Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns
First Claim
1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a customized risk level for the privacy campaign based on the data input, comprising:
- receiving, by one or more computer processors, via a graphical user interface, a command to initiate a privacy campaign, wherein the privacy campaign comprises an operation that utilizes personal data collected from one or more individuals;
in response to receiving the command to initiate the privacy campaign, initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign and digitally storing the electronic record in computer memory;
electronically receiving, by one or more computer processors, campaign data for the privacy campaign, the campaign data being input by one or more users and comprising each of;
an identification of one or more types of personal data collected as part of the privacy campaign;
at least one data subject from which the personal data will be collected as part of the privacy campaign;
a storage location where the personal data is to be stored as part of the privacy campaign; and
data indicating who will have access to the personal data at the storage location;
obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign;
automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign;
processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign;
digitally storing the campaign data associated with the electronic record for the campaign;
using one or more computer processors, calculating a customized risk level for the privacy campaign based on the privacy campaign data and electronically associating the customized risk level with the record for the privacy campaign, wherein calculating the customized risk level for the privacy campaign comprises;
electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign;
receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized weighting factor to each of a plurality of risk factors, wherein the plurality of risk factors include;
a nature of the personal data associated with the privacy campaign;
a physical location of the personal data associated with the privacy campaign;
a length of time that the personal data associated with the privacy campaign will be retained in storage;
a type of individual from which the personal data associated with the privacy campaign originated; and
a country of residence of at least one data subject from which the personal data was collected as part of the privacy campaign;
receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized relative risk rating to each of the plurality of risk factors; and
electronically calculating a risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the customized relative risk rating for the respective risk factor and the respective customized weighting factor for the respective risk factor; and
digitally storing the risk level associated with the electronic record for the campaign.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.
935 Citations
20 Claims
-
1. A computer-implemented data processing method for electronically receiving the input of campaign data related to a privacy campaign and electronically calculating a customized risk level for the privacy campaign based on the data input, comprising:
-
receiving, by one or more computer processors, via a graphical user interface, a command to initiate a privacy campaign, wherein the privacy campaign comprises an operation that utilizes personal data collected from one or more individuals; in response to receiving the command to initiate the privacy campaign, initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign and digitally storing the electronic record in computer memory; electronically receiving, by one or more computer processors, campaign data for the privacy campaign, the campaign data being input by one or more users and comprising each of; an identification of one or more types of personal data collected as part of the privacy campaign; at least one data subject from which the personal data will be collected as part of the privacy campaign; a storage location where the personal data is to be stored as part of the privacy campaign; and data indicating who will have access to the personal data at the storage location; obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign; automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign; processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign; digitally storing the campaign data associated with the electronic record for the campaign; using one or more computer processors, calculating a customized risk level for the privacy campaign based on the privacy campaign data and electronically associating the customized risk level with the record for the privacy campaign, wherein calculating the customized risk level for the privacy campaign comprises; electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign; receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized weighting factor to each of a plurality of risk factors, wherein the plurality of risk factors include; a nature of the personal data associated with the privacy campaign; a physical location of the personal data associated with the privacy campaign; a length of time that the personal data associated with the privacy campaign will be retained in storage; a type of individual from which the personal data associated with the privacy campaign originated; and a country of residence of at least one data subject from which the personal data was collected as part of the privacy campaign; receiving, by one or more computer processors, an electronic input from the one or more users assigning a respective customized relative risk rating to each of the plurality of risk factors; and electronically calculating a risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the customized relative risk rating for the respective risk factor and the respective customized weighting factor for the respective risk factor; and digitally storing the risk level associated with the electronic record for the campaign. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign for an organization and electronically calculating a customized risk level for the privacy campaign based on the data input, the method comprising:
-
initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign for the organization and digitally storing the electronic record in computer memory, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; presenting on one or more graphical user interfaces a plurality of prompts for an input of campaign data related to the privacy campaign; electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises each of; a description of the privacy campaign; an identification of one or more types of personal data collected as part of the privacy campaign; at least one subject from which the personal data will be collected as part of the privacy campaign; a storage location where the personal data is to be stored as part of the privacy campaign; and data indicating who will have access to the personal data at the storage location; obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign; automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign; processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign; digitally storing the campaign data associated with the electronic record for the privacy campaign; calculating a customized risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the privacy campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign; determining whether to apply one or more first user customizations to each respective weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors include; a nature of the personal data associated with the privacy campaign; a length of time that the personal data associated with the privacy campaign will be retained in storage; a type of individual from which the personal data associated with the privacy campaign originated; and a country of residence of at least one subject from which the personal data was collected as part of the privacy campaign; in response to determining to apply the one or more user first customizations to each respective weighting factor for each of the plurality of risk factors, applying the one or more first customizations and determining a respective customized weighting factor for each of the plurality of risk factors; determining whether to apply one or more second user customizations to each respective relative risk rating to be applied to each respective customized weighting factor; in response to determining to apply the one or more user second customizations to each respective relative risk rating to be applied to each respective weighting factor, applying the one or more second customizations and assigning a respective customized relative risk rating to each respective customized weighting factor; electronically calculating the customized risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective customized weighting factor and the respective customized relative risk rating assigned to each respective customized weighting factor; and digitally storing the customized risk level associated with the electronic record for the privacy campaign. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented data processing method for electronically receiving the input of campaign data associated with a privacy campaign for an organization and electronically calculating a customized risk level for the privacy campaign based on the data input, comprising:
-
initiating a routine, by one or more computer processors, to create an electronic record for the privacy campaign for the organization and digitally storing the electronic record in computer memory, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; presenting on one or more graphical user interfaces a plurality of prompts for an input of campaign data related to the privacy campaign; electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises each of; a description of the privacy campaign; an identification of one or more types of personal data collected as part of the privacy campaign; at least one data subject from which the personal data will be collected as part of the privacy campaign; a storage location where the personal data is to be stored as part of the privacy campaign; and data indicating who will have access to the personal data at the storage location; obtaining a copy of a software application used to collect the personal data collected as part of the privacy campaign; automatically electronically analyzing, by one or more computer processors, the software application to determine one or more privacy-related attributes of the software application, the one or more privacy-related attributes indicating the one or more types of personal data collected as part of the privacy campaign; processing the campaign data by electronically associating the campaign data with the electronic record for the privacy campaign; digitally storing the campaign data associated with the electronic record for the privacy campaign; using a custom risk level determination means to calculate a customized risk level for the privacy campaign based on the campaign data and electronically associating the risk level with the electronic record for the privacy campaign, wherein calculating the risk level for the campaign comprises; electronically retrieving, from a database, the campaign data associated with the electronic record for the privacy campaign; determining whether to apply one or more first user customizations to each respective weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors include; a nature of the personal data associated with the privacy campaign; a length of time that the personal data associated with the privacy campaign will be retained in storage; a type of individual from which the personal data associated with the privacy campaign originated; and a country of residence of at least one subject from which the personal data was collected as part of the privacy campaign; in response to determining to apply the one or more user first customizations to each respective weighting factor for each of the plurality of risk factors, applying the one or more first customizations and determining a respective customized weighting factor for each of the plurality of risk factors; determining whether to apply one or more second user customizations to each respective relative risk rating to be applied to each respective customized weighting factor; and in response to determining to apply the one or more user second customizations to each respective relative risk rating to be applied to each respective weighting factor, applying the one or more second customizations and assigning a respective customized relative risk rating to each respective customized weighting factor; electronically calculating the customized risk level for the privacy campaign based upon, for each respective one of the plurality of risk factors, the respective customized weighting factor and the respective customized relative risk rating assigned to each respective customized weighting factor; and digitally storing the customized risk level associated with the electronic record for the privacy campaign.
-
Specification