Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns

US 10,853,859 B2
Filed: 12/18/2019
Issued: 12/01/2020
Est. Priority Date: 04/01/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a customized risk level for the privacy campaign based on the data input, comprising:

receiving, by one or more computer processors, via a graphical user interface, a command to initiate a privacy campaign, wherein the privacy campaign comprises an operation that utilizes personal data collected from one or more individuals;

in response to receiving the command to initiate the privacy campaign, initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign and digitally storing the electronic record in computer memory;

electronically receiving, by one or more computer processors, campaign data for the privacy campaign, the campaign data being input by one or more users and comprising each of;

an identification of one or more types of personal data collected as part of the privacy campaign;

at least one data subject from which the personal data will be collected as part of the privacy campaign;

a storage location where the personal data is to be stored as part of the privacy campaign; and

data indicating who will have access to the personal data at the storage location;

obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign;

automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign;

processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign;

digitally storing the campaign data associated with the electronic record for the campaign;

using one or more computer processors, calculating a customized risk level for the privacy campaign based on the privacy campaign data and electronically associating the customized risk level with the record for the privacy campaign, wherein calculating the customized risk level for the privacy campaign comprises;

electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign;

receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized weighting factor to each of a plurality of risk factors, wherein the plurality of risk factors include;

a nature of the personal data associated with the privacy campaign;

a physical location of the personal data associated with the privacy campaign;

a length of time that the personal data associated with the privacy campaign will be retained in storage;

a type of individual from which the personal data associated with the privacy campaign originated; and

a country of residence of at least one data subject from which the personal data was collected as part of the privacy campaign;

receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized relative risk rating to each of the plurality of risk factors; and

electronically calculating a risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the customized relative risk rating for the respective risk factor and the respective customized weighting factor for the respective risk factor; and

digitally storing the risk level associated with the electronic record for the campaign.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.

935 Citations

20 Claims

1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a customized risk level for the privacy campaign based on the data input, comprising:
- receiving, by one or more computer processors, via a graphical user interface, a command to initiate a privacy campaign, wherein the privacy campaign comprises an operation that utilizes personal data collected from one or more individuals;
  
  in response to receiving the command to initiate the privacy campaign, initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign and digitally storing the electronic record in computer memory;
  
  electronically receiving, by one or more computer processors, campaign data for the privacy campaign, the campaign data being input by one or more users and comprising each of;
  
  an identification of one or more types of personal data collected as part of the privacy campaign;
  
  at least one data subject from which the personal data will be collected as part of the privacy campaign;
  
  a storage location where the personal data is to be stored as part of the privacy campaign; and
  
  data indicating who will have access to the personal data at the storage location;
  
  obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign;
  
  automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign;
  
  processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign;
  
  digitally storing the campaign data associated with the electronic record for the campaign;
  
  using one or more computer processors, calculating a customized risk level for the privacy campaign based on the privacy campaign data and electronically associating the customized risk level with the record for the privacy campaign, wherein calculating the customized risk level for the privacy campaign comprises;
  
  electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign;
  
  receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized weighting factor to each of a plurality of risk factors, wherein the plurality of risk factors include;
  
  a nature of the personal data associated with the privacy campaign;
  
  a physical location of the personal data associated with the privacy campaign;
  
  a length of time that the personal data associated with the privacy campaign will be retained in storage;
  
  a type of individual from which the personal data associated with the privacy campaign originated; and
  
  a country of residence of at least one data subject from which the personal data was collected as part of the privacy campaign;
  
  receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized relative risk rating to each of the plurality of risk factors; and
  
  electronically calculating a risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the customized relative risk rating for the respective risk factor and the respective customized weighting factor for the respective risk factor; and
  
  digitally storing the risk level associated with the electronic record for the campaign.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented data processing method of claim 1, wherein the one or more users comprises an owner of the privacy campaign.
  - 3. The computer-implemented data processing method of claim 1, wherein electronically retrieving the campaign data associated with the electronic record for the privacy campaign comprises retrieving the campaign data in parallel.
  - 4. The computer-implemented data processing method of claim 1, the method further comprising implementing one or more operations of the computer-implemented data processing method using parallel processing.
  - 5. The computer-implemented data processing method of claim 1, wherein the method further comprises:
    - accepting an input to add a collaborator designated by the one or more users to input the campaign data;
      
      sending an electronic message to the collaborator regarding the addition of the collaborator for adding campaign data for the privacy campaign;
      
      accepting one or more inputs of campaign data from the one or more collaborators; and
      
      electronically associating the campaign data received from the input of the one or more collaborators with the electronic record for the privacy campaign; and
      
      digitally storing the campaign data received from the input of the collaborator with the record for the campaign.
  - 6. The computer-implemented data processing method of claim 1, wherein each respective customized weighting factor comprises a numeric weighting factor.
  - 7. The computer-implemented data processing method of claim 6, wherein the numeric weighting factor is within a first defined range.
  - 8. The computer-implemented data processing method of claim 1, wherein each respective customized relative risk rating comprises a numeric relative risk rating.
  - 9. The computer-implemented data processing method of claim 8, wherein the numeric relative risk rating is within a second defined range.

10. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign for an organization and electronically calculating a customized risk level for the privacy campaign based on the data input, the method comprising:
- initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign for the organization and digitally storing the electronic record in computer memory, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
  
  presenting on one or more graphical user interfaces a plurality of prompts for an input of campaign data related to the privacy campaign;
  
  electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises each of;
  
  a description of the privacy campaign;
  
  an identification of one or more types of personal data collected as part of the privacy campaign;
  
  at least one subject from which the personal data will be collected as part of the privacy campaign;
  
  a storage location where the personal data is to be stored as part of the privacy campaign; and
  
  data indicating who will have access to the personal data at the storage location;
  
  obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign;
  
  automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign;
  
  processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign;
  
  digitally storing the campaign data associated with the electronic record for the privacy campaign;
  
  calculating a customized risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the privacy campaign, wherein calculating the risk level for the campaign comprises;
  
  electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign;
  
  determining whether to apply one or more first user customizations to each respective weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors include;
  
  a nature of the personal data associated with the privacy campaign;
  
  a length of time that the personal data associated with the privacy campaign will be retained in storage;
  
  a type of individual from which the personal data associated with the privacy campaign originated; and
  
  a country of residence of at least one subject from which the personal data was collected as part of the privacy campaign;
  
  in response to determining to apply the one or more user first customizations to each respective weighting factor for each of the plurality of risk factors, applying the one or more first customizations and determining a respective customized weighting factor for each of the plurality of risk factors;
  
  determining whether to apply one or more second user customizations to each respective relative risk rating to be applied to each respective customized weighting factor;
  
  in response to determining to apply the one or more user second customizations to each respective relative risk rating to be applied to each respective weighting factor, applying the one or more second customizations and assigning a respective customized relative risk rating to each respective customized weighting factor;
  
  electronically calculating the customized risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective customized weighting factor and the respective customized relative risk rating assigned to each respective customized weighting factor; and
  
  digitally storing the customized risk level associated with the electronic record for the privacy campaign.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The computer-implemented data processing method of claim 10, the method further comprising:
    - in response to determining not to apply the one or more user first customizations to each respective weighting factor for each of the plurality of risk factors, determining a respective default weighting factor for each of the plurality of risk factors;
      
      electronically calculating a default risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective default weighting factor; and
      
      digitally storing the default risk level associated with the electronic record for the privacy campaign.
  - 12. The computer-implemented data processing method of claim 11, the method further comprising:
    - in response to determining not to apply the one or more user second customizations to each respective relative risk rating to be applied to each respective weighting factor, assigning a respective default relative risk rating to each respective default weighting factor;
      
      electronically calculating the default risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective default weighting factor and the default relative risk rating assigned to each respective default weighting factor; and
      
      digitally storing the default risk level associated with the electronic record for the privacy campaign.
  - 13. The computer-implemented data processing method of claim 10, the method further comprising:
    - in response to determining not to apply the one or more user second customizations to each respective relative risk rating to be applied to each respective weighting factor, assigning the respective default relative risk rating to each respective customized weighting factor;
      
      electronically calculating a risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective customized weighting factor and the default relative risk rating assigned to each respective customized weighting factor; and
      
      digitally storing the risk level associated with the electronic record for the privacy campaign.
  - 14. The computer-implemented data processing method of claim 10, wherein electronically retrieving the campaign data associated with the electronic record for the privacy campaign comprises retrieving the campaign data in parallel.
  - 15. The computer-implemented data processing method of claim 10, the method further comprising implementing one or more operations of the computer-implemented data processing method using parallel processing.
  - 16. The computer-implemented data processing method of claim 10, wherein each respective customized weighting factor comprises a numeric weighting factor.
  - 17. The computer-implemented data processing method of claim 16, wherein the numeric weighting factor is within a first defined range.
  - 18. The computer-implemented data processing method of claim 17, wherein each respective customized relative risk rating comprises a numeric relative risk rating.
  - 19. The computer-implemented data processing method of claim 18, wherein the numeric relative risk rating is within a second defined range.

20. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign for an organization and electronically calculating a customized risk level for the privacy campaign based on the data input, comprising:
- initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign for the organization and digitally storing the electronic record in computer memory, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
  
  presenting on one or more graphical user interfaces a plurality of prompts for an input of campaign data related to the privacy campaign;
  
  electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises each of;
  
  a description of the privacy campaign;
  
  an identification of one or more types of personal data collected as part of the privacy campaign;
  
  at least one data subject from which the personal data will be collected as part of the privacy campaign;
  
  a storage location where the personal data is to be stored as part of the privacy campaign; and
  
  data indicating who will have access to the personal data at the storage location;
  
  obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign;
  
  automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign;
  
  processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign;
  
  digitally storing the campaign data associated with the electronic record for the privacy campaign;
  
  using a custom risk level determination means to calculate a customized risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the privacy campaign, wherein calculating the risk level for the campaign comprises;
  
  electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign;
  
  determining whether to apply one or more first user customizations to each respective weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors include;
  
  a nature of the personal data associated with the privacy campaign;
  
  a length of time that the personal data associated with the privacy campaign will be retained in storage;
  
  a type of individual from which the personal data associated with the privacy campaign originated; and
  
  a country of residence of at least one subject from which the personal data was collected as part of the privacy campaign;
  
  in response to determining to apply the one or more user first customizations to each respective weighting factor for each of the plurality of risk factors, applying the one or more first customizations and determining a respective customized weighting factor for each of the plurality of risk factors;
  
  determining whether to apply one or more second user customizations to each respective relative risk rating to be applied to each respective customized weighting factor; and
  
  in response to determining to apply the one or more user second customizations to each respective relative risk rating to be applied to each respective weighting factor, applying the one or more second customizations and assigning a respective customized relative risk rating to each respective customized weighting factor;
  
  electronically calculating the customized risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective customized weighting factor and the respective customized relative risk rating assigned to each respective customized weighting factor; and
  
  digitally storing the customized risk level associated with the electronic record for the privacy campaign.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Barday, Kabir A.
Primary Examiner(s)
Goodchild, William J.

Application Number

US16/719,488
Publication Number

US 20200126134A1
Time in Patent Office

349 Days
Field of Search

None
US Class Current
CPC Class Codes

G06Q 10/063114   Status monitoring or status...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 30/0609   Buyer or seller confidence ...

G06Q 50/265   Personal security, identity...

Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

935 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

935 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links