Data processing systems for modifying privacy campaign data via electronic messaging systems
First Claim
1. A computer-implemented data processing method for electronically receiving the input of processing activity data related to a processing activity and electronically calculating a risk level for the processing activity based on the data inputs comprising:
- displaying on a graphical user interface a prompt to create an electronic record for a processing activity, wherein the processing activity utilizes personal data collected from at least one or more persons or one or more entities;
receiving a command to create an electronic record for the processing activity;
creating an electronic record for the processing activity and digitally storing the record;
presenting, on one or more graphical user interfaces, a plurality of prompts for the input of processing activity data related to the processing activity;
electronically receiving processing activity data input by one or more users, wherein the processing activity data identifies each of;
a description of the processing activity;
one or more types of personal data related to the processing activity;
a subject from which the personal data was collected;
storage of the personal data; and
access to the personal data;
processing the processing activity data by electronically associating the processing activity data with the record for the processing activity;
receiving, by one or more computer processors, a request to associate an electronic message with the record for the processing activity;
in response to receiving the request, associating the electronic message with the record for the processing activity;
digitally storing the processing activity data associated with the record for the processing activity;
using one or more computer processors, calculating a risk level for the processing activity based on the processing activity data, wherein calculating the risk level for the processing activity comprises;
electronically retrieving from a database the processing activity data associated with the record for the processing activity;
electronically determining a plurality of weighting factors for the processing activity, wherein the plurality of weighting factors are based upon a plurality of factors including;
the nature of the personal data associated with the processing activity;
the physical location of the personal data associated with the processing activity;
the length of time that the personal data associated with the processing activity will be retained in storage;
the type of individual from which the personal data associated with the processing activity originated; and
the country of residence of the individual from which the personal data associated with the processing activity originated;
electronically assigning a relative risk rating for each of the plurality of factors; and
electronically calculating a risk level for the campaign based upon the plurality of weighting factors and the relative risk rating for each of the plurality of factors; and
digitally storing the risk level associated with the record for the processing activity;
scanning one or more pieces of content in the electronic message;
after scanning the one or more pieces of content, analyzing the one or more pieces of content to identify one or more keywords in the electronic message;
determining, based at least in part on the one or more keywords, whether to modify the risk level for the processing activity;
in response to determining to modify the risk level, calculating an updated risk level for the particular processing activity by;
electronically modifying the relative risk rating for at least one of the plurality of factors;
electronically calculating an updated risk level based at least in part on the modified relative risk rating for at least one of the plurality of factors; and
digitally storing the updated risk level associated with the record for the processing activity.
2 Assignments
0 Petitions
Accused Products
Abstract
In various embodiments, a privacy campaign data modification system is configured to store one or more electronic messages in memory and associate those electronic messages with a particular processing activity. The system may be configured to automatically analyze the electronic messages to determine whether personal data is being transferred from one territory to another as part of the processing activity. If so, the system may update a risk level associated with the processing activity to reflect the cross-border transfer. The system may also be configured to automatically analyze the electronic messages to determine whether personal data is being transferred from a party inside a particular organization to a party outside the organization. If so, the system may update the risk level associated with the processing activity to reflect the transfer of the personal data out of the organization.
255 Citations
20 Claims
-
1. A computer-implemented data processing method for electronically receiving the input of processing activity data related to a processing activity and electronically calculating a risk level for the processing activity based on the data inputs comprising:
-
displaying on a graphical user interface a prompt to create an electronic record for a processing activity, wherein the processing activity utilizes personal data collected from at least one or more persons or one or more entities; receiving a command to create an electronic record for the processing activity; creating an electronic record for the processing activity and digitally storing the record; presenting, on one or more graphical user interfaces, a plurality of prompts for the input of processing activity data related to the processing activity; electronically receiving processing activity data input by one or more users, wherein the processing activity data identifies each of; a description of the processing activity; one or more types of personal data related to the processing activity; a subject from which the personal data was collected; storage of the personal data; and access to the personal data; processing the processing activity data by electronically associating the processing activity data with the record for the processing activity; receiving, by one or more computer processors, a request to associate an electronic message with the record for the processing activity; in response to receiving the request, associating the electronic message with the record for the processing activity; digitally storing the processing activity data associated with the record for the processing activity; using one or more computer processors, calculating a risk level for the processing activity based on the processing activity data, wherein calculating the risk level for the processing activity comprises; electronically retrieving from a database the processing activity data associated with the record for the processing activity; electronically determining a plurality of weighting factors for the processing activity, wherein the plurality of weighting factors are based upon a plurality of factors including; the nature of the personal data associated with the processing activity; the physical location of the personal data associated with the processing activity; the length of time that the personal data associated with the processing activity will be retained in storage; the type of individual from which the personal data associated with the processing activity originated; and the country of residence of the individual from which the personal data associated with the processing activity originated; electronically assigning a relative risk rating for each of the plurality of factors; and electronically calculating a risk level for the campaign based upon the plurality of weighting factors and the relative risk rating for each of the plurality of factors; and digitally storing the risk level associated with the record for the processing activity; scanning one or more pieces of content in the electronic message; after scanning the one or more pieces of content, analyzing the one or more pieces of content to identify one or more keywords in the electronic message; determining, based at least in part on the one or more keywords, whether to modify the risk level for the processing activity; in response to determining to modify the risk level, calculating an updated risk level for the particular processing activity by; electronically modifying the relative risk rating for at least one of the plurality of factors; electronically calculating an updated risk level based at least in part on the modified relative risk rating for at least one of the plurality of factors; and digitally storing the updated risk level associated with the record for the processing activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented data processing method of electronically modifying a data structure comprising processing activity data related to a processing activity, the method comprising:
-
receiving, by one or more processors, a request to modify a data structure to include one or more electronic messages, wherein the data structure digitally stores processing activity data related to a processing activity, and the processing activity data identifies each of; a description of the processing activity; one or more types of personal data related to the processing activity; a subject from which the personal data was collected; a storage location of the personal data; one or more access permissions related to the personal data; and a risk level for the processing activity, wherein the risk level is calculated by; identifying a plurality of risk factors for the processing activity, wherein each of the plurality of risk factors has an associated weighting factor and the plurality of risk factors includes; a type of the personal data collected as part of the particular processing activity; information about a type of data subject from which the personal data is collected as part of the particular processing activity; storage information for the personal data collected as part of the particular processing activity; and information identifying a source location and a destination location for a data transfer as part of the particular processing activity; electronically assigning a relative risk rating for each of the plurality of factors; and electronically calculating the risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the weighting factor for the risk factor; in response to receiving the request; scanning one or more pieces of content in the one or more electronic messages; after scanning the one or more pieces of content, analyzing the one or more pieces of content; determining, based at least in part on the one or more pieces of content, whether to modify the data structure to include the one or more messages; in response to determining to modify the data structure, modifying, by one or more processors, the data structure to include the one or more electronic messages; associating, in the data structure, the one or more electronic messages with the processing activity data; accessing metadata associated with the one or more electronic messages; in response, based at least in part on the metadata associated with the one or more electronic messages, determining, for each of the one or more electronic messages, a territory associated with a source location from which the electronic message was sent and a territory associated with a destination location in which the electronic message was received; determining, for each of the one or more electronic messages, whether the territory from which the electronic message was sent is different from the territory in which the electronic message was received; in response to determining that the territory from which the electronic message was sent is different from the territory in which the electronic message was received, determining to modify the risk level for the processing activity; and in response to determining to modify the risk level, calculating an updated risk level for the processing activity by; electronically modifying the relative risk rating for at least one of the plurality of risk factors based at least in part on determining that the territory from which the electronic message was sent is different from the territory in which the electronic message was received; after electronically modifying the relative risk rating for at least one of the plurality of risk factors, electronically calculating a modified risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the associated weighting factor; and digitally storing the modified risk level with the processing activity data. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer-implemented data processing method of electronically modifying a data structure comprising processing activity data related to a processing activity, the method comprising:
-
receiving, by one or more processors, a request to modify a data structure to include one or more electronic messages, wherein the data structure digitally stores processing activity data related to a processing activity, and the processing activity data identifies each of; a description of the processing activity; one or more types of personal data related to the processing activity; a subject from which the personal data was collected; a storage location of the personal data; one or more access permissions related to the personal data; and a risk level for the processing activity, wherein the risk level is calculated by; identifying a plurality of risk factors for the processing activity, wherein each of the plurality of risk factors has an associated weighting factor and the plurality of risk factors includes; a type of the personal data collected as part of the particular processing activity; information about a type of data subject from which the personal data is collected as part of the particular processing activity; storage information for the personal data collected as part of the particular processing activity; and information identifying a source location and a destination location for a data transfer as part of the particular processing activity; electronically assigning a relative risk rating for each of the plurality of factors; and electronically calculating the risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the weighting factor for the risk factor; in response to receiving the request; scanning one or more pieces of content in the one or more electronic messages; after scanning the one or more pieces of content, analyzing the one or more pieces of content; determining, based at least in part on the one or more pieces of content, whether to modify the data structure to include the one or more messages; in response to determining to modify the data structure, modifying, by one or more processors, the data structure to include the one or more electronic messages; associating, in the data structure, the one or more electronic messages with the processing activity data; accessing metadata associated with the one or more electronic messages; in response, based at least in part on the metadata associated with the one or more electronic messages, determining, for each of the one or more electronic messages, a domain name associated with a source from which the electronic message was sent and a domain name associated with a destination in which the electronic message was received; determining, for each of the one or more electronic messages, whether the domain name from which the electronic message was sent is different from the domain name in which the electronic message was received; in response to determining that the domain name from which the electronic message was sent is different from the domain name in which the electronic message was received, determining to modify the risk level for the processing activity; and in response to determining to modify the risk level, calculating an updated risk level for the processing activity by; electronically modifying the relative risk rating for at least one of the plurality of risk factors based at least in part on determining that the domain name from which the electronic message was sent is different from the domain name in which the electronic message was received; after electronically modifying the relative risk rating for at least one of the plurality of risk factors, electronically calculating a modified risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the associated weighting factor; and digitally storing the modified risk level with the processing activity data. - View Dependent Claims (18, 19, 20)
-
Specification