Data processing systems for use in automatically generating, populating, and submitting data subject access requests

US 10,803,198 B2
Filed: 11/01/2019
Issued: 10/13/2020
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method of automatically submitting a data subject access request, the method comprising:

analyzing, by at least one computer processor, a plurality of pieces of electronic correspondence sent to a particular data subject from a particular entity;

determining, by at least one computer processor based on the analysis, that the particular data subject has established a software rule to automatically direct electronic correspondence received from the particular entity to a particular correspondence folder;

at least partially in response to determining that the particular data subject has established the software rule to automatically direct electronic correspondence received from the particular entity to the particular correspondence folder, determining, by at least one computer processor, that the particular data subject does not actively do business with the particular entity; and

at least partially in response to determining that the particular data subject does not actively do business with the particular entity;

scanning, by at least one computer processor, one or more of the plurality of pieces of electronic correspondence to determine one or more pieces of personal data of the particular data subject; and

automatically submitting, by at least one computer processor, a data subject access request to the particular entity on behalf of the particular data subject, wherein the data subject access request comprises the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence, and wherein the data subject access request is a request that is selected from a group consisting of;

(1) a request to rectify inaccurate personal data of the particular data subject;

(2) a request to access of a copy of the personal data of the particular data subject processed by the entity;

(3) a request to restrict the processing of the personal data of the particular data subject;

(4) a request to delete the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence; and

(5) a request to transfer the personal data of the particular data subject to a specified controller.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).

904 Citations

20 Claims

1. A computer-implemented data processing method of automatically submitting a data subject access request, the method comprising:
- analyzing, by at least one computer processor, a plurality of pieces of electronic correspondence sent to a particular data subject from a particular entity;
  
  determining, by at least one computer processor based on the analysis, that the particular data subject has established a software rule to automatically direct electronic correspondence received from the particular entity to a particular correspondence folder;
  
  at least partially in response to determining that the particular data subject has established the software rule to automatically direct electronic correspondence received from the particular entity to the particular correspondence folder, determining, by at least one computer processor, that the particular data subject does not actively do business with the particular entity; and
  
  at least partially in response to determining that the particular data subject does not actively do business with the particular entity;
  
  scanning, by at least one computer processor, one or more of the plurality of pieces of electronic correspondence to determine one or more pieces of personal data of the particular data subject; and
  
  automatically submitting, by at least one computer processor, a data subject access request to the particular entity on behalf of the particular data subject, wherein the data subject access request comprises the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence, and wherein the data subject access request is a request that is selected from a group consisting of;
  
  (1) a request to rectify inaccurate personal data of the particular data subject;
  
  (2) a request to access of a copy of the personal data of the particular data subject processed by the entity;
  
  (3) a request to restrict the processing of the personal data of the particular data subject;
  
  (4) a request to delete the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence; and
  
  (5) a request to transfer the personal data of the particular data subject to a specified controller.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented data processing method of claim 1, wherein the step of determining that the particular data subject does not actively do business with the particular entity is made at least partially in response to determining that none of the plurality of pieces of electronic correspondence has been opened.
  - 3. The computer-implemented data processing method of claim 2, wherein the data subject access request is the request to delete the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence and stored by the entity.
  - 4. The computer-implemented data processing method of claim 1, wherein the data subject access request is a request to delete all the personal data of the particular data subject stored by the entity.
  - 5. The computer-implemented data processing method of claim 1, wherein:
    - the data subject access request is the request to delete the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence; and
      
      the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the plurality of pieces of electronic correspondence comprise an email address of the particular data subject and one or more additional pieces of the personal data of the particular data subject selected from the group consisting of;
      
      (a) a first name of the particular data subject;
      
      (b) a last name of the particular data subject;
      
      (c) an address of the particular data subject; and
      
      (d) a telephone number of the particular data subject.
  - 6. The computer-implemented data processing method of claim 1, wherein each of the plurality of pieces of electronic correspondence is a type of electronic correspondence selected from the group consisting of:
    - (a) an email;
      
      (b) a text message;
      
      (c) a social media post; and
      
      (d) a scan of paper correspondence.
  - 7. The computer-implemented data processing method of claim 1, wherein the step of determining that the particular data subject does not actively do business with the particular entity is made at least partially in response to determining that the particular data subject has established a software rule to automatically delete emails received from the particular entity.

8. A computer-implemented data processing method of automatically submitting a data subject access request, the method comprising:
- analyzing, by at least one computer processor, a plurality of text messages sent to a particular data subject from a particular entity;
  
  determining, by at least one computer processor based on the analysis, that the particular data subject has configured messaging software to automatically block text messages received from the particular entity;
  
  at least partially in response to determining that the particular data subject has configured the messaging software to automatically block the text messages received from the particular entity, determining, by at least one computer processor, that the particular data subject does not actively do business with the particular entity; and
  
  at least partially in response to determining that the particular data subject does not actively do business with the particular entity;
  
  scanning, by at least one computer processor, one or more of the plurality of text messages to identify one or more pieces of personal data of the particular data subject;
  
  automatically generating and populating, by at least one computer processor, a data subject access request to the particular entity on behalf of the particular data subject, wherein the data subject access request comprises the one or more pieces of the personal data of the particular data identified by scanning the one or more of the plurality of text messages; and
  
  automatically submitting, by at least one computer processor, the data subject access request to the particular entity on behalf of the particular data subject, wherein the data subject access request is a request to delete the one or more pieces of the personal data of the particular data subject identified by scanning the one or more of the plurality of text messages and stored by the particular entity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented data processing method of claim 8, wherein determining that the particular data subject does not actively do business with the particular entity comprises:
    - determining a first value based at least in part on determining that the particular data subject has configured the messaging software to automatically block the text messages received from the particular entity; and
      
      determining that the particular data subject does not actively do business with the particular entity based at least in part on the first value.
  - 10. The computer-implemented data processing method of claim 9, wherein determining that the particular data subject does not actively do business with the particular entity based at least in part on the first value comprises:
    - determining a data subject disengagement rating based at least in part on the first value and at least one other value; and
      
      determining that the particular data subject does not actively do business with the particular entity based at least in part on the data subject disengagement rating.
  - 11. The computer-implemented data processing method of claim 10, wherein determining that the particular data subject does not actively do business with the particular entity based at least in part on the data subject disengagement rating comprises:
    - determining that the data subject disengagement rating exceeds a particular threshold.
  - 12. The computer-implemented data processing method of claim 10, wherein determining the data subject disengagement rating based at least in part on the first value and the at least one other value comprises:
    - determining a first weighting factor for the first value;
      
      determining a weighted first value based at least in part on the first value and the weighting factor; and
      
      determining the data subject disengagement rating based at least in part on the weighted first value and the at least one other value.
  - 13. The computer-implemented data processing method of claim 8, wherein the one or more pieces of the personal data of the particular data subject identified by scanning the one or more of the plurality of text messages comprise an email address associated with the particular data subject and one or more additional pieces of the personal data of the particular data subject selected from a group consisting of:
    - (a) a type of the particular data subject;
      
      (b) a type of data subject access request;
      
      (c) a first name of the particular data subject;
      
      (d) a last name of the particular data subject;
      
      and(e) a telephone number associated with the particular data subject.
  - 14. The computer-implemented data processing method of claim 13, further comprising populating the data subject access request with at least one piece of information received from the particular data subject.

15. A data processing system for automatically submitting a data subject access request, the system comprising:
- one or more computer processors; and
  
  computer memory operatively coupled to the computer processor, wherein the data processing system comprises;
  
  means for analyzing a first plurality of pieces of electronic correspondence by scanning one or more components of each piece of the first plurality of pieces of electronic correspondence to identify a particular entity;
  
  means for determining, based at least in part on scanning the one or more components of each piece of the first plurality of pieces of electronic correspondence to identify the particular entity, a second plurality of pieces of electronic correspondence sent to a particular data subject from the particular entity;
  
  means for determining that the particular data subject has submitted a request to the particular entity requesting that the particular entity not send electronic correspondence to the particular data subject;
  
  means for determining, based at least in part on determining that the particular data subject has submitted the request to the particular entity requesting that the particular entity not send electronic correspondence to the particular data subject, that the particular data subject does not use one or more services offered by the particular entity; and
  
  means for, at least partially in response to determining that the particular data subject does not use one or more services offered by the particular entity;
  
  scanning one or more of the second plurality of pieces of electronic correspondence to determine one or more pieces of personal data of the particular data subject;
  
  automatically generating a data subject access request to the particular entity on behalf of the particular data subject;
  
  automatically populating the data subject access request with the one or more pieces of the personal data of the particular data determined by scanning the one or more of the second plurality of pieces of electronic correspondence; and
  
  automatically submitting the data subject access request to the particular entity on behalf of the particular data subject, wherein the data subject access request is a request to delete the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the second plurality of pieces of electronic correspondence and stored by the particular entity.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The data processing system of claim 15, wherein at least one of the second plurality of pieces of electronic correspondence is an email;
    - andwherein at least one of the second plurality of pieces of electronic correspondence is a text message.
  - 17. The data processing system of claim 15, wherein the means for analyzing the first plurality of pieces of electronic correspondence by scanning the one or more components of each piece of the first plurality of pieces of electronic correspondence is a software application comprising a browser plugin configured to interface with one or more web-based e-mail services.
  - 18. The data processing system of claim 15, wherein the means for analyzing the first plurality of pieces of electronic correspondence by scanning the one or more components of each piece of the first plurality of pieces of electronic correspondence is a software application comprising a software plugin configured to integrate with a software application for accessing e-mail on a computing device.
  - 19. The data processing system of claim 15, wherein each of the one or more components of each piece of the first plurality of pieces of electronic correspondence is selected from a group consisting of:
    - (a) a subject field of a respective piece of electronic correspondence;
      
      (b) a sender of a respective piece of electronic correspondence;
      
      (c) a body of a respective piece of electronic correspondence; and
      
      (d) a domain associated with a respective piece of electronic correspondence.
  - 20. The data processing system of claim 15, wherein the one or more pieces of the personal data of the particular data subject determined by scanning the one or more of the second plurality of pieces of electronic correspondence comprise an email address of the particular data subject and one or more additional pieces of the personal data of the particular data subject selected from the group consisting of:
    - (a) a first name of the particular data subject;
      
      (b) a last name of the particular data subject;
      
      (c) an address of the particular data subject; and
      
      (d) a telephone number of the particular data subject.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A., Karanjkar, Mihir S., Finch, Steven W., Browne, Ken A., Heard, Nathan W., Patel, Aakash H., Sabourin, Jason L., Daniel, Richard L., Patton-Kuhl, Dylan D., Jones, Kevin, Brannon, Jonathan Blake
Primary Examiner(s)
Lyons, Andrew M.

Application Number

US16/671,444
Publication Number

US 20200065519A1
Time in Patent Office

347 Days
Field of Search

717101
US Class Current
CPC Class Codes

G06F 15/76   Architectures of general pu...

G06F 16/95   Retrieval from the web

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06Q 10/107   Computer-aided management o...

H04L 63/0236   Filtering by address, proto...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/1408   by monitoring network traff...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

Data processing systems for use in automatically generating, populating, and submitting data subject access requests

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

904 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems for use in automatically generating, populating, and submitting data subject access requests

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

904 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links