Data processing systems for modifying privacy campaign data via electronic messaging systems

US 10,169,789 B2
Filed: 02/12/2018
Issued: 01/01/2019
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for electronically receiving the input of processing activity data related to a processing activity and electronically calculating a risk level for the processing activity based on the data inputs comprising:

displaying on a graphical user interface a prompt to create an electronic record for a processing activity, wherein the processing activity utilizes personal data collected from at least one or more persons or one or more entities;

receiving a command to create an electronic record for the processing activity;

creating an electronic record for the processing activity and digitally storing the record;

presenting, on one or more graphical user interfaces, a plurality of prompts for the input of processing activity data related to the processing activity;

electronically receiving processing activity data input by one or more users, wherein the processing activity data identifies each of;

a description of the processing activity;

one or more types of personal data related to the processing activity;

a subject from which the personal data was collected;

storage of the personal data; and

access to the personal data;

processing the processing activity data by electronically associating the processing activity data with the record for the processing activity;

receiving, by one or more computer processors, a request to associate an electronic message with the record for the processing activity;

in response to receiving the request, associating the electronic message with the record for the processing activity;

digitally storing the processing activity data associated with the record for the processing activity;

using one or more computer processors, calculating a risk level for the processing activity based on the processing activity data, wherein calculating the risk level for the processing activity comprises;

electronically retrieving from a database the processing activity data associated with the record for the processing activity;

electronically determining a plurality of weighting factors for the processing activity, wherein the plurality of weighting factors are based upon a plurality of factors including;

the nature of the personal data associated with the processing activity;

the physical location of the personal data associated with the processing activity;

the length of time that the personal data associated with the processing activity will be retained in storage;

the type of individual from which the personal data associated with the processing activity originated; and

the country of residence of the individual from which the personal data associated with the processing activity originated;

electronically assigning a relative risk rating for each of the plurality of factors; and

electronically calculating a risk level for the campaign based upon the plurality of weighting factors and the relative risk rating for each of the plurality of factors; and

digitally storing the risk level associated with the record for the processing activity;

scanning one or more pieces of content in the electronic message;

after scanning the one or more pieces of content, analyzing the one or more pieces of content to identify one or more keywords in the electronic message;

determining, based at least in part on the one or more keywords, whether to modify the risk level for the processing activity;

in response to determining to modify the risk level, calculating an updated risk level for the particular processing activity by;

electronically modifying the relative risk rating for at least one of the plurality of factors;

electronically calculating an updated risk level based at least in part on the modified relative risk rating for at least one of the plurality of factors; and

digitally storing the updated risk level associated with the record for the processing activity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, a privacy campaign data modification system is configured to store one or more electronic messages in memory and associate those electronic messages with a particular processing activity. The system may be configured to automatically analyze the electronic messages to determine whether personal data is being transferred from one territory to another as part of the processing activity. If so, the system may update a risk level associated with the processing activity to reflect the cross-border transfer. The system may also be configured to automatically analyze the electronic messages to determine whether personal data is being transferred from a party inside a particular organization to a party outside the organization. If so, the system may update the risk level associated with the processing activity to reflect the transfer of the personal data out of the organization.

255 Citations

20 Claims

1. A computer-implemented data processing method for electronically receiving the input of processing activity data related to a processing activity and electronically calculating a risk level for the processing activity based on the data inputs comprising:
- displaying on a graphical user interface a prompt to create an electronic record for a processing activity, wherein the processing activity utilizes personal data collected from at least one or more persons or one or more entities;
  
  receiving a command to create an electronic record for the processing activity;
  
  creating an electronic record for the processing activity and digitally storing the record;
  
  presenting, on one or more graphical user interfaces, a plurality of prompts for the input of processing activity data related to the processing activity;
  
  electronically receiving processing activity data input by one or more users, wherein the processing activity data identifies each of;
  
  a description of the processing activity;
  
  one or more types of personal data related to the processing activity;
  
  a subject from which the personal data was collected;
  
  storage of the personal data; and
  
  access to the personal data;
  
  processing the processing activity data by electronically associating the processing activity data with the record for the processing activity;
  
  receiving, by one or more computer processors, a request to associate an electronic message with the record for the processing activity;
  
  in response to receiving the request, associating the electronic message with the record for the processing activity;
  
  digitally storing the processing activity data associated with the record for the processing activity;
  
  using one or more computer processors, calculating a risk level for the processing activity based on the processing activity data, wherein calculating the risk level for the processing activity comprises;
  
  electronically retrieving from a database the processing activity data associated with the record for the processing activity;
  
  electronically determining a plurality of weighting factors for the processing activity, wherein the plurality of weighting factors are based upon a plurality of factors including;
  
  the nature of the personal data associated with the processing activity;
  
  the physical location of the personal data associated with the processing activity;
  
  the length of time that the personal data associated with the processing activity will be retained in storage;
  
  the type of individual from which the personal data associated with the processing activity originated; and
  
  the country of residence of the individual from which the personal data associated with the processing activity originated;
  
  electronically assigning a relative risk rating for each of the plurality of factors; and
  
  electronically calculating a risk level for the campaign based upon the plurality of weighting factors and the relative risk rating for each of the plurality of factors; and
  
  digitally storing the risk level associated with the record for the processing activity;
  
  scanning one or more pieces of content in the electronic message;
  
  after scanning the one or more pieces of content, analyzing the one or more pieces of content to identify one or more keywords in the electronic message;
  
  determining, based at least in part on the one or more keywords, whether to modify the risk level for the processing activity;
  
  in response to determining to modify the risk level, calculating an updated risk level for the particular processing activity by;
  
  electronically modifying the relative risk rating for at least one of the plurality of factors;
  
  electronically calculating an updated risk level based at least in part on the modified relative risk rating for at least one of the plurality of factors; and
  
  digitally storing the updated risk level associated with the record for the processing activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented data processing method of claim 1, further comprising electronically determining an audit schedule for the processing activity based at least in part on the risk level.
  - 3. The computer-implemented data processing method of claim 2, further comprising:
    - scanning the electronic message to identify at least one piece of content within the electronic message; and
      
      modifying the audit schedule based at least in part on the at least one piece of content.
  - 4. The computer-implemented data processing method of claim 1, wherein:
    - the method further comprises providing a browser plug-in for installation on a computer device, the browser plug-in being configured to receive the request to associate the electronic message with the record for the processing activity; and
      
      receiving the request to associate the electronic message with the record for the processing activity comprises receiving the request via the browser plug-in.
  - 5. The computer-implemented data processing method of claim 1, wherein:
    - the method further comprises establishing an e-mail alias associated with the processing activity; and
      
      receiving the request to associate the electronic message with the record for the processing activity comprises receiving the electronic message in response to an individual forwarding the electronic message to the e-mail alias.
  - 6. The computer-implemented data processing method of claim 1, wherein one or more attachments included with the electronic message are one or more pieces of content in the electronic message.
  - 7. The computer implemented data processing method of claim 1, further comprising:
    - scanning the electronic message to identify at least one piece of content within the electronic message; and
      
      determining, based at least in part on the at least one piece of content, whether to associate the electronic message with the processing activity.
  - 8. The computer-implemented data processing method of claim 7, wherein the at least one piece of content comprises at least one unique identifier associated with the processing activity.
  - 9. The computer implemented data processing method of claim 1, further comprising:
    - in response receiving the command to create the electronic record for the processing activity, automatically generating an e-mail alias and associating the e-mail alias with the processing activity.
  - 10. The computer implemented data processing method of claim 9, wherein receiving the request to associate the electronic message with the record for the processing activity comprises receiving the electronic message via a forwarded electronic message to the e-mail alias.

11. A computer-implemented data processing method of electronically modifying a data structure comprising processing activity data related to a processing activity, the method comprising:
- receiving, by one or more processors, a request to modify a data structure to include one or more electronic messages, wherein the data structure digitally stores processing activity data related to a processing activity, and the processing activity data identifies each of;
  
  a description of the processing activity;
  
  one or more types of personal data related to the processing activity;
  
  a subject from which the personal data was collected;
  
  a storage location of the personal data;
  
  one or more access permissions related to the personal data; and
  
  a risk level for the processing activity, wherein the risk level is calculated by;
  
  identifying a plurality of risk factors for the processing activity, wherein each of the plurality of risk factors has an associated weighting factor and the plurality of risk factors includes;
  
  a type of the personal data collected as part of the particular processing activity;
  
  information about a type of data subject from which the personal data is collected as part of the particular processing activity;
  
  storage information for the personal data collected as part of the particular processing activity; and
  
  information identifying a source location and a destination location for a data transfer as part of the particular processing activity;
  
  electronically assigning a relative risk rating for each of the plurality of factors; and
  
  electronically calculating the risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the weighting factor for the risk factor;
  
  in response to receiving the request;
  
  scanning one or more pieces of content in the one or more electronic messages;
  
  after scanning the one or more pieces of content, analyzing the one or more pieces of content;
  
  determining, based at least in part on the one or more pieces of content, whether to modify the data structure to include the one or more messages;
  
  in response to determining to modify the data structure, modifying, by one or more processors, the data structure to include the one or more electronic messages;
  
  associating, in the data structure, the one or more electronic messages with the processing activity data;
  
  accessing metadata associated with the one or more electronic messages;
  
  in response, based at least in part on the metadata associated with the one or more electronic messages, determining, for each of the one or more electronic messages, a territory associated with a source location from which the electronic message was sent and a territory associated with a destination location in which the electronic message was received;
  
  determining, for each of the one or more electronic messages, whether the territory from which the electronic message was sent is different from the territory in which the electronic message was received;
  
  in response to determining that the territory from which the electronic message was sent is different from the territory in which the electronic message was received, determining to modify the risk level for the processing activity; and
  
  in response to determining to modify the risk level, calculating an updated risk level for the processing activity by;
  
  electronically modifying the relative risk rating for at least one of the plurality of risk factors based at least in part on determining that the territory from which the electronic message was sent is different from the territory in which the electronic message was received;
  
  after electronically modifying the relative risk rating for at least one of the plurality of risk factors, electronically calculating a modified risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the associated weighting factor; and
  
  digitally storing the modified risk level with the processing activity data.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer-implemented data processing method of claim 11, further comprising electronically determining an audit schedule for the processing activity based at least in part on the risk level.
  - 13. The computer-implemented data processing method of claim 11, wherein:
    - the method further comprises providing a software plug-in for installation on a computing device, wherein the software plug-in is configured to integrate with one or more electronic messaging programs; and
      
      receiving the request to modify the data structure to include the one or more electronic messages comprises receiving the request via the software plug-in.
  - 14. The computer-implemented data processing method of claim 13, further comprising:
    - receiving, by one or more processors, a request to modify a data structure to include one or more second electronic messages related to a second processing activity;
      
      determining, by one or more processors, whether the second processing activity is an existing processing activity;
      
      in response to determining that the second processing activity is an existing processing activity, modifying, by one or more processors, the processing activity data associated with the second processing activity to include the one or more second electronic messages; and
      
      in response to determining that the second processing activity is not an existing processing activity;
      
      storing the one or more second electronic messages in memory; and
      
      tagging the one or more second electronic messages as unassigned.
  - 15. The computer-implemented data processing method of claim 11, wherein:
    - the method further comprises providing, by one or more processors, a software plug-in for installation on a computing device;
      
      receiving the request to modify the data structure to include the one or more second electronic messages related to the second processing activity comprises receiving the request via the software plug-in.
  - 16. The computer-implemented data processing method of claim 15, wherein the software plug-in is a plug-in selected from the group consisting of:
    - a browser plug-in extension configured for capturing the one or more electronic messages via webmail; and
      
      an electronic messaging application plug-in configured for capturing the one or more electronic messages from the electronic messaging application.

17. A computer-implemented data processing method of electronically modifying a data structure comprising processing activity data related to a processing activity, the method comprising:
- receiving, by one or more processors, a request to modify a data structure to include one or more electronic messages, wherein the data structure digitally stores processing activity data related to a processing activity, and the processing activity data identifies each of;
  
  a description of the processing activity;
  
  one or more types of personal data related to the processing activity;
  
  a subject from which the personal data was collected;
  
  a storage location of the personal data;
  
  one or more access permissions related to the personal data; and
  
  a risk level for the processing activity, wherein the risk level is calculated by;
  
  identifying a plurality of risk factors for the processing activity, wherein each of the plurality of risk factors has an associated weighting factor and the plurality of risk factors includes;
  
  a type of the personal data collected as part of the particular processing activity;
  
  information about a type of data subject from which the personal data is collected as part of the particular processing activity;
  
  storage information for the personal data collected as part of the particular processing activity; and
  
  information identifying a source location and a destination location for a data transfer as part of the particular processing activity;
  
  electronically assigning a relative risk rating for each of the plurality of factors; and
  
  electronically calculating the risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the weighting factor for the risk factor;
  
  in response to receiving the request;
  
  scanning one or more pieces of content in the one or more electronic messages;
  
  after scanning the one or more pieces of content, analyzing the one or more pieces of content;
  
  determining, based at least in part on the one or more pieces of content, whether to modify the data structure to include the one or more messages;
  
  in response to determining to modify the data structure, modifying, by one or more processors, the data structure to include the one or more electronic messages;
  
  associating, in the data structure, the one or more electronic messages with the processing activity data;
  
  accessing metadata associated with the one or more electronic messages;
  
  in response, based at least in part on the metadata associated with the one or more electronic messages, determining, for each of the one or more electronic messages, a domain name associated with a source from which the electronic message was sent and a domain name associated with a destination in which the electronic message was received;
  
  determining, for each of the one or more electronic messages, whether the domain name from which the electronic message was sent is different from the domain name in which the electronic message was received;
  
  in response to determining that the domain name from which the electronic message was sent is different from the domain name in which the electronic message was received, determining to modify the risk level for the processing activity; and
  
  in response to determining to modify the risk level, calculating an updated risk level for the processing activity by;
  
  electronically modifying the relative risk rating for at least one of the plurality of risk factors based at least in part on determining that the domain name from which the electronic message was sent is different from the domain name in which the electronic message was received;
  
  after electronically modifying the relative risk rating for at least one of the plurality of risk factors, electronically calculating a modified risk level for the processing activity based upon, for each respective one of the plurality of risk factors, the relative risk rating and the associated weighting factor; and
  
  digitally storing the modified risk level with the processing activity data.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented data processing method of claim 17, wherein the software plug-in is a plug-in selected from the group consisting of:
    - a browser plug-in extension configured for capturing the one or more electronic messages via webmail; and
      
      an electronic messaging application plug-in configured for capturing the one or more electronic messages from the electronic messaging application.
  - 19. The computer-implemented data processing method of claim 17, further comprising electronically determining an audit schedule for the processing activity based at least in part on the risk level.
  - 20. The computer-implemented data processing method of claim 17, wherein one or more attachments included with the electronic message are one or more pieces of content in the electronic message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Brannon, Jonathan Blake
Primary Examiner(s)
Ouellette, Jonathan P

Application Number

US15/894,890
Publication Number

US 20180174213A1
Time in Patent Office

323 Days
Field of Search

705 11-912
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 10/063114   Status monitoring or status...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

Data processing systems for modifying privacy campaign data via electronic messaging systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

255 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for modifying privacy campaign data via electronic messaging systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links