Data processing systems for measuring privacy maturity within an organization

US 10,032,172 B2
Filed: 06/09/2017
Issued: 07/24/2018
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for measuring a particular organization'"'"'s compliance with one or more requirements associated with one or more pieces of computer code originating from the particular organization, the method comprising:

determining, by one or more processors, for each of the one or more pieces of computer code, one or more respective storage locations;

electronically obtaining, by one or more processors, each of the one or more pieces of computer code based on the one or more respective storage locations;

automatically electronically analyzing each of the one or more pieces of computer code to determine one or more privacy-related attributes of each of the one or more pieces of computer code, each of the privacy-related attributes indicating one or more types of privacy campaign data that the computer code collects or accesses;

in response to determining that the computer code has a particular one of the one or more privacy-related attributes;

(A) executing the steps of;

(i) electronically displaying one or more prompts to a first individual requesting that the first individual input information regarding the particular privacy-related attribute;

(ii) receiving input information from the first individual regarding the particular privacy-related attribute; and

(iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a privacy assessment of the computer code;

(B) changing an indicator associated with the code to indicate that, before the code is launched, the particular attribute should be reviewed by one or more designated individuals; and

(C) changing an indicator associated with the code to indicate that, before the code is launched, the code should be modified to not include the particular attribute;

retrieving, by one or more processors, for at least one individual associated with the organization, privacy training data comprising an amount of privacy training received by the at least one individual;

determining, by one or more processors, based at least in part on the one or more types of privacy campaign data that the computer code collects or accesses and the privacy training data, a privacy maturity score for the particular organization; and

displaying, by one or more processors, the privacy maturity score on a display screen associated with a computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

388 Citations

12 Claims

1. A computer-implemented data processing method for measuring a particular organization'"'"'s compliance with one or more requirements associated with one or more pieces of computer code originating from the particular organization, the method comprising:
- determining, by one or more processors, for each of the one or more pieces of computer code, one or more respective storage locations;
  
  electronically obtaining, by one or more processors, each of the one or more pieces of computer code based on the one or more respective storage locations;
  
  automatically electronically analyzing each of the one or more pieces of computer code to determine one or more privacy-related attributes of each of the one or more pieces of computer code, each of the privacy-related attributes indicating one or more types of privacy campaign data that the computer code collects or accesses;
  
  in response to determining that the computer code has a particular one of the one or more privacy-related attributes;
  
  (A) executing the steps of;
  
  (i) electronically displaying one or more prompts to a first individual requesting that the first individual input information regarding the particular privacy-related attribute;
  
  (ii) receiving input information from the first individual regarding the particular privacy-related attribute; and
  
  (iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a privacy assessment of the computer code;
  
  (B) changing an indicator associated with the code to indicate that, before the code is launched, the particular attribute should be reviewed by one or more designated individuals; and
  
  (C) changing an indicator associated with the code to indicate that, before the code is launched, the code should be modified to not include the particular attribute;
  
  retrieving, by one or more processors, for at least one individual associated with the organization, privacy training data comprising an amount of privacy training received by the at least one individual;
  
  determining, by one or more processors, based at least in part on the one or more types of privacy campaign data that the computer code collects or accesses and the privacy training data, a privacy maturity score for the particular organization; and
  
  displaying, by one or more processors, the privacy maturity score on a display screen associated with a computing device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented data processing method of claim 1, the method further comprising modifying at least one of the one or more pieces of computer code based at least in part on the privacy maturity score.
  - 3. The computer-implemented method of claim 1, wherein the one or more types of privacy campaign data that the computer code collects or accesses comprises:
    - a number of privacy campaigns facilitated by the one or more pieces of computer code;
      
      an amount of personal data collected by each of the one or more pieces of computer code;
      
      a type of the personal data collected by each of the one or more pieces of computer code; and
      
      a volume of the personal data transferred by the one or more pieces of computer code.
  - 4. The computer-implemented data processing method of claim 1, the method further comprising:
    - auditing, by one or more processors, the one or more pieces of computer code according to a particular schedule;
      
      modifying, by one or more processors, the schedule based at least in part on the privacy maturity score.
  - 5. The computer-implemented data processing method of claim 1, wherein:
    - the method further comprises receiving one or more privacy impact assessments associated with each of the one or more pieces of computer code; and
      
      determining the privacy maturity score for the particular organization further comprises determining the privacy maturity score based at least in part on the one or more privacy impact assessments.
  - 6. The computer-implemented data processing method of claim 5, wherein:
    - the one or more privacy impact assessments are one or more privacy impact assessments performed prior to execution of the one or more pieces of computer code as part of a privacy campaign.

7. A non-transitory computer-readable medium storing computer-executable instructions causing a computer to execute a method for measuring a plurality of individuals'"'"' compliance with one or more privacy-related requirements, the method comprising:
- determining, by one or more processors, for each of one or more pieces of computer code, one or more respective storage locations;
  
  electronically obtaining, by one or more processors, each of the one or more pieces of computer code based on the one or more respective storage locations;
  
  automatically electronically analyzing each of the one or more pieces of computer code to determine one or more privacy-related attributes of each of the one or more pieces of computer code, each of the privacy-related attributes indicating one or more types of privacy campaign data that the computer code collects or accesses;
  
  in response to determining that the computer code has a particular one of the one or more privacy-related attributes;
  
  (A) executing the steps of;
  
  (i) electronically displaying one or more prompts to a first individual requesting that the first individual input information regarding the particular privacy-related attribute;
  
  (ii) receiving input information from the first individual regarding the particular privacy-related attribute; and
  
  (iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a privacy assessment of the computer code;
  
  (B) changing an indicator associated with the code to indicate that, before the code is launched, the particular attribute should be reviewed by one or more designated individuals; and
  
  (C) changing an indicator associated with the code to indicate that, before the code is launched, the code should be modified to not include the particular attribute;
  
  retrieving, by one or more processors, for at least one of the plurality of individuals, privacy training data comprising an amount of privacy training received by the at least one individual;
  
  determining, by one or more processors, based at least in part on the one or more types of privacy campaign data that the computer code collects or accesses and the privacy training data, a privacy maturity score for the plurality of individuals; and
  
  displaying, by one or more processors, the privacy maturity score on a display screen associated with a computing device.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer-readable medium of claim 7, further comprising modifying at least one of the one or more pieces of computer code based at least in part on the privacy maturity score.
  - 9. The non-transitory computer-readable medium of claim 7, wherein the one or more types of privacy campaign data that the computer code collects or accesses comprises:
    - a number of privacy campaigns facilitated by the one or more pieces of computer code;
      
      an amount of personal data collected by each of the one or more pieces of computer code;
      
      a type of the personal data collected by each of the one or more pieces of computer code; and
      
      a volume of the personal data transferred by the one or more pieces of computer code.
  - 10. The non-transitory computer-readable medium of claim 7, wherein the method further comprises:
    - auditing, by one or more processors, the one or more pieces of computer code according to a particular schedule;
      
      modifying, by one or more processors, the schedule based at least in part on the privacy maturity score.
  - 11. The non-transitory computer-readable medium of claim 7, wherein:
    - the method further comprises receiving one or more privacy impact assessments associated with each of the one or more pieces of computer code; and
      
      determining the privacy maturity score for the particular organization further comprises determining the privacy maturity score based at least in part on the one or more privacy impact assessments.
  - 12. The non-transitory computer-readable medium of claim 11, wherein:
    - the one or more privacy impact assessments are one or more privacy impact assessments performed prior to execution of the one or more pieces of computer code as part of a privacy campaign.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Hailu, Teshome

Application Number

US15/619,251
Publication Number

US 20170357982A1
Time in Patent Office

410 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06Q 10/06   Resources, workflows, human...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 30/018   Certifying business or prod...

H04L 63/04   for providing a confidentia...

H04L 63/20   for managing network securi...

H04W 12/02   Protecting privacy or anony...

Data processing systems for measuring privacy maturity within an organization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

388 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Data processing systems for measuring privacy maturity within an organization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

388 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others