Data processing systems for fulfilling data subject access requests and related methods

US 10,776,515 B2
Filed: 02/10/2020
Issued: 09/15/2020
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for responding to a data subject access request, the method comprising:

receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor at a source, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor, and the source comprises a particular IP address or a particular domain;

identifying, by the one or more computer processors, the requestor based at least in part on the one or more request parameters;

identifying, by the one or more computer processors, the source of the data subject access request based at least in part on the requestor or source data associated with the data subject access request;

in response to identifying the requestor and the source of the data subject access request, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints associated with the requestor or the source, wherein the one or more response fulfillment constraints comprise a quantity of data subject access requests from the requestor or the source within a period of time, and wherein determining whether the data subject access request is subject to one or more response fulfillment constraints comprises determining, by the one or more computer processors, whether the requestor is a malicious requestor or whether the source is a malicious source, and wherein determining whether the requestor is a malicious requestor comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold period of time;

in response to determining that the data subject access request is subject to one or more response fulfillment constraints, denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more computer processors, one or more processing fees prior to fulfilling the request; and

in response to determining that the data subject access request is not subject to one or more response fulfillment constraints, fulfilling, by the one or more computer processors, the data subject access request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.

879 Citations

19 Claims

1. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
- receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor at a source, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor, and the source comprises a particular IP address or a particular domain;
  
  identifying, by the one or more computer processors, the requestor based at least in part on the one or more request parameters;
  
  identifying, by the one or more computer processors, the source of the data subject access request based at least in part on the requestor or source data associated with the data subject access request;
  
  in response to identifying the requestor and the source of the data subject access request, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints associated with the requestor or the source, wherein the one or more response fulfillment constraints comprise a quantity of data subject access requests from the requestor or the source within a period of time, and wherein determining whether the data subject access request is subject to one or more response fulfillment constraints comprises determining, by the one or more computer processors, whether the requestor is a malicious requestor or whether the source is a malicious source, and wherein determining whether the requestor is a malicious requestor comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold period of time;
  
  in response to determining that the data subject access request is subject to one or more response fulfillment constraints, denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more computer processors, one or more processing fees prior to fulfilling the request; and
  
  in response to determining that the data subject access request is not subject to one or more response fulfillment constraints, fulfilling, by the one or more computer processors, the data subject access request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The computer-implemented data processing method of claim 1, wherein the source is selected from the group consisting of:
    - a particular IP address associated with a competitor of an entity receiving the data subject access request; and
      
      a particular domain associated with a competitor of the entity receiving the data subject access request.
  - 3. The computer-implemented data processing method of claim 2, wherein the source is selected from the group consisting of:
    - a particular IP address or a particular domain associated with a particular geographic region;
      
      a particular IP address or a particular domain associated with a particular political group; and
      
      a particular IP address or a particular domain associated with a particular protesting group.
  - 4. The computer-implemented data processing method of claim 1, wherein the threshold time period comprises a single day.
  - 5. The computer-implemented data processing method of claim 1, wherein determining whether the requestor is a malicious requestor comprises determining, by one or more computer processors, whether the requestor was previously and not currently employed by an entity receiving the data subject access request.
  - 6. The computer-implemented data processing method of claim 1, wherein determining whether the requestor is a malicious requestor comprises determining that the requestor possesses a potential for malicious requests according to a stored rating assigned to the requestor in fulfillment request data associated with the requestor.
  - 7. The computer-implemented data processing method of claim 6, wherein the stored rating is based on historical actions associated with the requestor.
  - 8. The computer-implemented data processing method of claim 1, wherein determining whether the one or more limitations comprise denying the data subject access request or requesting one or more processing fees prior to fulfilling the request comprises analyzing, by one or more computer processors, a complaint history associated with the requestor.
  - 9. The computer-implemented data processing method of claim 1, wherein determining whether the data subject access request is subject to one or more response fulfillment constraints further comprises analyzing, by one or more computer processors, a customer history associated with the requestor, and wherein determining whether the requestor is a malicious requestor comprises determining, based at least in part on the customer history whether the requestor is a malicious requestor.
  - 10. The computer-implemented data processing method of claim 9, wherein the customer history associated with the requestor comprises one or more spending characteristics of the requestor.
  - 11. The computer-implemented data processing method of claim 10, wherein if the one or more spending characteristics comprise an amount spent over a reference time period that exceeds a spending threshold, then in response to determining that the data subject access request is subject to one or more response fulfillment constraints requesting, by one or more computer processors, one or more processing fees prior to fulfilling the data subject access request.

12. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
- receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor at a source, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor, and the source comprises a particular IP address or a particular domain;
  
  in response to receiving the data subject access request, retrieving, by the one or more computer processors, fulfillment constraint data associated with the data subject access request from a repository server corresponding to a plurality of data subject access requests from a plurality of requestors and a plurality of data subject access request sources, wherein the fulfillment constraint data comprises a quantity of data subject access requests from the requestor or the source within a period of time;
  
  determining, by the one or more computer processors, whether the requestor is a malicious requestor or whether the source is a malicious source based on the fulfillment constraint data and the one or more request parameters, wherein determining whether the requestor is a malicious requestor or whether the source is a malicious source comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor or the source within a threshold period of time;
  
  in response to determining that the requestor is the malicious requestor or that the source is the malicious source, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints;
  
  in response to determining that the data subject access request is subject to the one or more response fulfillment constraints;
  
  denying, by the one or more computer processors, the data subject access request, orrequesting, by the one or more processors, one or more processing fees prior to fulfilling the request.
- View Dependent Claims (13, 14)
- - 13. The computer-implemented data processing method of claim 12, wherein the fulfillment constraint data comprises a stored rating assigned to the requestor, and wherein determining whether the requestor is a malicious requestor comprises determining that the requestor possesses a potential for malicious requests according to the stored rating.
  - 14. The computer-implemented data processing method of claim 13, wherein the stored rating is based on historical actions associated with the requestor.

15. A computer-implemented data processing method for responding to a data subject access request, the method comprising:
- receiving, by one or more computer processors, a data subject access request comprising one or more request parameters from a requestor, wherein the one or more request parameters comprise one or more pieces of personal data associated with the requestor;
  
  identifying, by the one or more computer processors, the requestor based at least in part on the one or more request parameters;
  
  in response to identifying the requestor of the data subject access request, retrieving, by the one or more computer processors, fulfillment constraint data associated with the requestor, wherein the fulfillment constraint data comprises a stored rating assigned to the requestor, and the stored rating comprises a value assigned based on a source of the data subject access request or historical actions associated with the requestor;
  
  determining, by the one or more computer processors, whether the requestor is a potentially malicious requestor based on the fulfillment constraint data, and wherein determining whether the requestor is a potentially malicious requestor comprises determining whether the data subject access request comprises one of a threshold quantity of data subject access requests from the requestor within a threshold period of time;
  
  in response to determining that the requestor is potentially malicious, determining, by the one or more computer processors, whether the data subject access request is subject to one or more response fulfillment constraints;
  
  in response to determining that the data subject access request is subject to the one or more response fulfillment constraints, denying, by the one or more computer processors, the data subject access request, or requesting, by the one or more computer processors, one or more processing fees prior to fulfilling the request; and
  
  in response to determining that the data subject access request is not subject to one or more response fulfillment constraints, fulfilling, by the one or more computer processors, the data subject access request.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer-implemented data processing method of claim 15, wherein the source is selected from the group consisting of:
    - a particular IP address associated with a competitor of an entity receiving the data subject access request; and
      
      a particular domain associated with a competitor of the entity receiving the data subject access request.
  - 17. The computer-implemented data processing method of claim 15, wherein the source is selected from the group consisting of:
    - a particular IP address or a particular domain associated with a particular geographic region;
      
      a particular IP address or a particular domain associated with a particular political group; and
      
      a particular IP address or a particular domain associated with a particular protesting group.
  - 18. The computer-implemented data processing method of claim 15, wherein the threshold period of time comprises a single day.
  - 19. The computer-implemented data processing method of claim 15, wherein determining whether the requestor is a malicious requestor comprises determining, by one or more computer processors, whether the requestor was previously and not currently employed by an entity receiving the data subject access request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Sabourin, Jason L., Brannon, Jonathan Blake, Karanjkar, Mihir S., Jones, Kevin
Primary Examiner(s)
Deng, Anna C

Application Number

US16/786,196
Publication Number

US 20200175199A1
Time in Patent Office

218 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 15/76   Architectures of general pu...

G06F 21/31   User authentication

G06F 21/552   involving long-term monitor...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2103   Challenge-response

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

H04L 41/5029   Service quality level-based...

H04L 41/5064   Customer relationship manag...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

H04L 67/53   using third party service p...

Data processing systems for fulfilling data subject access requests and related methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

879 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for fulfilling data subject access requests and related methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

879 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links