Data processing systems for identity validation of data subject access requests and related methods
First Claim
1. A computer-implemented data processing method for responding to a data subject access request, the computer-implemented data processing method comprising:
- receiving a data subject access request from a requestor that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with an identified data subject that the particular organization has obtained on the identified data subject,wherein at least one of the one or more pieces of personal data associated with the identified data subject was not provided to the particular organization by the identified data subject, andwherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of;
a first type of data subject access request that requires a first number of identity validation methods, anda second type of data subject access request that requires a second number of identity validation methods, wherein the first number of identity validation methods is different than the second number of identity validation methods;
in response to receiving the data subject access request from the requestor, determining a number of identity validation methods required based at least in part on the type of data subject access request;
validating an identity of the requestor, based at least in part on the determined number of identity validation methods required, by prompting the requestor to identify information associated with the identified data subject, wherein validating the identity of the requestor further comprises;
accessing, via one or more computer networks, one or more third-party data aggregation systems;
determining, based at least in part on data information received via the one or more third-party data aggregation systems, that the identified data subject exists; and
in response to determining that the identified data subject exists, confirming, based at least in part on the data information received via the one or more third-party data aggregation systems and the one or more request parameters, that the requestor is the identified data subject;
in response to validating the identity of the requestor, processing the request by automatically identifying one or more pieces of personal data associated with the identified data subject, wherein the one or more pieces of personal data are stored in one or more data repositories associated with the particular organization; and
in response to automatically identifying the one or more pieces of personal data associated with the identified data subject, taking the one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to automatically identifying the one or more pieces of personal data associated with the identified data subject.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a computer-implemented data processing method for responding to a data subject access request comprises: (A) receiving a data subject access request from a requestor comprising one or more request parameters; (B) validating an identity of the requestor by prompting the requestor to identify information associated with the requestor; (C) in response to validating the identity of the requestor, processing the request by identifying one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization; and (D) taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data.
452 Citations
18 Claims
-
1. A computer-implemented data processing method for responding to a data subject access request, the computer-implemented data processing method comprising:
-
receiving a data subject access request from a requestor that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with an identified data subject that the particular organization has obtained on the identified data subject, wherein at least one of the one or more pieces of personal data associated with the identified data subject was not provided to the particular organization by the identified data subject, and wherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a first type of data subject access request that requires a first number of identity validation methods, and a second type of data subject access request that requires a second number of identity validation methods, wherein the first number of identity validation methods is different than the second number of identity validation methods; in response to receiving the data subject access request from the requestor, determining a number of identity validation methods required based at least in part on the type of data subject access request; validating an identity of the requestor, based at least in part on the determined number of identity validation methods required, by prompting the requestor to identify information associated with the identified data subject, wherein validating the identity of the requestor further comprises; accessing, via one or more computer networks, one or more third-party data aggregation systems; determining, based at least in part on data information received via the one or more third-party data aggregation systems, that the identified data subject exists; and in response to determining that the identified data subject exists, confirming, based at least in part on the data information received via the one or more third-party data aggregation systems and the one or more request parameters, that the requestor is the identified data subject; in response to validating the identity of the requestor, processing the request by automatically identifying one or more pieces of personal data associated with the identified data subject, wherein the one or more pieces of personal data are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the identified data subject, taking the one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to automatically identifying the one or more pieces of personal data associated with the identified data subject. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented data processing method for responding to a data subject access request, the computer-implemented data processing method comprising:
-
receiving a data subject access request from a requestor that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with an identified data subject that the particular organization has obtained on the identified data subject, wherein at least one of the one or more pieces of personal data associated with the identified data subject was not provided to the particular organization by the identified data subject, and wherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a first type of data subject access request that requires a first number of identity validation methods, and a second type of data subject access request that requires a second number of identity validation methods, wherein the first number of identity validation methods is different than the second number of identity validation methods; in response to receiving the data subject access request from the requestor, determining a number of identity validation methods required based at least in part on the type of data subject access request; validating an identity of the requestor, based at least in part on the determined number of identity validation methods required, by prompting the requestor to identify information associated with the identified data subject, wherein validating the identity of the requestor further includes; accessing, via one or more computer networks, one or more third-party data aggregation systems; determining, based at least in part on data information received via the one or more third-party data aggregation systems, that the identified data subject exists; and in response to determining that the identified data subject exists, confirming, based at least in part on the data information received via the one or more third-party data aggregation systems and the one or more request parameters, that the requestor is the identified data subject; and in response to validating the identity of the requestor, taking the one or more actions based at least in part on the data subject access request, wherein the one or more actions include one or more actions related to automatically identifying the one or more pieces of personal data associated with the identified data subject. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer-implemented data processing method for responding to a data subject access request, the computer-implemented data processing method comprising:
-
receiving a data subject access request from a requestor that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with an identified data subject that the particular organization has obtained on the identified data subject, wherein at least one of the one or more pieces of personal data associated with the identified data subject was not provided to the particular organization by the identified data subject, and wherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a first type of data subject access request that requires a first number of identity validation methods, and a second type of data subject access request that requires a second number of identity validation methods, wherein the first number of identity validation methods is different than the second number of identity validation methods; in response to receiving the data subject access request from the requestor, determining a number of identity validation methods required based at least in part on the type of data subject access request; validating an identity of the requestor, based at least in part on the determined number of identity validation methods required, by prompting the requestor to identify information associated with the identified data subject, wherein validating the identity of the requestor further comprises; accessing, via one or more computer networks, one or more third-party data aggregation systems; determining, based at least in part on data information received via the one or more third-party data aggregation systems, that the identified data subject exists; and in response to determining that the identified data subject exists, confirming, based at least in part on the data information received via the one or more third-party data aggregation systems and the one or more request parameters, that the requestor is the identified data subject; in response to validating the identity of the requestor, automatically identifying, by one or more computer processors, one or more pieces of personal data associated with the identified data subject, wherein the one or more pieces of personal data associated with the identified data subject are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying, by the one or more computer processors, the one or more pieces of personal data associated with the identified data subject, automatically facilitating deletion of the one or more pieces of personal data associated with the identified data subject being stored in the one or more data repositories associated with the particular organization. - View Dependent Claims (16, 17, 18)
-
Specification