Data processing systems for identity validation of data subject access requests and related methods
First Claim
1. A computer-implemented data processing method for validating a data subject access request, the computer-implemented data processing method comprising:
- receiving, by at least one computer processor, a data subject access request provided by a requestor, wherein the data subject access request comprises a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with an identified data subject that the particular organization has obtained on the identified data subject,wherein at least one of the one or more pieces of personal data associated with the identified data subject was not provided to the particular organization by the identified data subject, andwherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of;
a first type of data subject access request that requires a first number of authentication methods, anda second type of data subject access request that requires a second number of authentication methods, wherein the first number of authentication methods is different than the second number of authentication methods;
in response to receiving the data subject access request provided by the requestor, determining, by at least one computer processor, one or more authentication methods required to validate an identity of the requestor as the identified data subject of the data subject access request;
providing, by at least one computer processor, the one or more authentication methods to the requestor, wherein each of the one or more authentication methods comprise prompting the requestor to provide particular information to validate the identity of the requestor as the identified data subject;
determining, by at least one computer processor, whether to validate the identity of the requestor as the identified data subject based at least in part on the particular information provided by the requestor associated with each of the one or more authentication methods;
in response to determining to validate the identity of the requestor as the identified data subject, validating, by at least one computer processor, the identity of the requestor as the identified data subject; and
in response to validating the identity of the requestor as the identified data subject, processing, by at least one computer processor, the data subject access request by;
automatically identifying, by at least one computer processor, the one or more pieces of personal data associated with the identified data subject, wherein the one or more pieces of personal data associated with the identified data subject are stored in one or more data repositories associated with the particular organization; and
in response to automatically identifying the one or more pieces of personal data associated with the identified data subject, performing, by at least one computer processor, the one or more actions on the one or more pieces of personal data associated with the identified data subject based at least in part on the data subject access request.
2 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a computer-implemented data processing method for responding to a data subject access request comprises: (A) receiving a data subject access request from a requestor comprising one or more request parameters; (B) validating an identity of the requestor by prompting the requestor to identify information associated with the requestor; (C) in response to validating the identity of the requestor, processing the request by identifying one or more pieces of personal data associated with the requestor, the one or more pieces of personal data being stored in one or more data repositories associated with a particular organization; and (D) taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data.
778 Citations
20 Claims
-
1. A computer-implemented data processing method for validating a data subject access request, the computer-implemented data processing method comprising:
-
receiving, by at least one computer processor, a data subject access request provided by a requestor, wherein the data subject access request comprises a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with an identified data subject that the particular organization has obtained on the identified data subject, wherein at least one of the one or more pieces of personal data associated with the identified data subject was not provided to the particular organization by the identified data subject, and wherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a first type of data subject access request that requires a first number of authentication methods, and a second type of data subject access request that requires a second number of authentication methods, wherein the first number of authentication methods is different than the second number of authentication methods; in response to receiving the data subject access request provided by the requestor, determining, by at least one computer processor, one or more authentication methods required to validate an identity of the requestor as the identified data subject of the data subject access request; providing, by at least one computer processor, the one or more authentication methods to the requestor, wherein each of the one or more authentication methods comprise prompting the requestor to provide particular information to validate the identity of the requestor as the identified data subject; determining, by at least one computer processor, whether to validate the identity of the requestor as the identified data subject based at least in part on the particular information provided by the requestor associated with each of the one or more authentication methods; in response to determining to validate the identity of the requestor as the identified data subject, validating, by at least one computer processor, the identity of the requestor as the identified data subject; and in response to validating the identity of the requestor as the identified data subject, processing, by at least one computer processor, the data subject access request by; automatically identifying, by at least one computer processor, the one or more pieces of personal data associated with the identified data subject, wherein the one or more pieces of personal data associated with the identified data subject are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the identified data subject, performing, by at least one computer processor, the one or more actions on the one or more pieces of personal data associated with the identified data subject based at least in part on the data subject access request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented data processing method for responding to a data subject access request, the computer-implemented data processing method comprising:
-
receiving a data subject access request from a requestor comprising one or more request parameters, wherein the data subject access request comprises a request for a particular organization to perform one or more actions with regard to one or more pieces of personal data associated with a data subject that the particular organization has at least temporarily stored, wherein at least one of the one or more pieces of personal data associated with the data subject was not provided to the particular organization by the data subject, and wherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a first type of data subject access request that requires a first number of authentication methods, and a second type of data subject access request that requires a second number of authentication methods, wherein the first number of authentication methods is different than the second number of authentication methods; in response to receiving the data subject access request from the requestor, determining one or more authentication methods required to validate an identity of the requestor as the data subject of the data subject access request; validating the identity of the requestor by prompting the requestor to identify information associated with the requestor; in response to validating the identity of the requestor, processing the data subject access request by automatically identifying one or more pieces of personal data associated with the data subject, wherein the one or more pieces of personal data associated with the data subject are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the data subject, taking one or more actions based at least in part on the data subject access request, wherein the one or more actions includes one or more actions related to the one or more pieces of personal data associated with the data subject. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable medium storing computer-executable instructions to perform a method comprising:
-
receiving a data subject access request from a requestor, wherein the data subject access request comprises; one or more request parameters; and a request for a particular organization to perform one or more actions related to one or more pieces of personal data associated with a data subject that the particular organization has processed, wherein at least one of the one or more pieces of personal data associated with the data subject was not provided to the particular organization by the data subject, and wherein the data subject access request comprises one or more request parameters, wherein one of the one or more request parameters of the data subject access request comprises a type of data subject access request, and wherein the type of data subject access request is selected from a group consisting of; a first type of data subject access request that requires a first number of authentication methods, and a second type of data subject access request that requires a second number of authentication methods, wherein the first number of authentication methods is different than the second number of authentication methods; in response to receiving the data subject access request from the requestor, determining one or more authentication methods required to validate an identity of the requestor as the data subject of the data subject access request; validating the identity of the requestor by prompting the requestor to identify information associated with the requestor; in response to validating the identity of the requestor, processing the request by automatically identifying, using one or more data modelling techniques, one or more pieces of personal data associated with the requestor, wherein the one or more pieces of personal data are stored in one or more data repositories associated with the particular organization; and in response to automatically identifying the one or more pieces of personal data associated with the data subject, taking the one or more actions based at least in part on the data subject access request, wherein the one or more actions includes one or more actions related to the one or more pieces of personal data associated with the data subject. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification