Number

US15/619,451
Publication Number

US 20170287033A1
Time in Patent Office

255 Days
Field of Search

705 11-912, 705325
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06Q 10/063114   Status monitoring or status...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

385 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

385 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links