Consent receipt management systems and related methods

US 10,503,926 B2
Filed: 02/17/2019
Issued: 12/10/2019
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A consent receipt management system comprising:

one or more processors; and

computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for;

receiving a request to initiate a transaction between the entity and the data subject, the transaction involving collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction;

in response to receiving the request;

identifying a transaction identifier associated with the transaction;

generating, a unique consent receipt key for the transaction; and

determining a unique subject identifier for the data subject;

electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory;

electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier;

generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key;

electronically transmitting the consent record to the data subject;

providing a consent receipt management portal;

displaying, to the data subject, via the consent receipt management portal, the plurality of consent records;

analyzing the plurality of consent records to identify one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent;

determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent;

in response to determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent, prompting the data subject to provide the confirmatory consent;

enabling the data subject to withdraw, via the consent receipt management portal, a consent for the collection or processing of personal data associated with the data subject by the entity as part of the transaction;

receiving a request from the data subject via the consent receipt management portal to withdraw the consent; and

in response to receiving the request to withdraw the consent;

modifying the unique consent receipt key to include data related to a time of the request to withdraw;

automatically ceasing the collection or processing of the personal data associated with the data subject as part of the transaction; and

identifying, based at least in part on one or more data models defining one or more data transfers among one or more data assets utilized by the entity for the collection or processing of the personal data, a respective storage location of each of one or more pieces of personal data associated with the data subject on the one or more data assets that was collected or processed by the entity prior to receiving the request to withdraw the consent;

in response to identifying the respective storage location of each of the one or more pieces of personal data associated with the data subject, automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; and

automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject that do not have one or more legal bases for continued storage, wherein the first portion of the one or more pieces of personal data is different from the second portion of the one or more pieces of personal data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A consent receipt management and data processing system may be configured to provide a centralized repository of consent receipt preferences for a plurality of data subjects. In various embodiments, the system is configured to provide an interface to the plurality of data subjects for modifying consent preferences and capture consent preference changes. The system may provide the ability to track the consent status of pending and confirmed consents. In other embodiments, the system may provide a centralized repository of consent receipts that a third-party system may reference when taking one or more actions related to a processing activity.

661 Citations

14 Claims

1. A consent receipt management system comprising:
- one or more processors; and
  
  computer memory that stores a plurality of consent records associated with a unique subject identifier, each of the plurality of consent records being associated with a respective transaction of a plurality of transactions involving a data subject and an entity, wherein the consent receipt management system is configured for;
  
  receiving a request to initiate a transaction between the entity and the data subject, the transaction involving collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction;
  
  in response to receiving the request;
  
  identifying a transaction identifier associated with the transaction;
  
  generating, a unique consent receipt key for the transaction; and
  
  determining a unique subject identifier for the data subject;
  
  electronically storing the unique subject identifier, the unique consent receipt key, and the transaction identifier in computer memory;
  
  electronically associating the unique subject identifier, the unique consent receipt key, and the transaction identifier;
  
  generating a consent record for the transaction, the consent record comprising at least the unique subject identifier and the unique consent receipt key;
  
  electronically transmitting the consent record to the data subject;
  
  providing a consent receipt management portal;
  
  displaying, to the data subject, via the consent receipt management portal, the plurality of consent records;
  
  analyzing the plurality of consent records to identify one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent;
  
  determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent;
  
  in response to determining which of the identified one or more transactions associated with the unique subject identifier that require the data subject to provide confirmatory consent for which the data subject has not provided the confirmatory consent, prompting the data subject to provide the confirmatory consent;
  
  enabling the data subject to withdraw, via the consent receipt management portal, a consent for the collection or processing of personal data associated with the data subject by the entity as part of the transaction;
  
  receiving a request from the data subject via the consent receipt management portal to withdraw the consent; and
  
  in response to receiving the request to withdraw the consent;
  
  modifying the unique consent receipt key to include data related to a time of the request to withdraw;
  
  automatically ceasing the collection or processing of the personal data associated with the data subject as part of the transaction; and
  
  identifying, based at least in part on one or more data models defining one or more data transfers among one or more data assets utilized by the entity for the collection or processing of the personal data, a respective storage location of each of one or more pieces of personal data associated with the data subject on the one or more data assets that was collected or processed by the entity prior to receiving the request to withdraw the consent;
  
  in response to identifying the respective storage location of each of the one or more pieces of personal data associated with the data subject, automatically determining that a first portion of the one or more of the pieces of personal data has one or more legal bases for continued storage; and
  
  automatically facilitating deletion of a second portion of the one or more pieces of personal data associated with the data subject that do not have one or more legal bases for continued storage, wherein the first portion of the one or more pieces of personal data is different from the second portion of the one or more pieces of personal data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The consent receipt management system of claim 1, wherein the consent receipt management system is further configured for:
    - enabling the data subject to rescind, via the consent receipt management portal, a consent for the collection or processing of personal data associated with the data subject that the data subject has previously provided as part of a particular transaction of the plurality of transactions.
  - 3. The consent receipt management system of claim 1, wherein the unique consent receipt key defines one or more consent preferences selected by the data subject regarding the transaction.
  - 4. The consent receipt management system of claim 3, wherein the consent receipt management system is further configured for:
    - receiving, via the consent receipt management portal from the data subject, a request to modify the one or more consent preferences; and
      
      in response to receiving the request to modify the one or more consent preferences, modifying the unique consent receipt key based at least in part on the request to modify the one or more consent preferences.
  - 5. The consent receipt management system of claim 4, wherein the request to modify the one or more consent preferences comprises a request to modify a frequency of one or more actions that make up the transaction.
  - 6. The consent receipt management system of claim 1 wherein the consent receipt management system is further configured for:
    - maintaining a plurality of unique consent receipt keys for a plurality of data subjects for the transaction, each of the plurality of unique consent receipt keys defining one or more respective consent preferences for each respective data subject of the plurality of data subjects.
  - 7. The consent receipt management system of claim 6, wherein the consent receipt management system is further configured for:
    - receiving a request to initiate take one or more actions related to transaction; and
      
      in response to receiving the request to take the one or more actions, taking the one or more actions with each respective data subject of the plurality of data subjects based at least in part on the one or more respective consent preferences.

8. A computer-implemented data processing method for managing a plurality of consent receipts under a transaction that comprises processing, by an entity, of one or more pieces of personal data associated with one or more data subjects, the method comprising:
- providing, by one or more processors, to the one or more data subjects, a user interface for initiating a transaction between the entity and each respective data subject of the one or more data subjects;
  
  receiving, by one or more processors, a plurality of requests to initiate a plurality of transactions, each of the plurality of transactions comprising a respective transaction between the entity and a respective data subject of the one or more data subjects;
  
  in response to receiving each of the plurality of requests, generating, by one or more processors, a unique respective consent receipt key, the unique respective consent receipt key comprising an indication of consent by each of the one or more data subjects to the processing of the one or more pieces of personal data;
  
  electronically storing and associating, by one or more processors, each unique respective consent receipt key, a unique identifier for the respective data subject, and a unique transaction identifier associated with the respective transaction of the plurality of transactions in computer memory;
  
  providing, by one or more processors, to each of the one or more data subjects, a user interface for accessing and modifying the respective consent receipt key;
  
  electronically transmitting the unique respective consent receipt key to each of the one or more data subjects;
  
  prompting each of the one or more data subjects to confirm consent by each of the one or more data subjects to the processing of the one or more pieces of personal data;
  
  receiving, from a particular data subject of the one or more data subjects, confirmation of the consent to the processing of the one or more pieces of personal data;
  
  in response to receiving the confirmation of the consent to the processing of the one or more pieces of personal data, modifying a consent receipt key associated with the particular data subject based at least in part on the confirmation;
  
  receiving an indication that a data system associated with the entity has processed a new piece of personal data associated with the particular data subject as part of a particular transaction of the plurality of transactions;
  
  in response to receiving the indication that the data system has processed the new piece of personal data, determining, based on the plurality of consent receipts, whether the particular data subject has provided the confirmation of the consent for the processing of the new piece of personal data as part of the particular transaction;
  
  in response to determining that the particular data subject has provided the confirmation of the consent, automatically processing the new piece of personal data; and
  
  in response to determining that the particular data subject has not provided the confirmation of the consent;
  
  automatically ceasing processing of the new piece of personal data; and
  
  prompting the particular data subject to provide the confirmation of the consent.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented data processing method of claim 8, wherein each unique respective consent receipt key defines one or more consent preferences selected by the respective data subject regarding the respective transaction.
  - 10. The computer-implemented data processing method of claim 9, the method further comprising:
    - receiving, from a particular data subject of the one or more data subjects, via the user interface, a request to modify the one or more consent preferences; and
      
      in response to receiving the request to modify the one or more consent preferences;
      
      modifying a consent receipt key associated with the particular data subject based at least in part on the request to modify the one or more consent preferences.
  - 11. The computer-implemented data processing method of claim 10, the method further comprising:
    - in response to receiving the request to modify the one or more consent preferences;
      
      identifying one or more additional data subjects of the one or more data subjects that share at least one data subject characteristic with the particular data subject; and
      
      automatically modifying the unique consent receipt key associated with each of the one or more additional data subjects based at least in part on the request to modify the one or more consent preferences.
  - 12. The computer-implemented data processing method of claim 8, the method further comprising:
    - analyzing each unique respective consent receipt key to identify one or more unique consent receipt keys for which the receptive data subject has not confirmed the consent to the processing of the one or more pieces of personal data.
  - 13. The computer-implemented data processing method of claim 12, the method further comprising:
    - identifying each respective data subject for each of the one or more unique consent receipt keys for which the respective data subject has not confirmed the consent to the processing of the one or more pieces of personal data; and
      
      in response to identifying each respective data subject for each of the one or more unique consent receipt keys for which the respective data subject has not confirmed the consent to the processing of the one or more pieces of personal data, prompting each respective data subject for each of the one or more unique consent receipt keys for which the respective data subject has not confirmed the consent to the processing of the one or more pieces of personal data to confirm the consent to the processing of the one or more pieces of personal data.
  - 14. The computer-implemented data processing method of claim 13, wherein prompting each respective data subject for each of the one or more unique consent receipt keys for which the respective data subject has not confirmed the consent to the processing of the one or more pieces of personal data to confirm the consent to the processing of the one or more pieces of personal data comprises transmitting an electronic message to each respective data subject, the electronic message comprising a user-selectable indicia to confirm the processing of the one or more pieces of personal data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Brannon, Jonathan Blake, Beaumont, Richard A., Mannix, John
Primary Examiner(s)
Wu, Daxin

Application Number

US16/278,120
Publication Number

US 20190180051A1
Time in Patent Office

296 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 11/3065   Monitoring arrangements det...

G06F 11/34   Recording or statistical ev...

G06F 21/6245   Protecting personal data, e...

Consent receipt management systems and related methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

661 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Consent receipt management systems and related methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

661 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others