Data processing systems for generating and populating a data inventory for processing data access requests

US 10,438,020 B2
Filed: 12/14/2018
Issued: 10/08/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for identifying one or more pieces of personal data associated with a data subject within a data system in order to fulfill a data subject access request, the method comprising:

receiving, by one or more processors, from a data subject, a data subject access request that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data the particular organization has obtained on the data subject;

processing, by one or more processors, the data subject access request by identifying the one or more pieces of personal data associated with the data subject, wherein;

identifying the one or more pieces of personal data associated with the data subject comprises;

accessing a plurality of data models that comprise a respective data inventory for each of a plurality of data storage locations and map one or more relationships between one or more aspects of the data inventory and one or more data storage locations of the plurality of data storage locations;

identifying, based at least in part on one or more data models of the plurality of data models, one or more storage locations of the plurality of data storage locations that comprise each of the one or more pieces of personal data the particular organization has obtained on the data subject; and

retrieving each of the one or more pieces of personal data the particular organization has obtained on the data subject from the one or more storage locations of the plurality of data storage locations;

in response to identifying the one or more pieces of personal data, taking one or more actions selected from the group consisting of;

deleting the one or more pieces of personal data from the data system;

modifying at least one of the one or more pieces of personal data and storing the modified at least one of the one or more pieces of personal data in the data system; and

generating a report comprising the one or more pieces of personal data and providing the report to the data subject.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include any entity that collects, processes, contains, and/or transfers personal data (e.g., a software application, database, website, server, etc.). A data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc. The system may then utilize the generated model to fufill a data subject access request.

462 Citations

20 Claims

1. A computer-implemented data processing method for identifying one or more pieces of personal data associated with a data subject within a data system in order to fulfill a data subject access request, the method comprising:
- receiving, by one or more processors, from a data subject, a data subject access request that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data the particular organization has obtained on the data subject;
  
  processing, by one or more processors, the data subject access request by identifying the one or more pieces of personal data associated with the data subject, wherein;
  
  identifying the one or more pieces of personal data associated with the data subject comprises;
  
  accessing a plurality of data models that comprise a respective data inventory for each of a plurality of data storage locations and map one or more relationships between one or more aspects of the data inventory and one or more data storage locations of the plurality of data storage locations;
  
  identifying, based at least in part on one or more data models of the plurality of data models, one or more storage locations of the plurality of data storage locations that comprise each of the one or more pieces of personal data the particular organization has obtained on the data subject; and
  
  retrieving each of the one or more pieces of personal data the particular organization has obtained on the data subject from the one or more storage locations of the plurality of data storage locations;
  
  in response to identifying the one or more pieces of personal data, taking one or more actions selected from the group consisting of;
  
  deleting the one or more pieces of personal data from the data system;
  
  modifying at least one of the one or more pieces of personal data and storing the modified at least one of the one or more pieces of personal data in the data system; and
  
  generating a report comprising the one or more pieces of personal data and providing the report to the data subject.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented data processing method of claim 1, wherein:
    - the data subject access request comprises a request to be forgotten; and
      
      the one or more actions comprise deleting the one or more pieces of personal data from the data system.
  - 3. The computer-implemented data processing method of claim 2, wherein deleting the one or more pieces of personal data from the data system comprises overwriting the one or more pieces of personal data from computer memory associated with the data system.
  - 4. The computer-implemented data processing method of claim 1, wherein scanning the one or more data inventories stored within the data system for the one or more pieces of personal data comprises:
    - analyzing each of the one or more data inventories to identify one or more data inventory attributes associated with each respective one of the one or more data inventories;
      
      scanning the one or more data inventory attributes; and
      
      analyzing the one or more data inventory attributes to identify the one or more pieces of personal data based at least in part on one or more pieces of identifying information associated with the data subject submitted along with the data subject access request.
  - 5. The computer-implemented data processing method of claim 4, wherein the one or more pieces of identifying information comprise a first name of the data subject, a last name of the data subject, and an e-mail address of the data subject.
  - 6. The computer-implemented data processing method of claim 5, wherein analyzing the one or more data inventory attributes to identify the one or more pieces of personal data based at least in part on one or more pieces of identifying information comprises:
    - identifying each of the one or more pieces of identifying information in the one or more data inventory attributes;
      
      identifying one or more pieces of data associated with the one or more pieces of identifying information in the one or more data inventory attributes; and
      
      in response to identifying the one or more pieces of data associated with the one or more pieces of identifying information in the one or more data inventory attributes, at least temporarily storing the one or more pieces of data as the one or more pieces of personal data associated with the data subject.
  - 7. The computer-implemented data processing method of claim 1, further comprising:
    - using an application programming interface to access a third party information technology system;
      
      receiving one or more pieces of data from the third party information technology system; and
      
      determining the one or more pieces of personal data based at least in part on the received one or more pieces of data and the data subject access request.

8. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
- receiving a data subject access request from a requestor comprising one or more request parameters that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data the particular organization has obtained on the requestor based on the one or more request parameters;
  
  processing the request by identifying one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization, wherein identifying the one or more pieces of personal data associated with the requestor comprises;
  
  accessing a plurality of data models that comprise a respective data inventory for each of the one or more data repositories and map one or more relationships between one or more aspects of the data inventory and the one or more data repositories;
  
  determining, based at least in part on one or more data models of the plurality of data models, one or more storage locations of the one or more data repositories that comprise each of the one or more pieces of personal data associated with the requestor by;
  
  analyzing each respective data inventory to identify one or more data inventory attributes associated with each of the one or more data repositories; and
  
  scanning the one or more data inventory attributes using one or more pieces of identifying information associated with the requestor to determine the one or more storage locations of the one or more data repositories that comprise each of the one or more pieces of personal data associated with the requestorretrieving each of the one or more pieces of personal data associated with the requestor from the one or more storage locations of the one or more data repositories; and
  
  taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The computer-implemented data processing method of claim 8, wherein the one or more actions comprise at least one action selected from the group consisting of:
    - deleting the one or more pieces of personal data;
      
      modifying at least one of the one or more pieces of personal data; and
      
      displaying the one or more pieces of personal data to the requestor.
  - 10. The computer-implemented data processing method of claim 8, wherein identifying the one or more pieces of personal data associated with the requestor comprises:
    - accessing a data model that stores one or more data inventories for one or more data assets;
      
      scanning each of the one or more data inventories to identify one or more data attributes associated with each of the one or more data inventories; and
      
      analyzing each of the one or more data attributes to identify the one or more pieces of personal data.
  - 11. The computer-implemented data processing method of claim 10, wherein the data model is generated by:
    - generating the data model for the one or more data assets used in the collection or storage of personal data;
      
      digitally storing the data model in computer memory;
      
      identifying a first data asset of the one or more data assets;
      
      modifying the data model to include the first data asset;
      
      generating the first data inventory for the first data asset in the data model, the first data inventory comprising one or more inventory attributes comprising one or more pieces of personal data associated with the first data asset;
      
      associating the data inventory with the first data asset in computer memory; and
      
      mapping the first data asset to at least one of the one or more data assets in the data model.
  - 12. The computer-implemented data processing method of claim 11, the method further comprising:
    - identifying the one or more pieces of personal data in the first inventory; and
      
      in response to identifying the one or more pieces of personal data in the first inventory, scanning the at least one of the one or more data sets that are mapped to the first data set.
  - 13. The computer-implemented data processing method of claim 8, wherein:
    - the one or more request parameters comprise one or more identifying characteristics associated with the requestor; and
      
      identifying the one or more pieces of personal data associated with the requestor comprises using one or more intelligent identify scanning means based on the one or more identifying characteristics to identify the one or more pieces of personal data.
  - 14. The computer-implemented data processing method of claim 8, wherein the requestor is a data subject for whom a particular entity has collected the one or more pieces of personal data.
  - 15. The computer-implemented data processing method of claim 8, wherein the requestor is a requestor on behalf of a data subject for whom the particular entity has collected the one or more pieces of personal data.
  - 16. The computer-implemented data processing method of claim 8, wherein identifying the one or more pieces of personal data associated with the requestor comprises generating a data model based on personal data stored by a particular entity using one or more data modeling means.

17. A data subject access request processing system comprising;
- one or more processors;
  
  computer memory; and
  
  a computer-readable medium storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving a data subject access request from a requestor comprising one or more request parameters that is a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data the particular organization has obtained on the requestor based on the one or more request parameters;
  
  processing the request by identifying one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization, wherein identifying the one or more pieces of personal data comprises;
  
  accessing a data map that defines one or more electronic links between the one or more data repositories and stores a plurality of data inventories that define a plurality of inventory attributes for each of the one or more data repositories;
  
  scanning each of the plurality of data inventories to identify one or more data attributes associated with each of the one or more data inventories; and
  
  analyzing each of the one or more data attributes to identify the one or more pieces of personal data; and
  
  taking one or more actions based at least in part on the data subject access request, wherein the one or more actions comprise at least one action selected from the group consisting of;
  
  deleting the one or more pieces of personal data;
  
  modifying at least one of the one or more pieces of personal data; and
  
  displaying the one or more pieces of personal data to the requestor.
- View Dependent Claims (18, 19, 20)
- - 18. The data subject access request processing system of claim 17, wherein:
    - the one or more pieces of personal data are identified in a first data repository; and
      
      the computer-readable medium further stores computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
      
      using the data map to identify a second data repository that stores the one or more pieces of personal data via an electronic link between the first data repository and the second data repository.
  - 19. The data subject access request processing system of claim 18, wherein:
    - the first data repository is a storage asset; and
      
      the second data repository comprises a transfer asset.
  - 20. The data subject access request processing system of claim 19, wherein one or more actions comprise deleting the one or more pieces of personal data from both the storage asset and the transfer asset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Karanjkar, Mihir S., Finch, Steven W., Browne, Ken A., Heard, Nathan W., Patel, Aakash H., Sabourin, Jason L., Daniel, Richard L., Patton-Kuhl, Dylan D., Brannon, Jonathan Blake
Primary Examiner(s)
Wu, Daxin

Application Number

US16/221,153
Publication Number

US 20190138750A1
Time in Patent Office

298 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 15/76   Architectures of general pu...

G06F 21/552   involving long-term monitor...

G06F 21/6227   where protection concerns t...

G06F 21/6254   by anonymising data, e.g. d...

G06N 20/00   Machine learning

Data processing systems for generating and populating a data inventory for processing data access requests

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

462 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for generating and populating a data inventory for processing data access requests

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

462 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links