Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design

US 10,019,597 B2
Filed: 12/22/2017
Issued: 07/10/2018
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for efficiently managing the design of a product so that the resulting product complies with one or more privacy standards, the method comprising:

(A) identifying, by one or more processors, respective answers from a plurality of question/answer pairings regarding a proposed design of the product, wherein the respective answers in the question/answer pairings are provided by a first set of one or more users;

(B) generating, by the one or more computer processors, an initial privacy impact assessment for the product based, at least in part, on the plurality of question/answer pairings;

(C) after identifying the respective answers from the plurality of question/answer pairings regarding the proposed design of the product, displaying, by the one or more computer processors, the plurality of question/answer pairings to a second set of one or more users;

(D) after displaying at least one of the question/answer pairings to the second set of one or more users, receiving, by the one or more computer processors, from the second set of users, one or more recommended steps to be implemented as part of the proposed design of the product, the one or more recommended steps comprising one or more steps that facilitate the compliance of the product with the one or more privacy standards;

(E) in response to receiving the one or more recommended steps, automatically, by the one or more computer processors, initiating the generation of a task in a second computer software application, the second computer software application comprising project management software that is to be used in managing the design of the product, and the task being a task that, if completed, would advance the completion of the one or more recommended steps; and

(F) at least partially in response to the first computer software application being provided with the notification that the task has been completed, generating, by the one or more computer processors, an updated privacy impact assessment for the product that reflects the fact that the task has been completed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods for: (1) receiving, via privacy data compliance software, from a first set of users, respective answers for question/answer pairings regarding the proposed design of a product; (2) using the question/answer pairings to prepare an initial privacy impact assessment for the product; (3) displaying, via the privacy data compliance software, the plurality of question/answer pairings to a second set of users, and receiving recommended steps to be implemented as part of the design of the product; (4) initiating the generation of one or more tasks in project management software that would advance the completion of the recommended steps; and (5) after the tasks have been completed, generating, by the privacy data compliance software, an updated privacy impact assessment for the product that reflects the fact that the tasks have been completed.

131 Citations

19 Claims

1. A computer-implemented data processing method for efficiently managing the design of a product so that the resulting product complies with one or more privacy standards, the method comprising:
- (A) identifying, by one or more processors, respective answers from a plurality of question/answer pairings regarding a proposed design of the product, wherein the respective answers in the question/answer pairings are provided by a first set of one or more users;
  
  (B) generating, by the one or more computer processors, an initial privacy impact assessment for the product based, at least in part, on the plurality of question/answer pairings;
  
  (C) after identifying the respective answers from the plurality of question/answer pairings regarding the proposed design of the product, displaying, by the one or more computer processors, the plurality of question/answer pairings to a second set of one or more users;
  
  (D) after displaying at least one of the question/answer pairings to the second set of one or more users, receiving, by the one or more computer processors, from the second set of users, one or more recommended steps to be implemented as part of the proposed design of the product, the one or more recommended steps comprising one or more steps that facilitate the compliance of the product with the one or more privacy standards;
  
  (E) in response to receiving the one or more recommended steps, automatically, by the one or more computer processors, initiating the generation of a task in a second computer software application, the second computer software application comprising project management software that is to be used in managing the design of the product, and the task being a task that, if completed, would advance the completion of the one or more recommended steps; and
  
  (F) at least partially in response to the first computer software application being provided with the notification that the task has been completed, generating, by the one or more computer processors, an updated privacy impact assessment for the product that reflects the fact that the task has been completed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented data processing method of claim 1, wherein Steps (A)-(F) are executed by the first software application.
  - 3. The computer-implemented data processing method of claim 1, further comprising:
    - receiving, by the second computer software application, an indication that the task has been completed; and
      
      in response to the second computer software application receiving the indication that the task has been completed, providing, by the one or more computer processors, a notification that the task has been completed to the first computer software application.
  - 4. The computer-implemented data processing method of claim 1, wherein the first computer software application is data privacy compliance software.
  - 5. The computer-implemented data processing method of claim 4, wherein:
    - the product is a particular software application; and
      
      the task comprises changing the particular software application to modify the way that it obtains, uses, or stores personal data.
  - 6. The computer-implemented data processing method of claim 1, wherein the updated privacy impact assessment is generated by the first computer software application.
  - 7. The computer-implemented data processing method of claim 1, wherein the product is a software application and the first set of one or more users includes one or more software developers.
  - 8. The computer-implemented data processing method of claim 7, wherein the second set of one or more users comprises one or more privacy officers.
  - 9. The computer-implemented data processing method of claim 1, wherein the product is a particular version of a particular software application.
  - 10. The computer-implemented data processing method of claim 1, wherein the product is a computerized appliance.
  - 11. The computer-implemented data processing method of claim 1, further comprising the step of displaying the updated privacy impact assessment to one or more users on a display screen.

12. A computer-implemented data processing method for efficiently managing a design of a particular version of a software application so that the particular version of the software application complies with one or more privacy standards, the method comprising:
- receiving, by a project management software executed by one or more processors, one or more recommended steps to be implemented as part of the design of the particular version of the software application, the one or more recommended steps being provided by privacy data compliance software that is distinct from the project management software;
  
  in response to receiving the one or more recommended steps, automatically, by the one or more computer processors executing the project management software, generating one or more tasks within the project management software application, each of the one or more tasks being a respective task that, if completed, would advance the completion of the one or more recommended steps;
  
  inserting, by the project management software, each of the respective one or more tasks as a respective step in the series of steps to be executed in the design of the particular version of the software application, each of the one or more respective tasks being inserted in the series of steps so that each of the one or more respective tasks is completed prior to a particular date;
  
  determining, by the project management software, that each of the one or more respective tasks has been completed; and
  
  in response to determining that each of the one or more respective tasks has been completed, transmitting, by the project management software to the privacy data compliance software, a notification the that the one or more tasks have been completed.
- View Dependent Claims (13, 14, 15)
- - 13. The computer-implemented method of claim 12, further comprising:
    - after the step of transmitting the notification, generating a privacy impact assessment for the particular version of the software application that reflects the fact that the one or more tasks have been completed.
  - 14. The computer-implemented data processing method of claim 13, wherein the privacy impact assessment is generated by the privacy data compliance software.
  - 15. The computer-implemented data processing method of claim 13, the task comprises changing the particular software application to modify the way that it obtains, uses, or stores personal data.

16. A non-transitory computer-readable medium storing computer-executable instructions for generating a privacy impact assessment for a particular software application, the computer-executable instructions comprising:
- identifying, by one or more processors, respective answers from a plurality of question/answer pairings regarding a particular software application, wherein the respective answers in the question/answer pairings are provided by a first set of one or more users;
  
  generating, by the one or more processors and based on the respective answers from the plurality of question/answer pairings, an initial privacy impact assessment for the particular software application;
  
  receiving, by the one or more processors, one or more recommended changes to the particular software application to comply with at least one privacy regulation,wherein the one or more recommended changes are provided by a second set of one or more users based, at least in part, on the plurality of question/answer pairings; and
  
  after the one or more recommended changes are applied to the particular software application, generating, by the one or more processors, an updated privacy impact assessment for the particular software application, wherein;
  
  the one or more recommended changes are implemented based on a generation of at least one task in project management software that is used in managing changes to the software application; and
  
  the generation of the at least one task is initiated by privacy data compliance software.
- View Dependent Claims (17, 18, 19)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the one or more recommended changes modify the particular software application to change the way that the particular software application obtains, uses, or stores personal data.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the first set of one or more users comprises one or more software developers.
  - 19. The non-transitory computer-readable medium of claim 18, wherein the second set of one or more users comprises one or more privacy officers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Deng, Anna

Application Number

US15/853,674
Publication Number

US 20180137305A1
Time in Patent Office

200 Days
Field of Search

717101
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 10/103   Workflow collaboration or p...

G06Q 30/018   Certifying business or prod...

H04L 63/20   for managing network securi...

Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

131 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links