Data processing systems for measuring privacy maturity within an organization

US 10,445,526 B2
Filed: 03/25/2019
Issued: 10/15/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for measuring compliance of a particular organization with one or more requirements associated with one or more pieces of computer code originating from the particular organization, the method comprising:

electronically obtaining, by one or more processors, each of the one or more pieces of computer code;

automatically electronically analyzing each of the one or more pieces of computer code to determine one or more privacy-related attributes of each of the one or more pieces of computer code, each of the privacy-related attributes indicating one or more types of privacy campaign data that the computer code collects or accesses;

in response to determining that the computer code has a particular one of the one or more privacy-related attributes, executing the steps of (i) electronically displaying one or more prompts to a first individual requesting that the first individual input information regarding the particular privacy-related attribute;

(ii) receiving input information from the first individual regarding the particular privacy-related attribute; and

(iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a privacy assessment of the computer code;

scanning publicly available data sources for data records associated with the particular organization, the data records comprising one or more public record databases comprising one or more social network websites and one or more additional data records selected from the group consisting of;

one or more privacy disclaimers corresponding with the one or more pieces of computer code; and

one or more privacy notices corresponding to one or more websites corresponding to the particular organization;

determining, by one or more processors, based at least in part on the one or more types of privacy campaign data that the computer code collects or accesses and the publicly available data sources, a privacy maturity score for the particular organization indicating compliance of the organization with one or more privacy-related requirements of the one or more pieces of computer code; and

displaying, by one or more processors, the privacy maturity score on a display screen associated with a computing device; and

marking at least one of the one or more pieces of computer code for modification based at least in part on the privacy maturity score.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privacy compliance measurement system, according to particular embodiments, is configured to determine compliance with one or more privacy compliance requirements by an organization or sub-group of the organization. In various embodiments, the system is configured to determine a privacy maturity rating for each of a plurality of sub-groups within an organization. In some embodiments, the privacy maturity rating is based at least in part on: (1) a frequency of risks or issues identified with Privacy Impact Assessments (PIAs) performed or completed by the one or sub-groups; (2) a relative training level of members of the sub-groups with regard to privacy related matters; (3) a breadth and amount of personal data collected by the sub-groups; and/or (4) etc. In various embodiments, the system is configured to automatically modify one or more privacy campaigns based on the determined privacy maturity ratings.

649 Citations

19 Claims

1. A computer-implemented data processing method for measuring compliance of a particular organization with one or more requirements associated with one or more pieces of computer code originating from the particular organization, the method comprising:
- electronically obtaining, by one or more processors, each of the one or more pieces of computer code;
  
  automatically electronically analyzing each of the one or more pieces of computer code to determine one or more privacy-related attributes of each of the one or more pieces of computer code, each of the privacy-related attributes indicating one or more types of privacy campaign data that the computer code collects or accesses;
  
  in response to determining that the computer code has a particular one of the one or more privacy-related attributes, executing the steps of (i) electronically displaying one or more prompts to a first individual requesting that the first individual input information regarding the particular privacy-related attribute;
  
  (ii) receiving input information from the first individual regarding the particular privacy-related attribute; and
  
  (iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a privacy assessment of the computer code;
  
  scanning publicly available data sources for data records associated with the particular organization, the data records comprising one or more public record databases comprising one or more social network websites and one or more additional data records selected from the group consisting of;
  
  one or more privacy disclaimers corresponding with the one or more pieces of computer code; and
  
  one or more privacy notices corresponding to one or more websites corresponding to the particular organization;
  
  determining, by one or more processors, based at least in part on the one or more types of privacy campaign data that the computer code collects or accesses and the publicly available data sources, a privacy maturity score for the particular organization indicating compliance of the organization with one or more privacy-related requirements of the one or more pieces of computer code; and
  
  displaying, by one or more processors, the privacy maturity score on a display screen associated with a computing device; and
  
  marking at least one of the one or more pieces of computer code for modification based at least in part on the privacy maturity score.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented data processing method of claim 1, wherein the data records comprise the one or more privacy disclaimers corresponding with the one or more pieces of computer code.
  - 3. The computer-implemented data processing method of claim 1, wherein the data records comprise the one or more privacy notices associated with one or more websites associated with the particular organization.
  - 4. The computer-implemented data processing method of claim 3, wherein the method further comprises:
    - analyzing a website of the one or more websites associated with the particular organization to identify the one or more privacy notices;
      
      analyzing one or more contents of the one or more privacy notices; and
      
      electronically calculating the privacy maturity score by electronically calculating the privacy maturity score based on the one or more contents of the one or more privacy notices.
  - 5. The computer-implemented data processing method of claim 4, wherein:
    - the method further comprises;
      
      analyzing the one or more websites associated with the particular organization;
      
      identifying one or more industry certifications associated with the particular organization based on the analysis of the one or more websites; and
      
      electronically calculating the privacy maturity score by electronically calculating the privacy maturity score based on the identification of the one or more industry certifications.
  - 6. The computer-implemented data processing method of claim 1, wherein:
    - the method further comprises;
      
      analyzing one or more public record databases associated with the particular organization;
      
      identifying one or more industry certifications associated with the particular organization from the one or more public record databases; and
      
      electronically calculating the privacy maturity score by electronically calculating the privacy maturity score based on the identification of the one or more industry certifications.
  - 7. The computer-implemented data processing method of claim 6, wherein:
    - analyzing the one or more public record databases comprises analyzing the one or more social networking websites associated with the particular organization.
  - 8. The computer-implemented data processing method of claim 7, wherein:
    - the analysis of the data records comprises analysis of one or more business related job sites associated with the particular organization; and
      
      the method further comprises;
      
      determining one or more employee titles, employee roles, and available job posts corresponding to the particular organization based on the analysis of the one or more social networking websites and the one or more business related job sites; and
      
      calculating the privacy maturity score based on the one or more employee titles, employee roles, and available job posts.
  - 9. The computer-implemented data processing method of claim 1, wherein the method further comprises receiving one or more privacy impact assessments associated with each of the one or more pieces of computer code;
    - anddetermining the privacy maturity score for the particular organization further comprises determining the privacy maturity score based at least in part on the one or more privacy impact assessments.
  - 10. The computer-implemented data processing method of claim 9, wherein:
    - the one or more privacy impact assessments are one or more privacy impact assessments performed prior to execution of the one or more pieces of computer code as part of a privacy campaign.

11. A non-transitory computer-readable medium storing computer-executable instructions for measuring compliance of a plurality of individuals with one or more privacy-related requirements, the method comprising:
- electronically obtaining, by one or more processors, one or more pieces of computer code from one or more websites associated with the plurality of individuals;
  
  automatically electronically analyzing each of the one or more pieces of computer code to determine one or more privacy-related attributes of each of the one or more pieces of computer code, each of the privacy-related attributes indicating one or more types of privacy campaign data that the computer code collects or accesses;
  
  in response to determining that the computer code has a particular one of the one or more privacy-related attributes, executing the steps of (i) electronically displaying one or more prompts to a first individual requesting that the first individual input information regarding the particular privacy-related attribute;
  
  (ii) receiving input information from the first individual regarding the particular privacy-related attribute; and
  
  (iii) communicating the information regarding the particular privacy-related attribute to one or more second individuals for use in conducting a privacy assessment of the computer code;
  
  analyzing, by one or more processors, for at least one of the plurality of individuals, pieces of publicly available data associated with the at least one of the plurality of individuals, the pieces of publicly available data comprising one or more public record databases comprising one or more social network websites and one or more additional pieces of publicly available data selected from the group consisting of;
  
  one or more privacy disclaimers corresponding to the one or more pieces of computer code; and
  
  one or more privacy notices corresponding to the one or more websites associated with the plurality of individuals;
  
  determining, by one or more processors, based at least in part on the one or more types of privacy campaign data that the computer code collects or accesses and the pieces of publicly available data, a privacy maturity score for the plurality of individuals indicating compliance of the plurality of individuals with one or more privacy-related requirements;
  
  displaying, by one or more processors, the privacy maturity score on a display screen associated with a computing device; and
  
  marking at least one of the one or more pieces of computer code for modification based at least in part on the privacy maturity score.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the one or more websites associated the plurality of individuals comprise one or more websites that host the one or more pieces of computer code.
  - 13. The non-transitory computer-readable medium of claim 11, wherein:
    - the pieces of publicly available data comprise the one or more privacy disclaimers associated with the one or more pieces of computer code; and
      
      the one or more privacy disclaimers associated with the one or more pieces of computer code comprise one or more privacy disclaimers associated with one or more software applications published by the plurality of individuals that are available to one or more customers of the plurality of individuals.
  - 14. The non-transitory computer-readable medium of claim 11, wherein:
    - analyzing the pieces of publicly available data comprises analyzing one or more credit bureau databases; and
      
      the non-transitory computer-readable medium further stores computer-executable instructions for;
      
      accessing the one or more credit bureau databases; and
      
      determining one or more pieces of credit data associated with an organization to which the plurality of individuals belong.
  - 15. The non-transitory computer-readable medium of claim 11, wherein:
    - the pieces of publicly available data comprise the one or more privacy disclaimers associated with the one or more pieces of computer code; and
      
      the non-transitory computer-readable medium further stores computer-executable instructions for;
      
      analyzing one or more contents of the one or more privacy disclaimers; and
      
      calculating the privacy maturity score based at least in part on the one or more contents of the one or more privacy disclaimers.
  - 16. The non-transitory computer-readable medium of claim 15, wherein the non-transitory computer-readable medium further stores computer-executable instructions for:
    - determining whether the one or more contents of the one or more privacy disclaimers comprise one or more pieces of language required by one or more regulations;
      
      in response to determining that the one or more contents of the one or more privacy disclaimers comprise the one or more pieces of language, calculating a first privacy awareness score; and
      
      in response to determining that that the one or more contents of the one or more privacy disclaimers do not comprise the one or more pieces of language, calculating a second privacy awareness score.
  - 17. The non-transitory computer-readable medium of claim 11, wherein:
    - the pieces of publicly available data comprise one or more security certifications associated with the plurality of individuals;
      
      the non-transitory computer-readable medium further stores computer-executable instructions for;
      
      determining whether the at least one of the plurality of individuals holds a particular security certification based on the pieces of publicly available data; and
      
      calculating the privacy maturity score based on whether the at least one of the plurality of individuals holds the particular security certification.
  - 18. The non-transitory computer-readable medium of claim 11, wherein:
    - the non-transitory computer-readable medium further stores computer-executable instructions for;
      
      analyzing a website associated with the one or more pieces of computer code to identify the one or more privacy notices;
      
      analyzing one or more contents of the one or more privacy notices; and
      
      determining the privacy maturity score by electronically calculating the privacy maturity score based on the one or more contents of the one or more privacy notices; and
      
      the pieces of publicly available data comprise the one or more privacy notices associated with the one or more websites corresponding to the plurality of individuals.
  - 19. The non-transitory computer-readable medium of claim 11, wherein the pieces of publicly available data comprise the one or more privacy notices associated with the one or more websites associated with the plurality of individuals.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Brannon, Jonathan Blake
Primary Examiner(s)
Lynch, Sharon S

Application Number

US16/363,454
Publication Number

US 20190220623A1
Time in Patent Office

204 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2101   Auditing as a secondary aspect

G06F 3/04842   Selection of displayed obje...

G06Q 50/01   Social networking

H04L 63/04   for providing a confidentia...

H04L 63/20   for managing network securi...

H04W 12/02   Protecting privacy or anony...

Data processing systems for measuring privacy maturity within an organization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

649 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for measuring privacy maturity within an organization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

649 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links