Data processing systems for fulfilling data subject access requests and related methods
First Claim
Patent Images
1. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
- receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor at a source, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor, and the source comprises a particular IP address or a particular domain;
identifying, by the one or more computer processors, the requestor based at least in part on the one or more request parameters;
identifying, by the one or more computer processors, the source of the data subject access request based at least in part on the requestor or source data associated with the data subject access request;
in response to identifying the requestor and the source of the data subject access request, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints associated with the requestor or the source, wherein the one or more response fulfillment constraints comprise a quantity of data subject access requests from the requestor or the source within a period of time, and wherein determining whether the data subject access request is subject to one or more response fulfillment constraints comprises determining, by the one or more computer processors, whether the requestor is a malicious requestor or whether the source is a malicious source, and wherein determining whether the requestor is a malicious requestor comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold period of time;
in response to determining that the data subject access request is subject to one or more response fulfillment constraints, denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more computer processors, one or more processing fees prior to fulfilling the request; and
in response to determining that the data subject access request is not subject to one or more response fulfillment constraints, fulfilling, by the one or more computer processors, the data subject access request.
2 Assignments
0 Petitions
Accused Products
Abstract
Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.
879 Citations
19 Claims
-
1. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
-
receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor at a source, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor, and the source comprises a particular IP address or a particular domain; identifying, by the one or more computer processors, the requestor based at least in part on the one or more request parameters; identifying, by the one or more computer processors, the source of the data subject access request based at least in part on the requestor or source data associated with the data subject access request; in response to identifying the requestor and the source of the data subject access request, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints associated with the requestor or the source, wherein the one or more response fulfillment constraints comprise a quantity of data subject access requests from the requestor or the source within a period of time, and wherein determining whether the data subject access request is subject to one or more response fulfillment constraints comprises determining, by the one or more computer processors, whether the requestor is a malicious requestor or whether the source is a malicious source, and wherein determining whether the requestor is a malicious requestor comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold period of time; in response to determining that the data subject access request is subject to one or more response fulfillment constraints, denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more computer processors, one or more processing fees prior to fulfilling the request; and in response to determining that the data subject access request is not subject to one or more response fulfillment constraints, fulfilling, by the one or more computer processors, the data subject access request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
-
receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor at a source, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor, and the source comprises a particular IP address or a particular domain; in response to receiving the data subject access request, retrieving, by the one or more computer processors, fulfillment constraint data associated with the data subject access request from a repository server corresponding to a plurality of data subject access requests from a plurality of requestors and a plurality of data subject access request sources, wherein the fulfillment constraint data comprises a quantity of data subject access requests from the requestor or the source within a period of time; determining, by the one or more computer processors, whether the requestor is a malicious requestor or whether the source is a malicious source based on the fulfillment constraint data and the one or more request parameters, wherein determining whether the requestor is a malicious requestor or whether the source is a malicious source comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor or the source within a threshold period of time; in response to determining that the requestor is the malicious requestor or that the source is the malicious source, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints; in response to determining that the data subject access request is subject to the one or more response fulfillment constraints; denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more processors, one or more processing fees prior to fulfilling the request. - View Dependent Claims (13, 14)
-
-
15. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
-
receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor; identifying, by the one or more computer processors, the requestor based at least in part on the one or more request parameters; in response to identifying the requestor of the data subject access request, retrieving, by the one or more computer processors, fulfillment constraint data associated with the requestor, wherein the fulfillment constraint data comprises a stored rating assigned to the requestor, and the stored rating comprises a value assigned based on a source of the data subject access request or historical actions associated with the requestor; determining, by the one or more computer processors, whether the requestor is a potentially malicious requestor based on the fulfillment constraint data, and wherein determining whether the requestor is a potentially malicious requestor comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold period of time; in response to determining that the requestor is potentially malicious, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints; in response to determining that the data subject access request is subject to the one or more response fulfillment constraints, denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more computer processors, one or more processing fees prior to fulfilling the request; and in response to determining that the data subject access request is not subject to one or more response fulfillment constraints, fulfilling, by the one or more computer processors, the data subject access request. - View Dependent Claims (16, 17, 18, 19)
-
Specification