Data processing systems and methods for implementing audit schedules for privacy campaigns
First Claim
1. A computer-implemented data processing method for determining a privacy audit schedule for a privacy campaign, the data processing method comprising:
- displaying, by one or more computer processors, on a graphical user interface, a prompt to create an electronic record for the privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities;
receiving, by one or more computer processors, a command to create an electronic record for the privacy campaign;
creating, by one or more computer processors, an electronic record for the privacy campaign and digitally storing the record;
presenting, by one or more computer processors, on one or more graphical user interfaces, a plurality of prompts for the input of campaign data related to the privacy campaign;
electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises each of;
a description of the campaign;
an identification of one or more types of particular personal data obtained as part of the campaign;
at least one data subject from which the particular personal data was collected;
one or more storage locations where the personal data is to be stored; and
data indicating who will have access to the particular personal data;
processing, by one or more computer processors, the campaign data by electronically associating the campaign data with the record for the privacy campaign;
digitally storing, by one or more computer processors, the campaign data in association with the electronic record for the privacy campaign;
determining, by one or more computer processors, based at least in part on the received campaign data, a risk value associated with the privacy campaign, wherein determining the risk value comprises,electronically retrieving, from a data structure, the campaign data associated with the record for the privacy campaign,electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises;
a nature of the particular personal data associated with the campaign;
a physical location of the particular personal data associated with the campaign;
a length of time that the particular personal data associated with the campaign will be retained in storage; and
a country of residence of at least one subject from which the particular personal data was collected;
electronically determining a relative risk rating for each of the plurality of risk factors;
electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and
electronically assigning, by one or more computer processors, a privacy audit schedule to the privacy campaign based on the determined risk value for the privacy campaign.
2 Assignments
0 Petitions
Accused Products
Abstract
Data processing systems and methods for retrieving data regarding a plurality of data privacy campaigns and for using that data to assess a relative risk associated with the data privacy campaign. In various embodiments, the system may be adapted to: (1) display one or more visual summaries of one or more data flow diagrams that visually depicts key features of the data flow, such as whether data is confidential and/or encrypted; (2) allow for multiple users to be assigned responsibility for populating different respective questions that are required to define the data flow; (3) automatically assess and display a relative risk associated with each campaign; and (4) automatically set, monitor, and facilitate the timely completion of an audit schedule for each campaign.
110 Citations
30 Claims
-
1. A computer-implemented data processing method for determining a privacy audit schedule for a privacy campaign, the data processing method comprising:
-
displaying, by one or more computer processors, on a graphical user interface, a prompt to create an electronic record for the privacy campaign, wherein the privacy campaign utilizes personal data collected from at least one or more persons or one or more entities; receiving, by one or more computer processors, a command to create an electronic record for the privacy campaign; creating, by one or more computer processors, an electronic record for the privacy campaign and digitally storing the record; presenting, by one or more computer processors, on one or more graphical user interfaces, a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises each of; a description of the campaign; an identification of one or more types of particular personal data obtained as part of the campaign; at least one data subject from which the particular personal data was collected; one or more storage locations where the personal data is to be stored; and data indicating who will have access to the particular personal data; processing, by one or more computer processors, the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing, by one or more computer processors, the campaign data in association with the electronic record for the privacy campaign; determining, by one or more computer processors, based at least in part on the received campaign data, a risk value associated with the privacy campaign, wherein determining the risk value comprises, electronically retrieving, from a data structure, the campaign data associated with the record for the privacy campaign, electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; a nature of the particular personal data associated with the campaign; a physical location of the particular personal data associated with the campaign; a length of time that the particular personal data associated with the campaign will be retained in storage; and a country of residence of at least one subject from which the particular personal data was collected; electronically determining a relative risk rating for each of the plurality of risk factors; electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and electronically assigning, by one or more computer processors, a privacy audit schedule to the privacy campaign based on the determined risk value for the privacy campaign. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 26)
-
-
19. A computer-implemented data processing method for determining a privacy audit schedule for a privacy campaign, the data processing method comprising:
-
receiving, by one or more computer processors, a command to set up the privacy campaign in privacy management software; in response to receiving the command, creating, by one or more computer processors, an electronic record for the privacy campaign and digitally storing the record; communicating, by one or more computer processors, to one or more users, a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises;
(1) data indicating what types of particular personal data are obtained as part of the privacy campaign; and
(2) data indicating who will have access to the particular personal data;processing, by one or more computer processors, the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing, by one or more computer processors, the campaign data in association with the record for the privacy campaign; determining, by one or more computer processors, based at least in part on the received campaign data, a risk value associated with the privacy campaign, wherein determining the risk value comprises; electronically retrieving, from a data structure, the campaign data associated with the record for the privacy campaign, electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; a nature of the particular personal data associated with the campaign; a physical location of the particular personal data associated with the campaign; a length of time that the particular personal data associated with the campaign will be retained in storage; and a country of residence of at least one subject from which the particular personal data was collected; electronically determining a relative risk rating for each of the plurality of risk factors; electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and electronically assigning, by one or more computer processors, a privacy audit schedule to the privacy campaign based on the determined risk value for the privacy campaign. - View Dependent Claims (20, 21, 22, 23, 24, 25, 27)
-
-
28. A computer-implemented data processing method for determining a privacy audit schedule for a privacy campaign, the data processing method comprising:
-
receiving, by one or more computer processors, a command to set up privacy campaign in privacy management software; in response to receiving the command, creating, by one or more computer processors, an electronic record for the privacy campaign and digitally storing the record; communicating, by one or more computer processors, to one or more users, a plurality of prompts for the input of campaign data related to the privacy campaign; electronically receiving, by one or more computer processors, campaign data input by one or more users, wherein the campaign data comprises;
(1) data indicating what types of information are obtained as part of the privacy campaign; and
(2) data indicating one or more storage locations for the personal data;processing, by one or more computer processors, the campaign data by electronically associating the campaign data with the record for the privacy campaign; digitally storing, by one or more computer processors, the campaign data in association with the record for the privacy campaign; determining, by one or more computer processors, based at least in part on the received campaign data, a risk value associated with the privacy campaign, wherein determining the risk value comprises, electronically retrieving, from a data structure, the campaign data associated with the record for the privacy campaign, electronically determining a weighting factor for each of a plurality of risk factors, wherein the plurality of risk factors comprises; a nature of the particular personal data associated with the campaign; a physical location of the particular personal data associated with the campaign; a length of time that the particular personal data associated with the campaign will be retained in storage; and a country of residence of at least one subject from which the particular personal data was collected; electronically determining a relative risk rating for each of the plurality of risk factors; electronically calculating a risk value for the privacy campaign based upon, for each respective one of the plurality of risk factors, the relative risk rating for the respective risk factor and the weighting factor for the respective risk factor; and electronically assigning, by one or more computer processors, a privacy audit schedule to the privacy campaign based on the determined risk value for the privacy campaign. - View Dependent Claims (29, 30)
-
Specification