DATA PROCESSING SYSTEMS FOR DATA TRANSFER RISK IDENTIFICATION AND RELATED METHODS

US 20200004968A1
Filed: 09/06/2019
Published: 01/02/2020
Est. Priority Date: 06/10/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented data processing method for assessing a risk associated with one or more data transfers between one or more data assets, the method comprising:

creating a data transfer record for a data transfer between a first asset in a first location and a second asset in a second location;

accessing a set of data transfer rules that are associated with the data transfer record;

performing a data transfer assessment based at least in part on applying the set of data transfer rules on the data transfer record;

identifying one or more data transfer risks associated with the data transfer record, based at least in part on the data transfer assessment;

calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record; and

digitally storing the risk score for the data transfer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In particular embodiments, a Data Transfer Risk Identification System may be configured to analyze one or more data systems (e.g., data assets), identify data transfers between/among those systems, apply data transfer rules to each data transfer record, perform a data transfer assessment on each data transfer record based on the data transfer rules to be applied to each data transfer record, and calculate a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record.

Citations

20 Claims

1. A computer-implemented data processing method for assessing a risk associated with one or more data transfers between one or more data assets, the method comprising:
- creating a data transfer record for a data transfer between a first asset in a first location and a second asset in a second location;
  
  accessing a set of data transfer rules that are associated with the data transfer record;
  
  performing a data transfer assessment based at least in part on applying the set of data transfer rules on the data transfer record;
  
  identifying one or more data transfer risks associated with the data transfer record, based at least in part on the data transfer assessment;
  
  calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record; and
  
  digitally storing the risk score for the data transfer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented data processing method of claim 1, wherein the method further comprises:
    - comparing the risk score for the data transfer to a threshold risk score;
      
      determining that the risk score for the data transfer is a greater risk than the threshold risk score; and
      
      in response to determining that the risk score for the data transfer is a greater risk than the threshold risk score, taking one or more action.
  - 3. The computer-implemented data processing method of claim 2, wherein the one or more action is selected from a group consisting of:
    - providing the data transfer record to one or more individuals for review of the data transfer record; and
      
      automatically terminating the data transfer.
  - 4. The computer-implemented data processing method of claim 2, wherein the one or more action comprises:
    - generating a secure link between one or more processors associated with the first asset in the first location and one or more processors associated with the second asset in the second location; and
      
      providing the data transfer via the secure link between the one or more processors associated with the first asset in the first location and the one or more processors associated with the second asset in the second location.
  - 5. The computer-implemented data processing method of claim 1, wherein calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record further comprises:
    - determining a weighting factor for each of the one or more data transfer risks;
      
      determining a risk rating for each of the one or more data transfer risks; and
      
      calculating the risk level for the data transfer based upon, for each respective one of the one or more data transfer risks, the risk rating for the respective data transfer risk and the weighting factor for the respective data transfer risk.
  - 6. The computer-implemented data processing method of claim 1, wherein the one or more data transfer risks are selected from a group consisting of:
    - a source location of the first location of the one or more first data asset of the data transfer;
      
      a destination location of the second location of the one or more second data asset of the data transfer;
      
      one or more type of data being transferred as part of the data transfer;
      
      a time of the data transfer; and
      
      an amount of data being transferred as part of the data transfer.
  - 7. The computer-implemented data processing method of claim 1, wherein the set of data transfer rules are automatically updated.
  - 8. The computer-implemented data processing method of claim 1, wherein the set of data transfer rules comprise:
    - one or more privacy law framework of the one or more of the first location and the second location; and
      
      one or more entity framework of one or more of (i) an entity associated with the one or more first data asset and (ii) an entity associated with the one or more second data asset.

9. A computer-implemented data processing method for assessing a risk associated with one or more data transfers between one or more data assets, the method comprising:
- accessing a data transfer record for a data transfer between a first asset in a first location and a second asset in a second location;
  
  accessing a set of data transfer rules that are associated with the data transfer record, wherein the set of data transfer rules comprise;
  
  one or more privacy law framework of the one or more of the first location and the second location, andone or more entity framework of one or more of (i) an entity associated with the one or more first data asset and (ii) an entity associated with the one or more second data asset;
  
  performing a data transfer assessment based at least in part on applying the set of data transfer rules on the data transfer record;
  
  identifying one or more data transfer risks associated with the data transfer record, based at least in part on the data transfer assessment;
  
  calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record; and
  
  digitally storing the risk score for the data transfer.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-implemented data processing method of claim 9, wherein the method further comprises:
    - comparing the risk score for the data transfer to a threshold risk score;
      
      determining that the risk score for the data transfer is a greater risk than the threshold risk score; and
      
      in response to determining that the risk score for the data transfer is a greater risk than the threshold risk score, taking one or more action.
  - 11. The computer-implemented data processing method of claim 10, wherein the one or more action is selected from a group consisting of:
    - providing the data transfer record to one or more individuals for review of the data transfer record; and
      
      automatically terminating the data transfer.
  - 12. The computer-implemented data processing method of claim 10, wherein the one or more action comprises:
    - generating a secure link between one or more processors associated with the first asset in the first location and one or more processors associated with the second asset in the second location; and
      
      providing the data transfer via the secure link between the one or more processors associated with the first asset in the first location and the one or more processors associated with the second asset in the second location.
  - 13. The computer-implemented data processing method of claim 9, wherein calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record further comprises:
    - determining a weighting factor for each of the one or more data transfer risks;
      
      determining a risk rating for each of the one or more data transfer risks; and
      
      calculating the risk level for the data transfer based upon, for each respective one of the one or more data transfer risks, the risk rating for the respective data transfer risk and the weighting factor for the respective data transfer risk.
  - 14. The computer-implemented data processing method of claim 9, wherein the one or more data transfer risks are selected from a group consisting of:
    - a source location of the first location of the one or more first data asset of the data transfer;
      
      a destination location of the second location of the one or more second data asset of the data transfer;
      
      one or more type of data being transferred as part of the data transfer;
      
      a time of the data transfer; and
      
      an amount of data being transferred as part of the data transfer.
  - 15. The computer-implemented data processing method of claim 9, wherein the set of data transfer rules are automatically updated.

16. A computer-implemented data processing method for assessing a risk associated with one or more data transfers between one or more data assets, the method comprising:
- accessing a data transfer record for a data transfer between a first asset in a first location and a second asset in a second location;
  
  accessing a set of data transfer rules that are associated with the data transfer record;
  
  performing a data transfer assessment based at least in part on applying the set of data transfer rules on the data transfer record;
  
  identifying one or more data transfer risks associated with the data transfer record, based at least in part on the data transfer assessment;
  
  calculating a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record;
  
  digitally storing the risk score for the data transfer;
  
  comparing the risk score for the data transfer to a threshold risk score;
  
  determining that the risk score for the data transfer is a greater risk than the threshold risk score; and
  
  in response to determining that the risk score for the data transfer is a greater risk than the threshold risk score, taking one or more action.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-implemented data processing method of claim 16, wherein the one or more action is selected from a group consisting of:
    - providing the data transfer record to one or more individuals for review of the data transfer record; and
      
      automatically terminating the data transfer.
  - 18. The computer-implemented data processing method of claim 16, wherein the one or more data transfer risks are selected from a group consisting of:
    - a source location of the first location of the one or more first data asset of the data transfer;
      
      a destination location of the second location of the one or more second data asset of the data transfer;
      
      one or more type of data being transferred as part of the data transfer;
      
      a time of the data transfer; and
      
      an amount of data being transferred as part of the data transfer.
  - 19. The computer-implemented data processing method of claim 16, wherein the one or more action comprises:
    - generating a secure link between one or more processors associated with the first asset in the first location and one or more processors associated with the second asset in the second location; and
      
      providing the data transfer via the secure link between the one or more processors associated with the first asset in the first location and the one or more processors associated with the second asset in the second location.
  - 20. The computer-implemented data processing method of claim 16, further comprising:
    - transferring the data between the first asset in the first location and the second asset in the second location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OneTrust LLC
Original Assignee
OneTrust LLC
Inventors
Brannon, Jonathan Blake, Jones, Kevin, Patton-Kuhl, Dylan D., Kveen, Bryan Patrick, Pavlichek, Nicholas Ian, Crawford, Eliza Rose

Granted Patent

US 10,783,256 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 21/606   by securing the transmissio...

G06F 21/6245   Protecting personal data, e...

G06F 2221/034   Test or assess a computer o...

DATA PROCESSING SYSTEMS FOR DATA TRANSFER RISK IDENTIFICATION AND RELATED METHODS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROCESSING SYSTEMS FOR DATA TRANSFER RISK IDENTIFICATION AND RELATED METHODS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links