Data processing systems and methods for efficiently assessing the risk of privacy campaigns

US 10,176,503 B2
Filed: 02/12/2018
Issued: 01/08/2019
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:

receiving, by one or more computer processors, a completed privacy template from a particular vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor, the plurality of question answer pairings comprising an identification of one or more types of personal data collected by the particular product or service;

analyzing one or more pieces of publicly available data associated with the vendor;

calculating a privacy awareness score for the vendor based on the analyzed one or more pieces of publicly available data;

in response to receiving the completed privacy template, automatically coordinating, by one or more computer processors, an audit of the completed privacy template, wherein;

coordinating the audit comprises calculating a risk rating for the particular product or service provided by the vendor based at least in part on the one or more types of personal data collected by the particular product or service and the privacy awareness score; and

calculating the risk rating for the particular product or service comprises;

identifying a weighting factor for each of the plurality of question/answer pairings;

electronically determining a relative risk rating for each of the plurality of question/answer pairings; and

electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;

digitally storing the risk level for the particular product or service and the audited privacy template in computer memory; and

after the audit is complete, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods, according to various embodiments are adapted for efficiently processing data to allow for the streamlined assessment of the risk level associated with particular privacy campaigns. The systems may provide a centralized repository of templates of privacy-related question/answer pairings for various vendors, products (e.g., software products), and services. Different entities may electronically access the templates (which may be periodically updated and centrally audited) and customize the templates for evaluating the risk associated with the entities'"'"' respective business endeavors that involve the relevant vendors, products, or services.

496 Citations

20 Claims

1. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a particular vendor, the completed privacy template comprising a plurality of question/answer pairings regarding a particular product or service provided by the vendor, the plurality of question answer pairings comprising an identification of one or more types of personal data collected by the particular product or service;
  
  analyzing one or more pieces of publicly available data associated with the vendor;
  
  calculating a privacy awareness score for the vendor based on the analyzed one or more pieces of publicly available data;
  
  in response to receiving the completed privacy template, automatically coordinating, by one or more computer processors, an audit of the completed privacy template, wherein;
  
  coordinating the audit comprises calculating a risk rating for the particular product or service provided by the vendor based at least in part on the one or more types of personal data collected by the particular product or service and the privacy awareness score; and
  
  calculating the risk rating for the particular product or service comprises;
  
  identifying a weighting factor for each of the plurality of question/answer pairings;
  
  electronically determining a relative risk rating for each of the plurality of question/answer pairings; and
  
  electronically calculating the risk rating based upon, for each of the plurality of question/answer pairings, the relative risk rating and the weighting factor;
  
  digitally storing the risk level for the particular product or service and the audited privacy template in computer memory; and
  
  after the audit is complete, facilitating the electronic transfer of the audited privacy template, via one or more computer networks, to a plurality of computer systems, each computer system being associated with a different entity, for use in the different entities'"'"' respective computerized assessments of at least one respective privacy campaign, to be executed by the respective entity, that includes the use of a product or service that is the subject of the completed privacy template.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented data processing method of claim 1, wherein the audit of the completed privacy template is an audit for compliance with one or more privacy standards.
  - 3. The computer-implemented data processing method of claim 2, wherein analyzing the one or more pieces of publicly available data comprises analyzing one or more pieces of publicly available data selected from the group consisting of:
    - one or more privacy disclaimers associated with the particular product or service;
      
      one or more privacy notices associated with one or more websites associated with the particular vendor;
      
      one or more credit bureau databases;
      
      one or more websites that indicate one or more privacy-related positions with the particular vendor; and
      
      one or more industry certification databases.
  - 4. The computer-implemented data processing method of claim 2, wherein:
    - the one or more pieces of publicly available data comprise the one or more credit bureau databases; and
      
      the method further comprises;
      
      accessing the one or more credit bureau databases; and
      
      determining one or more pieces of credit data associated with the particular vendor from the one or more credit bureau databases.
  - 5. The computer-implemented data processing method of claim 2, wherein:
    - the one or more pieces of publicly available data comprise the one or more privacy disclaimers associated with the particular product or service; and
      
      the method further comprises;
      
      analyzing one or more contents of the one or more privacy disclaimers; and
      
      calculating the privacy awareness core based at least in part on the one or more contents of the one or more privacy disclaimers.
  - 6. The computer-implemented data processing method of claim 5, the method further comprising:
    - determining whether the one or more contents of the one or more privacy disclaimers comprise one or more pieces of language required by one or more regulations;
      
      in response to determining that the one or more contents of the one or more privacy disclaimers comprise the one or more pieces of language, calculating a first privacy awareness score; and
      
      in response to determining that that the one or more contents of the one or more privacy disclaimers do not comprise the one or more pieces of language, calculating a second privacy awareness score.
  - 7. The computer-implemented data processing method of claim 2, wherein calculating the privacy awareness score for the vendor based on the analyzed one or more pieces of publicly available data comprises:
    - identifying a respective privacy weighting factor for each of one or more pieces of publicly available data; and
      
      electronically calculating the privacy awareness score based upon, for each of the one or more pieces of publicly available data, the respective privacy weighting factor and one or more contents of the one or more pieces of publicly available data.
  - 8. The computer-implemented data processing method of claim 1, wherein:
    - the one or more pieces of publicly available data comprise one or more security certifications associated with the particular vendor;
      
      determining whether the particular vendor holds a particular security certification based on the one or more pieces of publicly available data; and
      
      calculating the privacy awareness score for the particular vendor is further based on whether the particular vendor holds the particular security certification.

9. A computer-implemented data processing method for efficiently assessing the risk associated with a privacy campaign, the method comprising:
- receiving, by one or more computer processors, a completed privacy template from a centralized repository of completed privacy templates, the completed privacy template comprising a plurality of question/answer pairings regarding a particular vendor, product or service to be used as part of the privacy campaign;
  
  receiving, by one or more processors, analysis of one or more data records associated with the particular vendor, product or service;
  
  after receiving the completed privacy template, receiving, from a user, a particular weighting factor that is to be applied to at least a particular one of the question/answer pairings in processing data to calculate a risk rating for the privacy campaign;
  
  after receiving the particular weighting factor, using the particular weighting factor, the content of the particular question/answer pairing, and the analysis of the one or more data records to calculate an overall risk rating for the privacy campaign by;
  
  identifying a respective weighting factor for each of the plurality of question/answer pairings, wherein the plurality of question answer pairings identifies at least;
  
  a nature of data collected by the particular vendor, product or service to be used as part of the privacy campaign; and
  
  a physical storage location of the data collected by the particular vendor, product or service to be used as part of the privacy campaign;
  
  electronically determining a relative risk rating for each of the plurality of question/answer pairings; and
  
  electronically calculating the overall risk rating based upon;
  
  the relative risk rating and the weighting factor for each of the plurality of question/answer pairings; and
  
  the analysis of the one or more data records;
  
  determining whether the overall risk rating for the privacy campaign meets certain pre-determined criteria; and
  
  in response to determining that the risk rating for the privacy campaign does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the privacy campaign does not satisfy the pre-determined criteria.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-implemented data processing method of claim 9, wherein:
    - the one or more data records comprise one or more data records related to one or more government bodies that the particular vendor, product, or service is utilized by; and
      
      electronically calculating the risk rating comprises electronically calculating the risk rating based on the one or more government bodies that the particular vendor, product, or service is utilized by.
  - 11. The computer-implemented data processing method of claim 9, wherein:
    - the method further comprises;
      
      analyzing a website associated with the particular vendor, product or service to identify one or more privacy notices;
      
      analyzing one or more contents of the one or more privacy notices; and
      
      electronically calculating the risk rating comprises electronically calculating the risk rating based on the one or more contents of the one or more privacy notices; and
      
      the one or more data records comprise the one or more privacy notices.
  - 12. The computer-implemented data processing method of claim 9, wherein:
    - the method further comprises;
      
      analyzing one or more public record databases associated with the particular vendor, product, or service;
      
      identifying one or more industry certifications associated with the particular vendor, product, or service from the one or more public record databases; and
      
      electronically calculating the risk rating comprises electronically calculating the risk rating based on the identification of the one or more industry certifications.
  - 13. The computer-implemented data processing method of claim 9, wherein the completed privacy template has been centrally pre-audited prior to the step of receiving, by one or more computer processors, the completed privacy template from a centralized repository of completed privacy templates.
  - 14. The computer-implemented data processing method of claim 9, wherein:
    - the analysis of the one or more data records comprises analysis of one or more social networking websites associated with the particular vendor, product or service.
  - 15. The computer-implemented data processing method of claim 14, wherein:
    - the analysis of the one or more data records comprises analysis of one or more business related job sites associated with the particular vendor, product, or service; and
      
      the method further comprises;
      
      determining one or more employee titles, employee roles, and available job posts with the particular vendor, product, or service based on the analysis of the one or more social networking websites and the one or more business related job sites;
      
      calculating a privacy awareness score for the particular vendor, product or service based on the one or more employee titles, employee roles, and available job posts; and
      
      electronically calculating the risk rating based upon the calculated privacy awareness score.
  - 16. The computer-implemented data processing method of claim 15, further comprising assigning a weighting factor to one or more factors used to calculate the privacy awareness score.

17. A computer-implemented data processing method for providing templates having privacy audit results, the method comprising:
- digitally storing a plurality of sets of digital data comprising audit results in an electronic repository, wherein;
  
  each of the plurality of sets of digital data relate to software provided by a vendor;
  
  the privacy audit results comprise prompts and responses that relate to compliance with one or more assessment standards related to privacy and vendor privacy compliance data, and wherein;
  
  the prompts and responses have been audited for privacy compliance; and
  
  the method further comprises determining the audit results by calculating a risk level for each of the plurality of sets of digital data by;
  
  identifying a weighting factor for each of the prompts and responses, the prompts and responses including;
  
  an identification of a type of personal data collected by the software provided by the vendor;
  
  an identification of a physical storage location of the personal data collected by the software; and
  
  an identification of a length of time that the personal data collected by the software will be stored;
  
  electronically determining a relative risk rating for each of the prompts and responses; and
  
  electronically calculating the risk level based upon;
  
  the relative risk rating and the weighting factor for each of the prompts and responses; and
  
  the vendor privacy compliance data;
  
  displaying, in a graphical user interface, a plurality of visual representations, each visual representation corresponding to one of the plurality of sets of digital data comprising the audit results;
  
  receiving a selection by a customer indicating a desire to acquire rights to use one or more of the plurality of sets of digital data comprising the audit results; and
  
  in response to the customer selection, electronically making available for access to the customer one or more of the plurality of sets of digital data comprising the audit results.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-implemented data processing method of claim 17, wherein each of the plurality of sets of digital data comprises a data element relating to a classification of the software to which each set of digital data relates.
  - 19. The computer-implemented data processing method of claim 17, wherein the vendor privacy compliance data is selected from the group consisting of:
    - one or more privacy disclaimers associated with the software provided by the vendor; and
      
      one or more privacy notices associated with one or more websites associated with the particular vendor.
  - 20. The computer-implemented data processing method of claim 19, the method further comprising:
    - identifying a weighting factor for each piece of vendor privacy compliance data; and
      
      electronically calculating the risk level based upon the weighting factor for each piece of vendor privacy compliance data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Brannon, Jonathan Blake
Primary Examiner(s)
Ouellette, Jonathan P

Application Number

US15/894,819
Publication Number

US 20180182009A1
Time in Patent Office

330 Days
Field of Search

705 11-912
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06Q 10/063114   Status monitoring or status...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

Data processing systems and methods for efficiently assessing the risk of privacy campaigns

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

496 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and methods for efficiently assessing the risk of privacy campaigns

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

496 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links