Privacy management systems and methods

US 10,796,260 B2
Filed: 03/04/2020
Issued: 10/06/2020
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A data processing system for determining readiness to comply with a set of privacy regulations, the system comprising:

one or more processors; and

computer memory storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;

generating a master compliance readiness questionnaire comprising a plurality of questions;

detecting, on a graphical user interface, a user selection of a first territory;

at least partially in response to detecting the user selection of the first territory;

determining a first set of regulations based at least in part on the first territory;

and generating a first compliance readiness questionnaire based at least in part on the first set of regulations, the first compliance readiness questionnaire comprising a plurality of questions;

detecting, on the graphical user interface, a user selection of a second territory;

at least partially in response to detecting the user selection of the second territory;

determining a second set of regulations based at least in part on the second territory; and

generating a second compliance readiness questionnaire based at least in part on the second set of regulations, the second compliance readiness questionnaire comprising a plurality of questions;

generating an ontology mapping a first question of the plurality of questions of the master compliance readiness questionnaire to a first question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations and to a first question of the plurality of questions of the second compliance readiness questionnaire for the second set of regulations, wherein the first question of the plurality of questions of the master compliance readiness questionnaire solicits information regarding one or more privacy policies;

receiving a request to determine an extent of compliance with a plurality of sets of regulations, wherein the plurality of sets of regulations comprises the set of regulations;

at least partially in response to receiving the request to determine the extent of compliance with the plurality of sets of regulations, generating a prompt to a user requesting an answer to the first question of the plurality of questions of the master compliance readiness questionnaire;

receiving input from the user indicating the answer to the first question of the plurality of questions of the master compliance readiness questionnaire;

storing the answer to the first question of the plurality of questions of the master compliance readiness questionnaire;

accessing the ontology;

populating the first question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations with the answer to the first question of the plurality of questions of the master compliance readiness questionnaire using the ontology;

determining, based at least in part on the answer to the first question of the plurality of questions of the master compliance readiness questionnaire, an extent of compliance with the first set of regulations; and

automatically generating a notification of the extent of compliance with the first set of regulations.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.

1066 Citations

20 Claims

1. A data processing system for determining readiness to comply with a set of privacy regulations, the system comprising:
- one or more processors; and
  
  computer memory storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  generating a master compliance readiness questionnaire comprising a plurality of questions;
  
  detecting, on a graphical user interface, a user selection of a first territory;
  
  at least partially in response to detecting the user selection of the first territory;
  
  determining a first set of regulations based at least in part on the first territory;
  
  and generating a first compliance readiness questionnaire based at least in part on the first set of regulations, the first compliance readiness questionnaire comprising a plurality of questions;
  
  detecting, on the graphical user interface, a user selection of a second territory;
  
  at least partially in response to detecting the user selection of the second territory;
  
  determining a second set of regulations based at least in part on the second territory; and
  
  generating a second compliance readiness questionnaire based at least in part on the second set of regulations, the second compliance readiness questionnaire comprising a plurality of questions;
  
  generating an ontology mapping a first question of the plurality of questions of the master compliance readiness questionnaire to a first question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations and to a first question of the plurality of questions of the second compliance readiness questionnaire for the second set of regulations, wherein the first question of the plurality of questions of the master compliance readiness questionnaire solicits information regarding one or more privacy policies;
  
  receiving a request to determine an extent of compliance with a plurality of sets of regulations, wherein the plurality of sets of regulations comprises the set of regulations;
  
  at least partially in response to receiving the request to determine the extent of compliance with the plurality of sets of regulations, generating a prompt to a user requesting an answer to the first question of the plurality of questions of the master compliance readiness questionnaire;
  
  receiving input from the user indicating the answer to the first question of the plurality of questions of the master compliance readiness questionnaire;
  
  storing the answer to the first question of the plurality of questions of the master compliance readiness questionnaire;
  
  accessing the ontology;
  
  populating the first question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations with the answer to the first question of the plurality of questions of the master compliance readiness questionnaire using the ontology;
  
  determining, based at least in part on the answer to the first question of the plurality of questions of the master compliance readiness questionnaire, an extent of compliance with the first set of regulations; and
  
  automatically generating a notification of the extent of compliance with the first set of regulations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The data processing system of claim 1, wherein the operations further comprise storing an indication of the extent of compliance with the first set of regulations in a central repository.
  - 3. The data processing system of claim 1, wherein the operations further comprise mapping a second question of the plurality of questions of the master compliance readiness questionnaire to a second question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations and to a second question of the plurality of questions of the second compliance readiness questionnaire for the second set of regulations.
  - 4. The data processing system of claim 1, wherein detecting, on the graphical user interface, the user selection of a first territory comprises:
    - generating a graphical representation of a map and presenting the graphical representation of the map on the graphical user interface; and
      
      detecting the user selection of the first territory on the graphical representation of the map.
  - 5. The data processing system of claim 1, wherein the operations further comprise:
    - at least partially in response to receiving the request to determine the extent of compliance with the plurality of sets of regulations, generating a prompt to the user requesting an answer to a second question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations;
      
      receiving input from the user indicating the answer to the second question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations;
      
      storing the answer to the second question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations; and
      
      determining, further based at least in part on the answer to the second question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations, the extent of compliance with the first set of regulations.
  - 6. The data processing system of claim 1, wherein the operations further comprise presenting, on a graphical user interface, a listing of a plurality of territories selected for compliance readiness assessment, wherein the listing of a plurality of territories comprises an entry associated with the first territory and an entry associated with the second territory.
  - 7. The data processing system of claim 1, wherein the ontology further maps the first question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations to the first question of the plurality of questions of the second compliance readiness questionnaire for the second set of regulations.
  - 8. The data processing system of claim 1, wherein the first territory is a first country and the second territory is a second country.
  - 9. The data processing system of claim 1, wherein determining the extent of compliance with the first set of regulations comprises determining a percentage of answers to questions in the first compliance readiness questionnaire for the first set of regulations that correspond to compliant answers to questions in the first compliance readiness questionnaire for the first set of regulations.
  - 10. The data processing system of claim 1, wherein determining the extent of compliance with the first set of regulations comprises:
    - determining, based on an answer to the first question from the first compliance readiness questionnaire for the first set of regulations, that at least one control from a first set of controls required by the first set of regulations has been implemented.
  - 11. The data processing system of claim 1, wherein the operations further comprise:
    - mapping a second question of the plurality of questions of the master compliance readiness questionnaire to a second question of the plurality of questions of the first compliance readiness questionnaire for the first set of regulations; and
      
      mapping a third question of the plurality of questions of the master compliance readiness questionnaire to a second question of the plurality of questions of the second compliance readiness questionnaire for the second set of regulations.

12. A computer-implemented data processing method for determining readiness to comply with a plurality of sets of privacy regulations, the method comprising:
- generating, by one or more processors a master regulatory compliance readiness questionnaire comprising a plurality of questions;
  
  detecting, by one or more processors on a graphical user interface, a user selection of a first territory;
  
  at least partially in response to detecting the user selection of the first territory;
  
  determining, by one or more processors, a first set of privacy regulations based at least in part on the first territory; and
  
  generating, by one or more processors, a first regulatory compliance readiness questionnaire for the first set of privacy regulations, the first regulatory compliance readiness questionnaire for the first set of privacy regulations comprising a plurality of questions;
  
  detecting, by one or more processors on the graphical user interface, a user selection of a second territory;
  
  at least partially in response to detecting the user selection of the second territory;
  
  determining, by one or more processors, a second set of privacy regulations based at least in part on the second territory; and
  
  generating, by one or more processors, a second regulatory compliance readiness questionnaire for the second set of privacy regulations, the second regulatory compliance readiness questionnaire for the second set of privacy regulations comprising a plurality of questions;
  
  generating, by one or more computer processors, an ontology, wherein the ontology;
  
  maps one or more questions from the first regulatory compliance readiness questionnaire for the first set of privacy regulations to a first question in the master regulatory compliance readiness questionnaire; and
  
  maps one or more questions from the second regulatory compliance readiness questionnaire for the second set of privacy regulations to the first question in the master regulatory compliance readiness questionnaire;
  
  presenting, by one or more processors via a graphical user interface, a prompt requesting an answer to the first question in the master regulatory compliance readiness questionnaire from a user;
  
  receiving, by one or more processors via the graphical user interface, input indicating the answer to the first question in the master regulatory compliance readiness questionnaire from the user;
  
  storing, by one or more processors, the answer to the first question in the master regulatory compliance readiness questionnaire;
  
  populating, by one or more processors using the ontology, the one or more questions from the first regulatory compliance readiness questionnaire with the answer to the first question in the master regulatory compliance readiness questionnaire;
  
  populating, by one or more processors using the ontology, the one or more questions from the second regulatory compliance readiness questionnaire with the answer to the first question in the master regulatory compliance readiness questionnaire;
  
  determining, by the one or more processors based on the one or more questions from the first regulatory compliance readiness questionnaire, an extent of compliance with the first set of privacy regulations;
  
  determining, by the one or more processors based on the one or more questions from the second regulatory compliance readiness questionnaire, an extent of compliance with the second set of privacy regulations; and
  
  automatically presenting, by one or more processors on the graphical user interface, an indication of the extent of compliance with the first set of privacy regulations and an indication of the extent of compliance with the second set of privacy regulations.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The computer-implemented data processing method of claim 12, wherein the ontology further maps one or more questions from a third regulatory compliance readiness questionnaire for a third set of privacy regulations to the first question in the master regulatory compliance readiness questionnaire.
  - 14. The computer-implemented data processing method of claim 13, further comprising:
    - populating, by one or more processors using the ontology, the one or more questions from the third regulatory compliance readiness questionnaire for the third set of privacy regulations with the answer to the first question in the master questionnaire;
      
      determining, by the one or more processors based on the one or more questions from the third regulatory compliance readiness questionnaire for the third set of privacy regulations, an extent of compliance with the third set of privacy regulations; and
      
      automatically presenting, by one or more processors on the graphical user interface, an indication of the extent of compliance with the third set of privacy regulations.
  - 15. The computer-implemented data processing method of claim 12, further comprising:
    - receiving, by one or more processors via the graphical user interface, input indicating a third set of privacy regulations;
      
      at least partially in response to receiving the input indicating the third set of privacy regulations, automatically generating a third regulatory compliance readiness questionnaire for the third set of privacy regulations; and
      
      mapping one or more questions from a third regulatory compliance readiness questionnaire for the third set of privacy regulations to the first question in the master regulatory compliance readiness questionnaire.
  - 16. The computer-implemented data processing method of claim 12, wherein:
    - the indication of the extent of compliance with the first set of privacy regulations comprises a percentage of readiness to comply the first set of privacy regulations; and
      
      the indication of the extent of compliance with the second set of privacy regulations comprises a percentage of readiness to comply the second set of privacy regulations.
  - 17. The computer-implemented data processing method of claim 12, further comprising determining, based on the extent of compliance with the first set of privacy regulations and the extent of compliance with the second set of privacy regulations, an extent of compliance with a third set of privacy regulations.
  - 18. The computer-implemented data processing method of claim 12, wherein the ontology further maps at least one of the one or more questions from the first regulatory compliance readiness questionnaire for the first set of privacy regulations to one or more questions from a third regulatory compliance readiness questionnaire for a third set of privacy regulations.
  - 19. The computer-implemented data processing method of claim 12,wherein the first territory is a first country and the second territory is a second country.
  - 20. The computer-implemented data processing method of claim 12, wherein the ontology further:
    - maps one or more additional questions from the first regulatory compliance readiness questionnaire for the first set of privacy regulations associated with the first territory to a second question in master regulatory compliance readiness questionnaire; and
      
      maps one or more additional questions from the second regulatory compliance readiness questionnaire for the second set of privacy regulations associated with the second territory to a third question in the master regulatory compliance readiness questionnaire.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Brannon, Jonathan Blake, Clearwater, Andrew, Philbrook, Brian, Hecht, Trey, Johnson, Wesley, Pavlichek, Nicholas Ian, Chennur, Rajanandini
Primary Examiner(s)
Chen, Shin-Hon (Eric)

Application Number

US16/808,496
Publication Number

US 20200210916A1
Time in Patent Office

216 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 15/76   Architectures of general pu...

G06F 16/95   Retrieval from the web

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 10/067   Enterprise or organisation ...

Privacy management systems and methods

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

1066 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy management systems and methods

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1066 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links