Data processing systems and methods for efficiently assessing the risk of privacy campaigns
First Claim
1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a particular vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor, the plurality of question answer pairings comprising an identification of one or more types of personal data collected by the particular product or service;
analyzing one or more pieces of publicly available data associated with the vendor;
calculating a privacy awareness score for the vendor based on the analyzed one or more pieces of publicly available data;
in response to receiving the completed privacy template, automatically coordinating, by one or more computer processors, an audit of the completed privacy template, wherein;
coordinating the audit comprises calculating a risk rating for the particular product or service provided by the vendor based at least in part on the one or more types of personal data collected by the particular product or service and the privacy awareness score; and
calculating the risk rating for the particular product or service comprises;
identifying a weighting factor for each of the plurality of question/answer pairings;
electronically determining a relative risk rating for each of the plurality of question/answer pairings; and
electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;
digitally storing the risk level for the particular product or service and the audited privacy template in computer memory; and
after the audit is complete, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities'"'"' respective business endeavors that involve the relevant vendors, products, or services.
496 Citations
20 Claims
-
1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
-
receiving, by one or more computer processors, a completed privacy template from a particular vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor, the plurality of question answer pairings comprising an identification of one or more types of personal data collected by the particular product or service; analyzing one or more pieces of publicly available data associated with the vendor; calculating a privacy awareness score for the vendor based on the analyzed one or more pieces of publicly available data; in response to receiving the completed privacy template, automatically coordinating, by one or more computer processors, an audit of the completed privacy template, wherein; coordinating the audit comprises calculating a risk rating for the particular product or service provided by the vendor based at least in part on the one or more types of personal data collected by the particular product or service and the privacy awareness score; and calculating the risk rating for the particular product or service comprises; identifying a weighting factor for each of the plurality of question/answer pairings; electronically determining a relative risk rating for each of the plurality of question/answer pairings; and electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor; digitally storing the risk level for the particular product or service and the audited privacy template in computer memory; and after the audit is complete, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
-
receiving, by one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding a particular vendor, product or service to be used as part of the privacy campaign; receiving, by one or more processors, analysis of one or more data records associated with the particular vendor, product or service; after receiving the completed privacy template, receiving, from a user, a particular weighting factor that is to be applied to at least a particular one of the question/answer pairings in processing data to calculate a risk rating for the privacy campaign; after receiving the particular weighting factor, using the particular weighting factor, the content of the particular question/answer pairing, and the analysis of the one or more data records to calculate an overall risk rating for the privacy campaign by; identifying a respective weighting factor for each of the plurality of question/answer pairings, wherein the plurality of question answer pairings identifies at least; a nature of data collected by the particular vendor, product or service to be used as part of the privacy campaign; and a physical storage location of the data collected by the particular vendor, product or service to be used as part of the privacy campaign; electronically determining a relative risk rating for each of the plurality of question/answer pairings; and electronically calculating the overall risk rating based upon; the relative risk rating and the weighting factor for each of the plurality of question/answer pairings; and the analysis of the one or more data records; determining whether the overall risk rating for the privacy campaign meets certain pre-determined criteria; and in response to determining that the risk rating for the privacy campaign does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the privacy campaign does not satisfy the pre-determined criteria. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented data processing method for providing templates having privacy audit results, the method comprising:
digitally storing a plurality of sets of digital data comprising audit results in an electronic repository, wherein; each of the plurality of sets of digital data relate to software provided by a vendor; the privacy audit results comprise prompts and responses that relate to compliance with one or more assessment standards related to privacy and vendor privacy compliance data, and wherein; the prompts and responses have been audited for privacy compliance; and the method further comprises determining the audit results by calculating a risk level for each of the plurality of sets of digital data by; identifying a weighting factor for each of the prompts and responses, the prompts and responses including;
an identification of a type of personal data collected by the software provided by the vendor;
an identification of a physical storage location of the personal data collected by the software; and
an identification of a length of time that the personal data collected by the software will be stored;electronically determining a relative risk rating for each of the prompts and responses; and electronically calculating the risk level based upon;
the relative risk rating and the weighting factor for each of the prompts and responses; and
the vendor privacy compliance data;displaying, in a graphical user interface, a plurality of visual representations, each visual representation corresponding to one of the plurality of sets of digital data comprising the audit results; receiving a selection by a customer indicating a desire to acquire rights to use one or more of the plurality of sets of digital data comprising the audit results; and in response to the customer selection, electronically making available for access to the customer one or more of the plurality of sets of digital data comprising the audit results. - View Dependent Claims (18, 19, 20)
Specification