US20070283171A1 - System and method for managing data privacy - Google Patents
System and method for managing data privacy Download PDFInfo
- Publication number
- US20070283171A1 US20070283171A1 US11/763,030 US76303007A US2007283171A1 US 20070283171 A1 US20070283171 A1 US 20070283171A1 US 76303007 A US76303007 A US 76303007A US 2007283171 A1 US2007283171 A1 US 2007283171A1
- Authority
- US
- United States
- Prior art keywords
- application
- compliance
- risk
- information
- privacy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
Definitions
- the present invention generally relates to systems and methods for managing data privacy, and more particularly to systems and methods for managing the risk associated with compliance with applicable laws corporate policy with respect to the collection, use and storage of an individual's data.
- Risk management relates to procedures for assessing and managing risk that are established by the enterprise, with accompanying directives by management to comply with the procedures.
- a given manager of a department may be required to establish the level of risk associated with the operation of a particular computer system (e.g., the risk of losing use of such a computer system for some period of time).
- This manager may formulate a system for evaluating and reporting the risk, that can be used by lower level and project managers. For example, on a periodic basis such as quarterly, the managers for a given department might be required to communicate to upper management the various risk factors and risk evaluations that are related to its computer information systems operations.
- the risk factor related information can be documented through various forms or questionnaires for evaluating risk and risk factors associated with projects for which they are responsible. These forms and questionnaires can be compiled into reports and other summary data to provide a department manager with a fairly good idea of the level of compliance with various enterprise procedures.
- this information can be so noted in the summary or compiled data presented to the department manager.
- the department manager can establish plans to bring the group into compliance, and to monitor the status of the group in progressing with the plan.
- the impact of evaluating the risk for a given enterprise can have serious consequences with regard to the success or profitability of the enterprise. If the enterprise has established procedures that are designed to protect the enterprise from liability, or otherwise assure that levels of risk within the enterprise are minimized, the enterprise can be exposed to liability if the procedures are not properly followed. For example, in the area of data privacy, most responsible enterprises have policies and procedures for protecting the personal information of their employees and customers. Further more, each state and Federal government has laws regulating the privacy of personal information. Failure to follow these policies, procedures and laws can expose the enterprise to significant liability.
- the present invention is a system and method for determining an enterprises' compliance with data privacy policies, procedures and laws and assessing the risk associated with non-compliance.
- the system and method of the present invention provides the capabilities to manage and monitor the protection of employees' and customers' private data. It should be noted that the requirements of data privacy is equally applicable to the information of employees as well as it is to customer's data. For example, employers in all fifty states must comply with the privacy regulations associated with the Federal law entitled the Health Insurance Portability and Accountability Act (HIPAA).
- HIPAA Health Insurance Portability and Accountability Act
- a first step of the present invention is to create a core repository that manages, monitors and measures all data privacy assessments across an institution (e.g., a corporation).
- the invention eliminates redundant systems and functions related to data privacy assessment within each of the Lines of Business (LOBs) of the institution.
- LOBs Lines of Business
- the present invention utilizes a six-step data privacy management system to develop, assess and test the risk associated with the data privacy protection practices and procedures employed by a corporation.
- the system identifies and tracks outstanding issues related to data privacy through final resolution or acceptance of the risk posed by the data privacy issue.
- the system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the data, i.e., the data owner). The responses are tracked in order to evaluate the progress of the assessment and the status of the data privacy protection program with respect to compliance with the enterprise's policies and procedures as well as state and Federal laws.
- One or more responsible parties for a given area are identified or appointed to be responsible for responding to compliance questionnaires.
- the parties fill in questionnaires designed to focus on various features of risk assessment for specific aspects of the data privacy procedures. For example, the responsible parties for an area that performs customer services would be asked if the customer service agents have been trained to safeguard a customer's private information.
- the rating for this group's data privacy protection may depend upon such factors as whether the group has established procedures for which information the customer service representatives can provide to it customers and procedures for which information the customer service representatives can collect from customers.
- the compliance of the group with the enterprises requirements for the protection of data privacy is assessed and the group is given an overall rating of exposure to risk. Areas of risk can be acknowledged, prompting a sensitivity rating, such as severe, negligible and so forth.
- a plan for reducing the risk or bringing the groups procedures into compliance can be formulated, and progress towards compliance can be tracked.
- an identified exposure to risk can be disclaimed through the system, which requires sign off by various higher level managers and administrators.
- a higher level manager can review exposure to risk on a broad perspective, and through a user interface, expand particular areas where high risk is identified as a problem.
- a risk category that is expanded reveals the different departments and/or projects which are responsible for data privacy and their associated risks or compliance statuses. The higher level manager can thus identify particular projects, activity areas and groups where risk exposure exists.
- Requirements for compliance with regulatory demands, regulatory agencies, state law and Federal laws are built into the data privacy risk management tool. Project managers and higher level managers can determine in a glance if a particular group's practices and procedures are in compliance with the laws and guidelines. Higher level managers have broader access than lower level mangers to risk assessment information according to level of seniority. For example, a middle level manager can see all the risk assessment factors for each group that they manage, but can see no risk information beyond their allotted level. A high level manager can view all the information available to the mid level manager, in addition to any other manager or group for which the high level manager has responsibility. Accordingly, access to the system is provided on a secure basis that is reflective of the user's level of seniority.
- the system also provides security features such as logon IDs and passwords. Access levels are assigned based on seniority or management status, and provide a mechanism for a secure review of risk exposure and compliance. Once data is entered into the system it cannot be modified unless the user has proper authorization. The system generates reports to inform persons or groups about their compliance status. A search tool is available for locating various business units, compliance areas, risk status levels and so forth. The system can also be used for training users on risk management policies, how risks are evaluated and how paths to compliance can be determined.
- the system according to the present invention thus provides immediate compliance verification, a calendar of events, allows shared best practices and corrective action plans and provides a mechanism for risk acknowledgement communicated to other members of a hierarchy.
- the system can be used in any hierarchical organization including such risk sensitive enterprises as military units, space missions and highly financed business endeavors.
- FIG. 1 illustrates the system of the present invention
- FIG. 2 depicts a high level view of the process of the invention
- FIG. 3 is the interface of system 10 for describing an application with data privacy components
- FIG. 4 depicts a user interface for defining roles and responsibilities
- FIG. 5 illustrates the data privacy risk impact interface
- FIG. 6 illustrates jurisdiction user interface
- FIG. 7 is a user interface screen for selecting categories of processes for data privacy review
- FIG. 8 illustrates a data privacy questionnaire interface
- FIG. 9 illustrates a State of Health Report Card status screen
- FIG. 10 depicts a legend to the icons depicted in FIGS. 9 and 11 ;
- FIG. 11 is a detailed State of Health Report Card status screen.
- FIG. 12 illustrates a resource user interface
- the system 10 of the present invention is illustrated in FIG. 1 .
- system 10 is implemented using a distributed client/server architecture.
- the clients 15 (one illustrated) are distributed throughout the enterprise (corporation), while the servers 20 are centrally located with redundancies (not illustrated).
- This infrastructure consists of one application server 25 communicating with application database 35 , and one database server 30 communicating with database 40 .
- the application server 25 is running BEA WebLogic 5.1 that comprises middleware between the front-end web application and the application database 35 .
- database server 30 is running Oracle 8.16 Server and database 40 is an Oracle database.
- client 15 is a web based browser application.
- This application 15 preferably uses browsers that support Java applets and JavaScript such as Netscape 4.x or Internet Explorer 4.x.
- Menu applet 45 is an illustration of a Java applet supported in client 15 .
- FIG. 2 broadly describes the six step method of the present invention.
- the method enables tracking of data privacy issues across the enterprise and the six-step map provides for consistency and standardization for data privacy review and risk assessment throughout the organization.
- the six step method further provides for a comprehensive understanding of the enterprise's procedures and policies for protecting the privacy of employees' and customers' information. Gaps identified by the system of the present invention in this analysis are tracked and monitored by the information security team for the enterprise using the system of the present invention.
- step one ( 50 ) the person assigned with the responsibility to assess a particular application that involves data with a privacy component describes the application to system 10 .
- the responsibility for describing the application is typically assigned to the manager in charge of the application, as this is the person in the organization with the most intimate knowledge about the current state of the operation of the application at any given time.
- the information for each application is aggregated and rolled up for each higher level of management with the organization.
- step two ( 55 ) of the process various roles and responsibilities within the enterprise with respect to the application are defined and assigned.
- step three ( 60 ) of the method the impact of data privacy in regard to the operations of the application is reviewed and assessed.
- step four ( 65 ) the user identifies all of the jurisdictions (e.g., states) in which the application is used.
- step five ( 70 ) of the method the manager completes a series of questionnaires that aid system 10 in assessing and classifying the risk associated with the application in regard to the protection of private data.
- system 10 provides the manager with access to a library (preferably hyperlinks) to contacts with the enterprise knowledgeable about privacy issues, privacy policies of the enterprise, United States Federal legislation, state legislation and selected international legislation.
- FIG. 3 illustrates an input screen 80 employed by the user to describe an application under review.
- Much of the description contained herein is made in terms of the user interface screens (e.g., input screens) illustrated in the Figures. Further description herein relates to the processing of the information illustrated in these screens by the hardware components of system 10 illustrated in FIG. 1 . As appreciated to those skilled in the art, the description of these screen and the accompanying description of the processing allows one to make and use system 10 .
- Screen 80 is used to input into system 10 the descriptions the applications employed by the enterprise. Only the applications that store or process data with a data privacy component are required to undergo the privacy review of system 10 . Many applications employed by the enterprise have no contact with private data, e.g., applications that control the air conditioning in a particular facility. If an application does not have any functionality with respect to private information, the user would enter “not applicable” in response to the questions posed by system 10 as further described below.
- another software module (not illustrated in the Figures) known as an Application Portal, retrieves information regarding applications that have already been defined in system 10 .
- the user identifies the application by name.
- a dropdown box is provided for field 85 so that the user can recall the data for a previously identified application and edit the information associated with that application if necessary.
- the Application Portal is able to retrieve all of the information it has regarding an application and pre-populates the fields in screen 80 .
- the user describes the application.
- Field 95 is used to identify the location of the production server hosting the application, preferably by Street, City, State and Zip Code.
- Buttons 100 assists the user in identifying the location of the servers which support the application being described.
- Part of database 40 of system 10 ( FIG. 1 ) contains the addresses of the enterprise where servers are located. Buttons 100 access this database and provide a selectable list of locations.
- the term “production” server indicates that the application is actually being used by the enterprise to process or store data used in the operation of the enterprise.
- Field 105 is similarly used to identify the location of the development server that is being employed to develop the application.
- Field 110 is used to identify the location of the quality assurance (Q/A) server employed in the testing of the application.
- Q/A quality assurance
- the development and Q/A servers in fields 105 and 110 are preferably identified by Street, City, State and Zip Code.
- the user identifies the current status of the application under review. The user is provided with the choices of identifying the application was being in development ( 120 ), in user acceptance testing, UAT ( 125 ), in production ( 130 ) or that the application has been retired ( 135 ).
- step two of the process of the present invention the Roles and Responsibilities with respect to the operation of the application are identified and input into system 10 for storage in database 40 ( FIG. 1 ).
- the identification of the roles and responsibilities with the corporation with respect to the operation of an application is a very important exercise. Without clearly defined roles and responsibilities and specific employees of the corporation assigned these roles and responsibilities, the data privacy risks associated with the operation of the application can go undetected.
- FIG. 4 illustrates an input screen 150 for assigning personnel to the respective roles.
- This Figure illustrates two different roles that are preferably fulfilled with respect to the protection of privacy of data by applications of the enterprise: Data Privacy Owner 155 ; Data Privacy Risk Manager 185 .
- two roles are illustrated in FIG. 4 as preferred, additional roles and responsibilities can be defined and assigned using the system of the present invention.
- input screen 150 For each of the roles 155 , 185 , input screen 150 indicates who performed the assignment of the role 165 , when the role was assigned 170 , to whom the assignment was made 175 and the date on which the assignment was accepted 180 .
- system 10 preferably sends the assignee an email notifying the person of the assignment and the responsibilities associated therewith (see below).
- the assignee preferably accepts the assignment by replying affirmatively to the email and system 10 updates the applicable database to record the assignment.
- a manager is making assignments in input screen 150 , some of the roles will have already been pre-populated as certain of the assignments relate to firm-wide responsibilities.
- the Data Privacy Owner 155 is a manager in an area which generates or processes system information (e.g., application programs and related files), or produces products and services which depend upon system information. Each application of the enterprise must have an Data Privacy Owner 155 accountable for its protection. Applications that are cross-functional in nature, in that they serve the needs of multiple business units, preferably have a central Data Privacy Owner 155 that serves as a focal point. Data Privacy Owners 155 are assigned for every business unit using these applications.
- the Data Privacy Owner's 155 responsibilities are the most extensive and involve ensuring compliance with the policies and procedures of the enterprise relative to the applications under her supervision.
- the Data Privacy Owner 155 is tasked with ensuring compliance with specific policies and procedures of the enterprise, including: developing, testing and maintaining the application in compliance with all data privacy regulations existing in the jurisdiction where the enterprise conducts business; ensuring that Outside Service Providers (OSPs) involved with the application develop, test and maintain the application in compliance with all data privacy regulations existing in the jurisdiction where the enterprise conducts business; ensuring that all data elements within the application and related files are classified according the data privacy impact rating; ensure that Risk Acknowledgments (see below) are in place for each area of non-compliance with data privacy policies; coordinate with local information owners to ensued that all of the responsibilities are properly fulfilled; ensure that the application is in compliance with Information Technology control policies; training employees, as needed, to comply with all data privacy regulations existing in the jurisdiction where the enterprise conducts business; inform all users of applications of the policies and procedures with respect to the application; identify an alternative
- the Data Privacy Risk Manager 185 generally reports to senior management within the enterprise and is responsible for ensuring that the enterprise complies with the enterprise's established data privacy control policies.
- the responsibilities of the Data Privacy Risk Manager 185 includes the following: coordinating the business unit's compliance with the enterprise's data privacy policies and procedures, as well as compliance with local, state and Federal regulations and laws related to data privacy; ensuring implementation of a data privacy awareness program for the business to address data privacy risks and to develop and offer Data Privacy Owner 155 and user training; administering the Risk Acknowledgement process and insuring they are performed by Data Privacy Owners 155 in compliance with the procedures of the enterprise; review and monitor technology audits and audit responses to validate the effectiveness of the response and the timeliness of any corrective actions; monitor on-going compliance with enterprise's data privacy policies and procedures, as well as compliance with local, state and Federal regulations and laws related to data privacy; ensure that a process is in place to assess technology platforms and associated applications for data privacy protection and compliance; ensure that a process is developed for the timely notification of terminated or transferred
- Screen 150 also allows the user to assign alternates to the one or more of the roles defined as the Primary Role.
- the Primary Role In the example depicted in FIG. 4 , four alternatives were assigned to fulfill primary role of Data Privacy Risk Manager 190 - 205 . Alternative people have been identify to fulfill this role as it is one of the most important relative to the protection of data privacy.
- step 3 ( 60 ) of the process the user assists in a determination of the impact of the application being reviewed with respect to data privacy.
- this impact assessment is accomplished automatically by system 10 in response to the answers given by the user to a series of questions 255 , 295 - 335 relative to the application.
- FIG. 5 illustrates an example of one of the automated questionnaires.
- Screen 250 asks the user a series of questions 255 , 295 - 335 about several types of data that have privacy implications.
- question 255 asks the user as to whether the application under review has contact with data containing anyone's Social Security number.
- system 10 provides the user with the ability to describe if and how the application has contact with the type of data and the nature of the contact. Specifically, system 10 asks the user if the application processes the data in question ( 260 ), whether it transmits the data 265 , whether it collects the data itself 270 and whether it stores the data 275 . System 10 further asks the user as to whether the data in question is data from a customer 280 or data from an employee of the enterprise 285 . Typically, an application would process only customer 280 or employee 285 data, but certain applications (e.g., storage or transport applications) could have contact with both customer 280 and employee 285 data.
- applications e.g., storage or transport applications
- System 10 additionally allows the user to answer Not Applicable (N/A) 290 with respect to any type of data, indicating that the application does not touch that type of data.
- N/A Not Applicable
- the user is able to answer affirmatively to any of the questions 255 , 295 - 335 by checking the selection box in the column 260 - 290 of the answer that applies.
- some applications will perform several of the functions process 260 , transmit 265 , collect 270 and store 275 (e.g., see question 300 ).
- each of the types of data that the user is queried about is personal in nature.
- the examples of the types of data listed in FIG. 5 are: Social Security Number 255 ; Health related data (e.g., medical records, dental records) ( 295 ); Compensation data (e.g., stock options, bonus, incentives, payroll information) ( 300 ); Contributions/Donations (e.g., United Way, Blood Drives, College Funds) ( 305 ); Performance information (e.g., performance reviews, performance ratings) ( 310 ); Tuition Reimbursement (e.g., grades, courses taken) ( 315 ); License/Certification information (e.g., financial licenses, insurance certifications) ( 320 ); Work experience information (e.g., background checks, references, resumes) ( 325 ); Association/Committee affiliate information (e.g., membership in employee networking groups, memberships in external groups) ( 330 ); and Bio-metric information (e.g., fingerprints, hand
- the other types of privacy data that these screens can query the user about include: Retirement information (e.g., 401K, pension, Social Security); Timekeeping information (e.g., vacation, sick days, personal days); Personal information (e.g., Employee Assistance Program participation); birth Date (e.g., month, day, year, age); Drivers License information (e.g., license number, state); Email address (e.g., Uniform Resource Identifier, Internet Protocol); Credit information (e.g., history, credit rating, score); External Account/Financial information obtained from other organizations (e.g., account numbers used by customer or system, transactions, financials, linkages, status, privileges); Account Authorization Profile information (e.g., Personal Identification Number (PIN), challenge question, maiden name, mother's maiden name, recent transactions); Marketing Profile information (
- the user After the user has answered the questions on the data privacy impact assessment input screens (e.g., screen 250 ) she uses the Submit button 340 in order to have the data saved by system 10 in database 40 ( FIG. 1 ). If the answers to the questions are incorrect (e.g., out of date due to changes in the application) the user can activate the Reset button 345 to clear the answers in columns 260 - 290 . After submission and saving of the user's responses to the impact questions, system 10 automatically calculates the criticality of the data privacy impact rating of the application under review.
- the Submit button 340 in order to have the data saved by system 10 in database 40 ( FIG. 1 ). If the answers to the questions are incorrect (e.g., out of date due to changes in the application) the user can activate the Reset button 345 to clear the answers in columns 260 - 290 .
- system 10 After submission and saving of the user's responses to the impact questions, system 10 automatically calculates the criticality of the data privacy impact rating of the application under review.
- System 10 computes criticality rating for the application based on the responses provided by the user with respect to the questions described above.
- the analysis process of system 10 results in a privacy impact rating for the application of LOW to HIGH.
- the specific algorithm used to analyze and determine the overall data privacy impact rating of the application is subject many factors including, among others, the types of data involved (e.g., Social Security number versus address) and the types of functionality performed by the application (e.g., storage, processing . . . ).
- the respective ratings of particular types of data are based upon industry/governmental guidelines. For example, Social Security numbers are ranked as High and demographic information is ranked as medium. These rankings are embedded in system 10 .
- the application is assigned the criticality of the highest criticality of the data that is touched by the application.
- system 10 has calculated the data privacy impact rating for the application, the rating is stored in database 40 ( FIG. 1 ) and displayed to the user on screen 250 . As seen on screen 250 , system 10 actually calculates two separate data privacy impact ratings for each application under review, a customer data privacy impact rating 355 and an employee data impact rating 360 .
- the above described procedure for determining the data privacy impact rating for an application can, and is preferably performed for each of the applications identified in system 10 .
- the data privacy impact rating for a particular application may be High, this does not mean that there is a problem with the application. It simply means that sensitivity that the enterprise should take with respect to the protection of the privacy data employed by this application is increased. As shown below, if the data privacy impact rating is High, the scrutiny given to the procedures of the enterprise for protecting the data is heightened. Furthermore, the acceptance of the risk associated with the data privacy aspects of the application is more carefully reviewed, in the preferred embodiment by higher levels of management.
- step four the user is required to identify the applicable jurisdictions in which the application operates.
- User interface screen 400 as illustrated in FIG. 6 allows the user to identify the applicable jurisdictions to system 10 .
- the applicable jurisdictions are input into area 405 .
- screen 400 provides an Add button 410 .
- Activation of this Add button 410 causes system 10 to display jurisdiction screen 420 .
- Each jurisdiction in which the enterprise conducts business is displayed in area 425 .
- the user is able to select each of the jurisdictions that are applicable to the application under review using the selection boxes next to the named jurisdictions in area 425 . If the user does not want to make any selections from area 425 , she may activate the Close button 435 . Once the user has completed her selection(s) in area 425 she activates the Submit button 430 to populate the selections into the input area 405 in screen 400 .
- Database 40 also preferably contains the laws and regulations of each jurisdiction as they apply to data privacy. This database can be consulted when system 10 determines the compliance of the application with the laws and regulations of the jurisdictions in which the application operates as further described below.
- step five ( 70 ) of the process requires the user to classify the risk associated with the application with respect to data privacy.
- screen area 500 allows the user to select a category of the enterprise's privacy policy for assessing the application under review.
- the preferred categories include: Customer Services Processes 505 ; Data Destruction and Disposal Procedures 510 ; Data Extraction and Modification 515 ; Development and QA/UAT Environment Processes 520 ; Encryption Practices 525 ; OSP practices 530 ; Related Applications and Processes 535 ; and Website Practices; 540 .
- the user may select one or more of categories 505 - 540 .
- FIG. 8 illustrates the user interface 550 displayed by system 10 if the user selects Customer Servicing Processes, category 505 in FIG. 7 .
- Screen area 575 depicts the questions posed to the user with respect to the Customer Servicing Processes aspects of the application as it relates to data privacy.
- the user is asked to review the training and procedures of the customer service representatives. For example, the user is asked whether the employee providing customer services using the application has been trained with respect to the safeguarding of private information.
- Further questions asked in input interface 500 include: “Are customer service agents trained not to enter sensitive information into comment fields that may not require authorization?”; “Are there procedures that define what a customer service agent may deliver from this application to customers and/or employees via the e-mail contact channel?”; “Are there procedures that define what a customer service agent may deliver from this application to customers and/or employees via the fax contact channel?”; and “Are there procedures that define what a customer service agent may deliver from this application to customers and/or employees via the telephone contact channel?”.
- questions 575 have areas for the user to provide responses in the form of Yes ( 555 ), No ( 560 ), N/A ( 565 ) answers. Additionally, screen 550 provides a Comments section 570 . In the Comment section 570 the user can enter or attach a description of the control process(es) or any information, that supports or clarifies the user's responses. The user is advised to indicate what evidence exists to support the responses or cross-reference to the supporting documentation.
- a Corrective Action Plan is a plan to correct the condition that has caused the manager to answer a question negatively. If the manager answers yes to developing a CAP, system 10 brings the manager to a CAP input screen in which the manager describes the condition which caused the negative response, the reason for the condition (e.g., funding) the plan to correct the condition, the person responsible for seeing that the correction is done, a target date by which the correction will be completed, and any attachments which are required to more fully explain the CAP.
- the CAP that is developed is stored in the database and appropriately linked to the records for this department. Comments section 570 indicates if a CAP is in place to correct the issue that caused the particular question to be answered negatively.
- a Risk Acknowledgement screen In this screen, the manager is required to describe the reasons for the requirement of the Risk Acknowledgement; what compensating controls are in place, if any; the likelihood of an impact due to the risk involved (high, medium or low); a description of the potential impact; a rating of the potential impact (catastrophic, severe, moderate, negligible); and an implementation plan.
- the Risk Acknowledgement by the manager is reviewed and approved by the appropriate LOB management. If the Risk Acknowledgement is not approved by management, a CAP must be developed in order to correct the risk condition.
- Comments section 570 indicates if a Risk Acknowledgement (RA) is in place to acknowledge the risk associated with the issue that caused the particular question to be answered negatively.
- RA Risk Acknowledgement
- Tables 1 through 7 illustrate preferred categories of questions and the preferred questions that are posed to the user in order to classify the risk associated with the data privacy aspects of the application under review.
- DEM 1 Is personal financial and/or employee information in the application's database/files safeguarded against unauthorized extraction or queries? If so, please define how this is done.
- DEM 2 Are unauthorized individuals prevented from exporting personal financial and/or employee information into a portable format —removable media, paper, spreadsheet, document, or text file? If so, please define how this is done.
- DEM 3 Are there procedures in place to prevent unauthorized individuals from modifying customers' personal financial and/or employees' information in the production environment? If so, please attach the procedure documentation.
- DEM 4 Are there procedures to monitor and track personal financial information transferred from this application's database/files into portable formats such as — removable media, paper, spreadsheet, document, or text file? If so, please attach the procedure documentation.
- DT 1 Are security and procedures used in the development environment capable of protecting our customers' personal financial and/or employees' information? If so, please attach the procedure documentation. If not, is personal financial information removed from databases/files accessed via the development environment to ensure our customers' privacy is protected?
- DT 2 Are security and procedures used in the QA/UAT environment capable of protecting our customers' personal financial and/or employees' information? If so, please attach the procedure documentation. If not, is personal financial and/or employee information removed from databases/files accessed via the QA/UAT environment to ensure our customers' and/or employees' privacy is protected?
- EP1 Does this application encrypt data in storage?
- EP2 Does this application encrypt data that is transmitted?
- EP3 Please indicate which encryption product(s) is used by this application (list of applications to select from)
- OSP 1 Does the contract with the OSP include country/federal/state specific privacy and confidentiality clauses to ensure appropriate collection, use, and disclosure of customers' personal financial and/or employees' information to third parties? If so, please attach a copy of the contract.
- OSP 2 Are security and procedures used in the OSP's development environment capable of protecting our customers' personal financial information and/or employees' information? If so, please attach the OSP's procedure documentation. If not, is personal financial and/or employee information removed from databases/files accessed via the OSP's development environment to ensure our customers' and/or employees' privacy is protected?
- OSP 3 Are security and procedures used in the OSP's QA/UAT environment capable of protecting our customers' personal financial information and/or employees' information?
- OSP 4 If personal financial and/or employee information from this application is used in production at an OSP's location, does the OSP have procedures in place to track and control personal financial and/or employee information transferred into portable formats such as - removable media, paper, spreadsheet, document, or text file? If so, please attach the OSP's procedure documentation.
- OSP 5 If personal financial and/or employee information from this application resides at an OSP's premises, do you have specific procedures defined to recall, retain, or destroy all personal financial and/or employee information from the OSP if & when you terminate the relationship or eliminate the application?
- OSP 6 Does the OSP use software tools such as web/e-mail bugs or cookies to monitor user behavior when delivering a enterprise product or service? If so, does the OSP's policy comply with the enterprise's Online Consumer Information Practices?
- OSP 7 Does this OSP send or receive our customers' personal financial and/or employees' information? If so, please attach the file/feed names, record layout/field details, frequency of transmission/delivery, and method of transmission/delivery/encryption.
- OAP 1 Please select all applications that have access to personal financial and/or employee information in this application's database/files. (Note: the preferred embodiment, the user interface associated with this question has a list of applications to select from.)
- OAP 2 If other applications use personal financial and/or employee information from this application, are security and procedures used in the development environment capable of protecting our customers' personal financial and/or employees' information? If not, is personal financial and/or employee information removed from databases/files accessed via the development environment to ensure our customers' and/or employees' privacy is protected?
- OAP 3 If other applications use personal financial and/or employee information from this application, are security and procedures used in the QA/UAT environment capable of protecting our customers' personal financial and/or employees' information? If not, is personal financial and/or employee information removed from databases/files accessed via the QA/UAT environment to ensure our customers' and/or employees' privacy is protected?
- WEB 1 Is a privacy policy link included on every page of the website?
- WEB 2 If the personal financial and/or employee information sharing practices for this product differ from what is stated in the enterprise's standard Internet privacy policy, a distinct privacy policy is needed. Have the components of the standard Internet privacy policy been compared to that of this product to ensure that an accurate privacy policy is in place?
- WEB 3 Has the account opening process been tested to ensure the privacy policy is presented to and acknowledged by the customer prior to an account being established?
- WEB 4 If the website collects opt out selections from the customer, is this information fed into the Customer Information File (CIF)?
- CIF Customer Information File
- the system and process of the present invention provides a systematic, standardized and comprehensive review of the data privacy issues associated with the applications employed by an enterprise. For areas that require attention or do not meet policy compliance, a corrective action, risk acknowledgment or risk acceptance process will automatically be invoked. Such processes identify the condition, remediation plan, identification of accountable personnel and targeted deadlines for implementation.
- a compliant indicator provides a visual indication that is displayed to the user to show that the particular application is in compliance with the privacy guidelines established by various reliable resources (such as local, state and federal agencies).
- FIG. 9 illustrates one such report, in the form of a computer screen, known as a State of Health Report Card 600 .
- This report 600 provides enhanced capabilities to track and monitor key issues and their ongoing progress to close substantial gaps.
- Report 600 provides the highest level of status of the reviews of the data privacy aspects of the applications as described above, including corrective actions plans, risk acknowledgments and board issues as further described below.
- This status screen 600 provides a core repository to manage, monitor and measure the risk associated with data privacy of the applications utilized by the enterprise.
- this status screen 600 contains the status of the data privacy issues 605 , corrective actions plans 610 , risk acknowledgments 615 , and board issues 620 .
- a record 630 is capable of being displayed for each line of business 625 within the organization (only four illustrated in FIG. 9 ). For each record 630 , the name of the Senior Business Executive 635 and the name of the Line of Business 625 is displayed. The actual name of the Line of Business 625 is a hyperlink that brings up a status screen comparable to screen 600 , except that it shows the status of the elements for the next level down in the corporate hierarchy (e.g., the department level). Using this feature, a user is able to drill down (or roll up) to the level of status desired by the particular user.
- the status of the issues associated with the data privacy review of the applications used by a Line of Business is depicted as a colored icon, e.g., icon 640 .
- Each icon represents a different status. In addition to each icon being a different color, it is also a different shape. This allows user having devices without color capability to quickly determine the status of a particular item.
- FIG. 10 illustrates a legend containing the different icons and their associated statuses. In the particular statuses depicted in FIG. 9 , status 640 indicates that there is one or more application in use by the line of business that is not in compliance with one or more of the procedures or policies of the enterprise or laws or regulations of the jurisdictions in which the applications operate.
- the status need not be a visual indication as illustrated in FIG. 10 , but rather can be any kind of indicia that informs the user about the level of risk for a given application.
- risk indications can be in the form of audible warnings or in a printed format.
- the preferred embodiments of the present invention provides status indicators of different color, namely, green for compliant, amber for warning, red for critical, blue for incomplete and gray for pending approval, the present invention should not be considered to be so limited in general.
- an indication of risk status based on indicators of varying shape can be used to inform users of risk status on electronic devices that do not have color displays.
- a color and shape indication can be used in combination to permit the present system to be used in a number of platforms in a flexible manner.
- Numerous other forms of indicators should be apparent to those skilled in the art, which are not mentioned here for the sake of brevity, but should nevertheless be considered to be within the scope of the present invention.
- CAP Corrective Action Plan
- this CAP is documented on system 10 .
- the user can immediately bring up the CAP developed by the manager. If the manager did not develop a CAP, but rather performed a Risk Acknowledgement, this is indicated in column 650 .
- the user is be able to see the specific Risk Acknowledgement developed by the manager.
- State of Health status screen 700 gives the manager a more detailed look at the status of the reviews of any particular application employed by the particular line of business.
- Column 705 contains the name of the particular application.
- six different applications 765 have been identified as employed by the selected LOB.
- Column 710 provides name of the Information Owner as previously described with respect to FIG. 4 .
- Columns 715 and 720 respectively provide the data privacy impact rating of the application with respect to customers and employees as previously described with respect to FIG. 5 .
- Column 725 contains the icons, as described above, that indicate the status of the particular application with respect to data privacy (e.g., compliant, non-compliant).
- column 725 provides the status of the application with respect to any CAPs that have been formulated to address the issue that cause non-compliance. As further described above, clicking of the icons in column 730 allows the user to actually review the documentation associated with the CAP for that application. Similarly, screen 700 provides a Risk Acknowledgement status column 735 and Control Issue status column 740 providing the status of these items that are required by negative assessments of any of the reviews as discussed above.
- step six (element 75 ) of the process is provide the user with access to the collection, library, of data privacy materials that has been collected by the enterprise.
- FIG. 12 illustrates a user interface screen 800 for providing the user with this access.
- Each of the items on this screen is a hyperlink the privacy materials described in the item's title.
- the types of materials include a list of the contacts within the enterprise that are able to assist the user with questions about data privacy, privacy papers generated by the enterprise, the enterprise's policies and procedures with respect to data privacy, U.S. Federal Legislation, U.S. State Legislation, International Legislation, other privacy materials and a privacy glossary
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Operations Research (AREA)
- Economics (AREA)
- Marketing (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise's data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated. Once a questionnaire has been completed, the application is given ratings both with respect to the data privacy impact of the application and the application's compliance with the data privacy requirements. If a risk exists, a plan for reducing the risk or bringing the application into compliance can be formulated, and progress towards compliance can be tracked. Alternatively, an identified exposure to risk can be acknowledged through the system, which requires sign off by various higher level managers and administrators.
Description
- This application claims priority to U.S. Provisional Application No. 60/411,370, filed on Sep. 17, 2002 the entirety of which is incorporated herein by reference.
- The present invention generally relates to systems and methods for managing data privacy, and more particularly to systems and methods for managing the risk associated with compliance with applicable laws corporate policy with respect to the collection, use and storage of an individual's data.
- Risk management relates to procedures for assessing and managing risk that are established by the enterprise, with accompanying directives by management to comply with the procedures. For example, a given manager of a department may be required to establish the level of risk associated with the operation of a particular computer system (e.g., the risk of losing use of such a computer system for some period of time). This manager may formulate a system for evaluating and reporting the risk, that can be used by lower level and project managers. For example, on a periodic basis such as quarterly, the managers for a given department might be required to communicate to upper management the various risk factors and risk evaluations that are related to its computer information systems operations. The risk factor related information can be documented through various forms or questionnaires for evaluating risk and risk factors associated with projects for which they are responsible. These forms and questionnaires can be compiled into reports and other summary data to provide a department manager with a fairly good idea of the level of compliance with various enterprise procedures.
- Typically, if a group within the department is not in compliance with the established procedures for the enterprise, this information can be so noted in the summary or compiled data presented to the department manager. In such a case, the department manager can establish plans to bring the group into compliance, and to monitor the status of the group in progressing with the plan.
- The impact of evaluating the risk for a given enterprise can have serious consequences with regard to the success or profitability of the enterprise. If the enterprise has established procedures that are designed to protect the enterprise from liability, or otherwise assure that levels of risk within the enterprise are minimized, the enterprise can be exposed to liability if the procedures are not properly followed. For example, in the area of data privacy, most responsible enterprises have policies and procedures for protecting the personal information of their employees and customers. Further more, each state and Federal government has laws regulating the privacy of personal information. Failure to follow these policies, procedures and laws can expose the enterprise to significant liability.
- In typical enterprises, the analysis, statuses and reporting to upper management of the procedures with respect to data privacy are often haphazard and inconsistent. For example, some managers may find the requirement of filling out forms and answering questionnaires to be an inefficient use of time, and fail to effectively complete risk assessments. Other managers may have an attitude that protecting data privacy is not an important priority. Furthermore, most departments fail to evaluate the external dependencies that it has, and the impact on its ability to perform its functions should those external entities fail to protect the employees and customer's data.
- Where tools for the risk assessments with respect to data privacy do exist, they tend to be form intensive, and inconsistent between various enterprise locations. It is difficult to track and maintain the data that can be obtained from forms related to assessment of data privacy risk, and even more difficult to take an enterprise view of such risk, which is absolutely required for effectively managing the liability of the enterprise. Some computer based systems have been developed to overcome the difficulties with traditional paper based risk assessment systems. It does not appear that any such systems have been developed with respect to assessing and containing the risk associated with data privacy.
- The present invention is a system and method for determining an enterprises' compliance with data privacy policies, procedures and laws and assessing the risk associated with non-compliance. The system and method of the present invention provides the capabilities to manage and monitor the protection of employees' and customers' private data. It should be noted that the requirements of data privacy is equally applicable to the information of employees as well as it is to customer's data. For example, employers in all fifty states must comply with the privacy regulations associated with the Federal law entitled the Health Insurance Portability and Accountability Act (HIPAA). This invention enhances current processes to provide a decision engine around key data privacy issues providing the capability for enhanced, monitoring and management around the risk management function.
- A first step of the present invention is to create a core repository that manages, monitors and measures all data privacy assessments across an institution (e.g., a corporation). The invention eliminates redundant systems and functions related to data privacy assessment within each of the Lines of Business (LOBs) of the institution.
- The present invention utilizes a six-step data privacy management system to develop, assess and test the risk associated with the data privacy protection practices and procedures employed by a corporation. The system identifies and tracks outstanding issues related to data privacy through final resolution or acceptance of the risk posed by the data privacy issue. The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the data, i.e., the data owner). The responses are tracked in order to evaluate the progress of the assessment and the status of the data privacy protection program with respect to compliance with the enterprise's policies and procedures as well as state and Federal laws.
- One or more responsible parties for a given area are identified or appointed to be responsible for responding to compliance questionnaires. The parties fill in questionnaires designed to focus on various features of risk assessment for specific aspects of the data privacy procedures. For example, the responsible parties for an area that performs customer services would be asked if the customer service agents have been trained to safeguard a customer's private information. The rating for this group's data privacy protection may depend upon such factors as whether the group has established procedures for which information the customer service representatives can provide to it customers and procedures for which information the customer service representatives can collect from customers.
- Once a questionnaire or series of questionnaires has been completed, the compliance of the group with the enterprises requirements for the protection of data privacy (including compliance with applicable sate and Federal laws) is assessed and the group is given an overall rating of exposure to risk. Areas of risk can be acknowledged, prompting a sensitivity rating, such as severe, negligible and so forth. Once risk is acknowledged, a plan for reducing the risk or bringing the groups procedures into compliance can be formulated, and progress towards compliance can be tracked. Alternatively, an identified exposure to risk can be disclaimed through the system, which requires sign off by various higher level managers and administrators.
- Once the risk assessment is completed for various departments, a higher level manager can review exposure to risk on a broad perspective, and through a user interface, expand particular areas where high risk is identified as a problem. A risk category that is expanded reveals the different departments and/or projects which are responsible for data privacy and their associated risks or compliance statuses. The higher level manager can thus identify particular projects, activity areas and groups where risk exposure exists.
- Requirements for compliance with regulatory demands, regulatory agencies, state law and Federal laws are built into the data privacy risk management tool. Project managers and higher level managers can determine in a glance if a particular group's practices and procedures are in compliance with the laws and guidelines. Higher level managers have broader access than lower level mangers to risk assessment information according to level of seniority. For example, a middle level manager can see all the risk assessment factors for each group that they manage, but can see no risk information beyond their allotted level. A high level manager can view all the information available to the mid level manager, in addition to any other manager or group for which the high level manager has responsibility. Accordingly, access to the system is provided on a secure basis that is reflective of the user's level of seniority.
- The system also provides security features such as logon IDs and passwords. Access levels are assigned based on seniority or management status, and provide a mechanism for a secure review of risk exposure and compliance. Once data is entered into the system it cannot be modified unless the user has proper authorization. The system generates reports to inform persons or groups about their compliance status. A search tool is available for locating various business units, compliance areas, risk status levels and so forth. The system can also be used for training users on risk management policies, how risks are evaluated and how paths to compliance can be determined.
- The system according to the present invention thus provides immediate compliance verification, a calendar of events, allows shared best practices and corrective action plans and provides a mechanism for risk acknowledgement communicated to other members of a hierarchy. The system can be used in any hierarchical organization including such risk sensitive enterprises as military units, space missions and highly financed business endeavors.
- For the purposes of illustrating the present invention, there is shown in the drawings a form which is presently preferred, it being understood however, that the invention is not limited to the precise form shown by the drawing in which:
-
FIG. 1 illustrates the system of the present invention; -
FIG. 2 depicts a high level view of the process of the invention; -
FIG. 3 is the interface ofsystem 10 for describing an application with data privacy components; -
FIG. 4 depicts a user interface for defining roles and responsibilities; -
FIG. 5 illustrates the data privacy risk impact interface; -
FIG. 6 illustrates jurisdiction user interface; -
FIG. 7 is a user interface screen for selecting categories of processes for data privacy review; -
FIG. 8 illustrates a data privacy questionnaire interface; -
FIG. 9 illustrates a State of Health Report Card status screen; -
FIG. 10 depicts a legend to the icons depicted inFIGS. 9 and 11 ; -
FIG. 11 is a detailed State of Health Report Card status screen; and -
FIG. 12 illustrates a resource user interface. - The
system 10 of the present invention is illustrated inFIG. 1 . As illustrated,system 10 is implemented using a distributed client/server architecture. The clients 15 (one illustrated) are distributed throughout the enterprise (corporation), while theservers 20 are centrally located with redundancies (not illustrated). This infrastructure consists of oneapplication server 25 communicating withapplication database 35, and onedatabase server 30 communicating withdatabase 40. In a preferred embodiment, theapplication server 25 is running BEA WebLogic 5.1 that comprises middleware between the front-end web application and theapplication database 35. In this preferred embodiment,database server 30 is running Oracle 8.16 Server anddatabase 40 is an Oracle database. - In the preferred embodiment,
client 15 is a web based browser application. Thisapplication 15 preferably uses browsers that support Java applets and JavaScript such as Netscape 4.x or Internet Explorer 4.x.Menu applet 45 is an illustration of a Java applet supported inclient 15. -
FIG. 2 broadly describes the six step method of the present invention. The method enables tracking of data privacy issues across the enterprise and the six-step map provides for consistency and standardization for data privacy review and risk assessment throughout the organization. The six step method further provides for a comprehensive understanding of the enterprise's procedures and policies for protecting the privacy of employees' and customers' information. Gaps identified by the system of the present invention in this analysis are tracked and monitored by the information security team for the enterprise using the system of the present invention. - In step one (50) the person assigned with the responsibility to assess a particular application that involves data with a privacy component describes the application to
system 10. The responsibility for describing the application is typically assigned to the manager in charge of the application, as this is the person in the organization with the most intimate knowledge about the current state of the operation of the application at any given time. As further described below, the information for each application is aggregated and rolled up for each higher level of management with the organization. In step two (55) of the process, various roles and responsibilities within the enterprise with respect to the application are defined and assigned. In step three (60) of the method, the impact of data privacy in regard to the operations of the application is reviewed and assessed. In step four (65), the user identifies all of the jurisdictions (e.g., states) in which the application is used. In step five (70) of the method, the manager completes a series of questionnaires thataid system 10 in assessing and classifying the risk associated with the application in regard to the protection of private data. Finally, instep 6 of the process,system 10 provides the manager with access to a library (preferably hyperlinks) to contacts with the enterprise knowledgeable about privacy issues, privacy policies of the enterprise, United States Federal legislation, state legislation and selected international legislation. -
FIG. 3 illustrates aninput screen 80 employed by the user to describe an application under review. Much of the description contained herein is made in terms of the user interface screens (e.g., input screens) illustrated in the Figures. Further description herein relates to the processing of the information illustrated in these screens by the hardware components ofsystem 10 illustrated inFIG. 1 . As appreciated to those skilled in the art, the description of these screen and the accompanying description of the processing allows one to make and usesystem 10. -
Screen 80 is used to input intosystem 10 the descriptions the applications employed by the enterprise. Only the applications that store or process data with a data privacy component are required to undergo the privacy review ofsystem 10. Many applications employed by the enterprise have no contact with private data, e.g., applications that control the air conditioning in a particular facility. If an application does not have any functionality with respect to private information, the user would enter “not applicable” in response to the questions posed bysystem 10 as further described below. In a preferred embodiment, another software module (not illustrated in the Figures) known as an Application Portal, retrieves information regarding applications that have already been defined insystem 10. Infield 85, the user identifies the application by name. In a preferred embodiment of the invention, a dropdown box is provided forfield 85 so that the user can recall the data for a previously identified application and edit the information associated with that application if necessary. Once identified, the Application Portal is able to retrieve all of the information it has regarding an application and pre-populates the fields inscreen 80. Infield 90, the user describes the application.Field 95 is used to identify the location of the production server hosting the application, preferably by Street, City, State and Zip Code.Buttons 100 assists the user in identifying the location of the servers which support the application being described. Part ofdatabase 40 of system 10 (FIG. 1 ) contains the addresses of the enterprise where servers are located.Buttons 100 access this database and provide a selectable list of locations. The term “production” server indicates that the application is actually being used by the enterprise to process or store data used in the operation of the enterprise. -
Field 105 is similarly used to identify the location of the development server that is being employed to develop the application.Field 110 is used to identify the location of the quality assurance (Q/A) server employed in the testing of the application. As with the identification of the production server infield 95, the development and Q/A servers infields - In
field 115, the user identifies the current status of the application under review. The user is provided with the choices of identifying the application was being in development (120), in user acceptance testing, UAT (125), in production (130) or that the application has been retired (135). - Returning to
FIG. 2 , in step two of the process of the present invention, the Roles and Responsibilities with respect to the operation of the application are identified and input intosystem 10 for storage in database 40 (FIG. 1 ). The identification of the roles and responsibilities with the corporation with respect to the operation of an application is a very important exercise. Without clearly defined roles and responsibilities and specific employees of the corporation assigned these roles and responsibilities, the data privacy risks associated with the operation of the application can go undetected. -
FIG. 4 illustrates aninput screen 150 for assigning personnel to the respective roles. This Figure illustrates two different roles that are preferably fulfilled with respect to the protection of privacy of data by applications of the enterprise:Data Privacy Owner 155; DataPrivacy Risk Manager 185. Although two roles are illustrated inFIG. 4 as preferred, additional roles and responsibilities can be defined and assigned using the system of the present invention. - For each of the
roles input screen 150 indicates who performed the assignment of therole 165, when the role was assigned 170, to whom the assignment was made 175 and the date on which the assignment was accepted 180. When an assignment is made,system 10 preferably sends the assignee an email notifying the person of the assignment and the responsibilities associated therewith (see below). The assignee preferably accepts the assignment by replying affirmatively to the email andsystem 10 updates the applicable database to record the assignment. When a manager is making assignments ininput screen 150, some of the roles will have already been pre-populated as certain of the assignments relate to firm-wide responsibilities. - The following section describes the responsibilities of key ones of the roles in the present invention.
- The
Data Privacy Owner 155 is a manager in an area which generates or processes system information (e.g., application programs and related files), or produces products and services which depend upon system information. Each application of the enterprise must have anData Privacy Owner 155 accountable for its protection. Applications that are cross-functional in nature, in that they serve the needs of multiple business units, preferably have a centralData Privacy Owner 155 that serves as a focal point.Data Privacy Owners 155 are assigned for every business unit using these applications. - In each case, the Data Privacy Owner's 155 responsibilities are the most extensive and involve ensuring compliance with the policies and procedures of the enterprise relative to the applications under her supervision. The
Data Privacy Owner 155 is tasked with ensuring compliance with specific policies and procedures of the enterprise, including: developing, testing and maintaining the application in compliance with all data privacy regulations existing in the jurisdiction where the enterprise conducts business; ensuring that Outside Service Providers (OSPs) involved with the application develop, test and maintain the application in compliance with all data privacy regulations existing in the jurisdiction where the enterprise conducts business; ensuring that all data elements within the application and related files are classified according the data privacy impact rating; ensure that Risk Acknowledgments (see below) are in place for each area of non-compliance with data privacy policies; coordinate with local information owners to ensued that all of the responsibilities are properly fulfilled; ensure that the application is in compliance with Information Technology control policies; training employees, as needed, to comply with all data privacy regulations existing in the jurisdiction where the enterprise conducts business; inform all users of applications of the policies and procedures with respect to the application; identify an alternative Data Privacy Owner; and develop a Corrective Action Plan (see below) for any area of the application that is non-compliant. - The Data
Privacy Risk Manager 185 generally reports to senior management within the enterprise and is responsible for ensuring that the enterprise complies with the enterprise's established data privacy control policies. The responsibilities of the DataPrivacy Risk Manager 185 includes the following: coordinating the business unit's compliance with the enterprise's data privacy policies and procedures, as well as compliance with local, state and Federal regulations and laws related to data privacy; ensuring implementation of a data privacy awareness program for the business to address data privacy risks and to develop and offerData Privacy Owner 155 and user training; administering the Risk Acknowledgement process and insuring they are performed byData Privacy Owners 155 in compliance with the procedures of the enterprise; review and monitor technology audits and audit responses to validate the effectiveness of the response and the timeliness of any corrective actions; monitor on-going compliance with enterprise's data privacy policies and procedures, as well as compliance with local, state and Federal regulations and laws related to data privacy; ensure that a process is in place to assess technology platforms and associated applications for data privacy protection and compliance; ensure that a process is developed for the timely notification of terminated or transferredData Privacy Owners 155 and insuring an alternate resource; insure the development and implementation of Corrective Action plans with respect to any area not in compliance with data privacy protection policies and procedures; and insure business units ensure compliance of their OSPs with respect to data privacy policies and procedures. -
Screen 150 also allows the user to assign alternates to the one or more of the roles defined as the Primary Role. In the example depicted inFIG. 4 , four alternatives were assigned to fulfill primary role of Data Privacy Risk Manager 190-205. Alternative people have been identify to fulfill this role as it is one of the most important relative to the protection of data privacy. - Returning for the moment to
FIG. 2 , in step 3 (60) of the process, the user assists in a determination of the impact of the application being reviewed with respect to data privacy. As previously described, this impact assessment is accomplished automatically bysystem 10 in response to the answers given by the user to a series ofquestions 255, 295-335 relative to the application.FIG. 5 illustrates an example of one of the automated questionnaires.Screen 250 asks the user a series ofquestions 255, 295-335 about several types of data that have privacy implications. For example,question 255 asks the user as to whether the application under review has contact with data containing anyone's Social Security number. - With respect to each of the
questions 255, 295-335,system 10 provides the user with the ability to describe if and how the application has contact with the type of data and the nature of the contact. Specifically,system 10 asks the user if the application processes the data in question (260), whether it transmits thedata 265, whether it collects the data itself 270 and whether it stores thedata 275.System 10 further asks the user as to whether the data in question is data from acustomer 280 or data from an employee of theenterprise 285. Typically, an application would processonly customer 280 oremployee 285 data, but certain applications (e.g., storage or transport applications) could have contact with bothcustomer 280 andemployee 285 data.System 10 additionally allows the user to answer Not Applicable (N/A) 290 with respect to any type of data, indicating that the application does not touch that type of data. The user is able to answer affirmatively to any of thequestions 255, 295-335 by checking the selection box in the column 260-290 of the answer that applies. As seen inFIG. 5 , some applications will perform several of thefunctions process 260, transmit 265, collect 270 and store 275 (e.g., see question 300). - As can be seen in
FIG. 5 , each of the types of data that the user is queried about is personal in nature. The examples of the types of data listed inFIG. 5 are:Social Security Number 255; Health related data (e.g., medical records, dental records) (295); Compensation data (e.g., stock options, bonus, incentives, payroll information) (300); Contributions/Donations (e.g., United Way, Blood Drives, College Funds) (305); Performance information (e.g., performance reviews, performance ratings) (310); Tuition Reimbursement (e.g., grades, courses taken) (315); License/Certification information (e.g., financial licenses, insurance certifications) (320); Work experience information (e.g., background checks, references, resumes) (325); Association/Committee affiliate information (e.g., membership in employee networking groups, memberships in external groups) (330); and Bio-metric information (e.g., fingerprints, hand scans, face scans, retinal scans, DNA) (335). - As seen in
FIG. 5 , there arelinks 350 to connect the user to other questionnaire input screens (not shown). In the embodiment illustrated inFIG. 5 , thee are a total of three data privacy impact user interface screens. The other types of privacy data that these screens can query the user about include: Retirement information (e.g., 401K, pension, Social Security); Timekeeping information (e.g., vacation, sick days, personal days); Personal information (e.g., Employee Assistance Program participation); Birth Date (e.g., month, day, year, age); Drivers License information (e.g., license number, state); Email address (e.g., Uniform Resource Identifier, Internet Protocol); Credit information (e.g., history, credit rating, score); External Account/Financial information obtained from other organizations (e.g., account numbers used by customer or system, transactions, financials, linkages, status, privileges); Account Authorization Profile information (e.g., Personal Identification Number (PIN), challenge question, maiden name, mother's maiden name, recent transactions); Marketing Profile information (e.g., customer specific details/behaviors, customer lists, privacy preference information); Address information (e.g., postal, telephone, fax); Aggregate Marketing information (e.g., total transaction volume for a product or service, increase in sales, target market); Demographic information (e.g., gender, ethnicity, marital status, dependents, citizenship, resident status, education, profession, income range); and Residence information (e.g., own/rent, time in residence, multiple home ownership). - After the user has answered the questions on the data privacy impact assessment input screens (e.g., screen 250) she uses the Submit
button 340 in order to have the data saved bysystem 10 in database 40 (FIG. 1 ). If the answers to the questions are incorrect (e.g., out of date due to changes in the application) the user can activate theReset button 345 to clear the answers in columns 260-290. After submission and saving of the user's responses to the impact questions,system 10 automatically calculates the criticality of the data privacy impact rating of the application under review. -
System 10 computes criticality rating for the application based on the responses provided by the user with respect to the questions described above. The analysis process ofsystem 10 results in a privacy impact rating for the application of LOW to HIGH. The specific algorithm used to analyze and determine the overall data privacy impact rating of the application (in light of the manager's responses) is subject many factors including, among others, the types of data involved (e.g., Social Security number versus address) and the types of functionality performed by the application (e.g., storage, processing . . . ). The respective ratings of particular types of data are based upon industry/governmental guidelines. For example, Social Security numbers are ranked as High and demographic information is ranked as medium. These rankings are embedded insystem 10. In a preferred embodiment, the application is assigned the criticality of the highest criticality of the data that is touched by the application. - Once
system 10 has calculated the data privacy impact rating for the application, the rating is stored in database 40 (FIG. 1 ) and displayed to the user onscreen 250. As seen onscreen 250,system 10 actually calculates two separate data privacy impact ratings for each application under review, a customer dataprivacy impact rating 355 and an employeedata impact rating 360. - The above described procedure for determining the data privacy impact rating for an application can, and is preferably performed for each of the applications identified in
system 10. Although the data privacy impact rating for a particular application may be High, this does not mean that there is a problem with the application. It simply means that sensitivity that the enterprise should take with respect to the protection of the privacy data employed by this application is increased. As shown below, if the data privacy impact rating is High, the scrutiny given to the procedures of the enterprise for protecting the data is heightened. Furthermore, the acceptance of the risk associated with the data privacy aspects of the application is more carefully reviewed, in the preferred embodiment by higher levels of management. - Returning to
FIG. 2 , in step four (element 65) the user is required to identify the applicable jurisdictions in which the application operates.User interface screen 400 as illustrated inFIG. 6 allows the user to identify the applicable jurisdictions tosystem 10. The applicable jurisdictions are input intoarea 405. To assist this input,screen 400 provides anAdd button 410. Activation of thisAdd button 410causes system 10 to displayjurisdiction screen 420. Each jurisdiction in which the enterprise conducts business is displayed inarea 425. The user is able to select each of the jurisdictions that are applicable to the application under review using the selection boxes next to the named jurisdictions inarea 425. If the user does not want to make any selections fromarea 425, she may activate theClose button 435. Once the user has completed her selection(s) inarea 425 she activates the Submitbutton 430 to populate the selections into theinput area 405 inscreen 400. - If the user erroneously inputs a jurisdiction into
area 405, she can highlight the erroneous jurisdiction and then activate theDelete button 415 to delete the entry fromarea 405. Once all of the applicable jurisdictions have been input intoarea 405, the Submitbutton 440 is activated to causesystem 10 store the jurisdictions in database 40 (FIG. 1 ) in association with the application under review.Database 40 also preferably contains the laws and regulations of each jurisdiction as they apply to data privacy. This database can be consulted whensystem 10 determines the compliance of the application with the laws and regulations of the jurisdictions in which the application operates as further described below. - Returning to
FIG. 2 , step five (70) of the process requires the user to classify the risk associated with the application with respect to data privacy. As depicted inFIG. 7 ,screen area 500 allows the user to select a category of the enterprise's privacy policy for assessing the application under review. The preferred categories include: Customer Services Processes 505; Data Destruction andDisposal Procedures 510; Data Extraction and Modification 515; Development and QA/UAT Environment Processes 520;Encryption Practices 525;OSP practices 530; Related Applications and Processes 535; and Website Practices; 540. Depending on the nature of the application under review, the user may select one or more of categories 505-540. -
FIG. 8 illustrates theuser interface 550 displayed bysystem 10 if the user selects Customer Servicing Processes,category 505 inFIG. 7 .Screen area 575 depicts the questions posed to the user with respect to the Customer Servicing Processes aspects of the application as it relates to data privacy. As seen in thisuser interface screen 550, the user is asked to review the training and procedures of the customer service representatives. For example, the user is asked whether the employee providing customer services using the application has been trained with respect to the safeguarding of private information. Further questions asked ininput interface 500 include: “Are customer service agents trained not to enter sensitive information into comment fields that may not require authorization?”; “Are there procedures that define what a customer service agent may deliver from this application to customers and/or employees via the e-mail contact channel?”; “Are there procedures that define what a customer service agent may deliver from this application to customers and/or employees via the fax contact channel?”; and “Are there procedures that define what a customer service agent may deliver from this application to customers and/or employees via the telephone contact channel?”. - As illustrated in
FIG. 8 ,questions 575 have areas for the user to provide responses in the form of Yes (555), No (560), N/A (565) answers. Additionally,screen 550 provides aComments section 570. In theComment section 570 the user can enter or attach a description of the control process(es) or any information, that supports or clarifies the user's responses. The user is advised to indicate what evidence exists to support the responses or cross-reference to the supporting documentation. - When a user provides a negative answer to any of the questions in any of the assessments in
system 10,system 10 automatically asks the manager if she would like to develop a Corrective Action Plan (CAP) if the gap will be remediated within ninety days. As implied by its name, a Corrective Action Plan is a plan to correct the condition that has caused the manager to answer a question negatively. If the manager answers yes to developing a CAP,system 10 brings the manager to a CAP input screen in which the manager describes the condition which caused the negative response, the reason for the condition (e.g., funding) the plan to correct the condition, the person responsible for seeing that the correction is done, a target date by which the correction will be completed, and any attachments which are required to more fully explain the CAP. The CAP that is developed is stored in the database and appropriately linked to the records for this department.Comments section 570 indicates if a CAP is in place to correct the issue that caused the particular question to be answered negatively. - If the manager says “No” when asked if she wants to develop a CAP, the manager is automatically brought to a Risk Acknowledgement screen. In this screen, the manager is required to describe the reasons for the requirement of the Risk Acknowledgement; what compensating controls are in place, if any; the likelihood of an impact due to the risk involved (high, medium or low); a description of the potential impact; a rating of the potential impact (catastrophic, severe, moderate, negligible); and an implementation plan. The Risk Acknowledgement by the manager is reviewed and approved by the appropriate LOB management. If the Risk Acknowledgement is not approved by management, a CAP must be developed in order to correct the risk condition.
Comments section 570 indicates if a Risk Acknowledgement (RA) is in place to acknowledge the risk associated with the issue that caused the particular question to be answered negatively. - Tables 1 through 7 illustrate preferred categories of questions and the preferred questions that are posed to the user in order to classify the risk associated with the data privacy aspects of the application under review.
TABLE 1 Data Destruction & Disposal Procedures: DD 1Are removable storage media used by this application to store or transfer personal financial and/or employees' information properly scratched, reformatted and/or destroyed to ensure our customers' and/or employees' privacy is protected? DD 2Are there procedures in place to track when removable storage media are scratched, reformatted, and/or destroyed? If so, please attach the retention procedure documentation and denote the data disposal retention period. -
TABLE 2 Data Extraction & Modification Processes: DEM 1Is personal financial and/or employee information in the application's database/files safeguarded against unauthorized extraction or queries? If so, please define how this is done. DEM 2Are unauthorized individuals prevented from exporting personal financial and/or employee information into a portable format —removable media, paper, spreadsheet, document, or text file? If so, please define how this is done. DEM 3Are there procedures in place to prevent unauthorized individuals from modifying customers' personal financial and/or employees' information in the production environment? If so, please attach the procedure documentation. DEM 4Are there procedures to monitor and track personal financial information transferred from this application's database/files into portable formats such as — removable media, paper, spreadsheet, document, or text file? If so, please attach the procedure documentation. -
TABLE 3 Development & QA/UAT Environments: DT 1Are security and procedures used in the development environment capable of protecting our customers' personal financial and/or employees' information? If so, please attach the procedure documentation. If not, is personal financial information removed from databases/files accessed via the development environment to ensure our customers' privacy is protected? DT 2Are security and procedures used in the QA/UAT environment capable of protecting our customers' personal financial and/or employees' information? If so, please attach the procedure documentation. If not, is personal financial and/or employee information removed from databases/files accessed via the QA/UAT environment to ensure our customers' and/or employees' privacy is protected? -
TABLE 4 Encryption Practices: EP1 Does this application encrypt data in storage? EP2 Does this application encrypt data that is transmitted? EP3 Please indicate which encryption product(s) is used by this application (list of applications to select from) -
TABLE 5 Outside Service Provider Practices: OSP 1Does the contract with the OSP include country/federal/state specific privacy and confidentiality clauses to ensure appropriate collection, use, and disclosure of customers' personal financial and/or employees' information to third parties? If so, please attach a copy of the contract. OSP 2Are security and procedures used in the OSP's development environment capable of protecting our customers' personal financial information and/or employees' information? If so, please attach the OSP's procedure documentation. If not, is personal financial and/or employee information removed from databases/files accessed via the OSP's development environment to ensure our customers' and/or employees' privacy is protected? OSP 3Are security and procedures used in the OSP's QA/UAT environment capable of protecting our customers' personal financial information and/or employees' information? If so, please attach the OSP's procedure documentation. If not, is personal financial and/or employee information removed from databases/files accessed via the OSP's QA/UAT environment to ensure our customers' and/or employees' privacy is protected? OSP 4If personal financial and/or employee information from this application is used in production at an OSP's location, does the OSP have procedures in place to track and control personal financial and/or employee information transferred into portable formats such as - removable media, paper, spreadsheet, document, or text file? If so, please attach the OSP's procedure documentation. OSP 5If personal financial and/or employee information from this application resides at an OSP's premises, do you have specific procedures defined to recall, retain, or destroy all personal financial and/or employee information from the OSP if & when you terminate the relationship or eliminate the application? OSP 6Does the OSP use software tools such as web/e-mail bugs or cookies to monitor user behavior when delivering a enterprise product or service? If so, does the OSP's policy comply with the enterprise's Online Consumer Information Practices? OSP 7 Does this OSP send or receive our customers' personal financial and/or employees' information? If so, please attach the file/feed names, record layout/field details, frequency of transmission/delivery, and method of transmission/delivery/encryption. -
TABLE 6 Related Applications & Processes: OAP 1Please select all applications that have access to personal financial and/or employee information in this application's database/files. (Note: the preferred embodiment, the user interface associated with this question has a list of applications to select from.) OAP 2If other applications use personal financial and/or employee information from this application, are security and procedures used in the development environment capable of protecting our customers' personal financial and/or employees' information? If not, is personal financial and/or employee information removed from databases/files accessed via the development environment to ensure our customers' and/or employees' privacy is protected? OAP 3If other applications use personal financial and/or employee information from this application, are security and procedures used in the QA/UAT environment capable of protecting our customers' personal financial and/or employees' information? If not, is personal financial and/or employee information removed from databases/files accessed via the QA/UAT environment to ensure our customers' and/or employees' privacy is protected? -
TABLE 7 Website Practices: WEB 1Is a privacy policy link included on every page of the website? WEB 2If the personal financial and/or employee information sharing practices for this product differ from what is stated in the enterprise's standard Internet privacy policy, a distinct privacy policy is needed. Have the components of the standard Internet privacy policy been compared to that of this product to ensure that an accurate privacy policy is in place? WEB 3Has the account opening process been tested to ensure the privacy policy is presented to and acknowledged by the customer prior to an account being established? WEB 4If the website collects opt out selections from the customer, is this information fed into the Customer Information File (CIF)? - As illustrated in Tables. 1-7, the system and process of the present invention provides a systematic, standardized and comprehensive review of the data privacy issues associated with the applications employed by an enterprise. For areas that require attention or do not meet policy compliance, a corrective action, risk acknowledgment or risk acceptance process will automatically be invoked. Such processes identify the condition, remediation plan, identification of accountable personnel and targeted deadlines for implementation.
- A determination is made on whether the application is in compliance with the privacy guidelines, either by meeting all the requirements of the applicable policies or categories in the various risk assessments, or by having an approved process or plan in place to achieve compliance. If the application is compliant, then the indicators displayed in
FIG. 9 (see below) branches to compliant indicator. A compliant indicator provides a visual indication that is displayed to the user to show that the particular application is in compliance with the privacy guidelines established by various reliable resources (such as local, state and federal agencies). - One of the significant features of the present invention is the ability of
system 10 to rollup all of the collected information into clear and easily comprehensive status report.FIG. 9 illustrates one such report, in the form of a computer screen, known as a State ofHealth Report Card 600. Thisreport 600 provides enhanced capabilities to track and monitor key issues and their ongoing progress to close substantial gaps.Report 600 provides the highest level of status of the reviews of the data privacy aspects of the applications as described above, including corrective actions plans, risk acknowledgments and board issues as further described below. Thisstatus screen 600 provides a core repository to manage, monitor and measure the risk associated with data privacy of the applications utilized by the enterprise. - As seen in
FIG. 9 , thisstatus screen 600 contains the status of thedata privacy issues 605, corrective actions plans 610,risk acknowledgments 615, and board issues 620. Arecord 630 is capable of being displayed for each line ofbusiness 625 within the organization (only four illustrated inFIG. 9 ). For each record 630, the name of theSenior Business Executive 635 and the name of the Line ofBusiness 625 is displayed. The actual name of the Line ofBusiness 625 is a hyperlink that brings up a status screen comparable toscreen 600, except that it shows the status of the elements for the next level down in the corporate hierarchy (e.g., the department level). Using this feature, a user is able to drill down (or roll up) to the level of status desired by the particular user. - The status of the issues associated with the data privacy review of the applications used by a Line of Business is depicted as a colored icon, e.g.,
icon 640. Each icon represents a different status. In addition to each icon being a different color, it is also a different shape. This allows user having devices without color capability to quickly determine the status of a particular item.FIG. 10 illustrates a legend containing the different icons and their associated statuses. In the particular statuses depicted inFIG. 9 ,status 640 indicates that there is one or more application in use by the line of business that is not in compliance with one or more of the procedures or policies of the enterprise or laws or regulations of the jurisdictions in which the applications operate. - It should be apparent that while the user is presented with a visual indication of risk status as a result of the process shown in
FIG. 2 , the status need not be a visual indication as illustrated inFIG. 10 , but rather can be any kind of indicia that informs the user about the level of risk for a given application. For example, risk indications can be in the form of audible warnings or in a printed format. While the preferred embodiments of the present invention provides status indicators of different color, namely, green for compliant, amber for warning, red for critical, blue for incomplete and gray for pending approval, the present invention should not be considered to be so limited in general. For example, an indication of risk status based on indicators of varying shape can be used to inform users of risk status on electronic devices that do not have color displays. Alternately, a color and shape indication can be used in combination to permit the present system to be used in a number of platforms in a flexible manner. Numerous other forms of indicators should be apparent to those skilled in the art, which are not mentioned here for the sake of brevity, but should nevertheless be considered to be within the scope of the present invention. - As indicated by
icon 645, there is a Corrective Action Plan (CAP) in place to address the non compliance indicated byicon 640. As previously described, this CAP is documented onsystem 10. By clicking on thestatus icon 645 in the CorrectiveAction Plan column 610, the user can immediately bring up the CAP developed by the manager. If the manager did not develop a CAP, but rather performed a Risk Acknowledgement, this is indicated incolumn 650. Similarly, by clicking on theicon 650 inRisk Acknowledgement column 615, the user is be able to see the specific Risk Acknowledgement developed by the manager. - If the user clicks on one of the status icons in the
Data Privacy column 605,system 10 drills down the data to the next level of status as illustrated inFIG. 11 . State ofHealth status screen 700 gives the manager a more detailed look at the status of the reviews of any particular application employed by the particular line of business.Column 705 contains the name of the particular application. As seen inFIG. 11 , sixdifferent applications 765 have been identified as employed by the selected LOB.Column 710 provides name of the Information Owner as previously described with respect toFIG. 4 .Columns FIG. 5 .Column 725 contains the icons, as described above, that indicate the status of the particular application with respect to data privacy (e.g., compliant, non-compliant). - As with the Line of business as a whole described above with respect to Status Screen 600 (
FIG. 9 ),column 725 provides the status of the application with respect to any CAPs that have been formulated to address the issue that cause non-compliance. As further described above, clicking of the icons incolumn 730 allows the user to actually review the documentation associated with the CAP for that application. Similarly,screen 700 provides a RiskAcknowledgement status column 735 and ControlIssue status column 740 providing the status of these items that are required by negative assessments of any of the reviews as discussed above. - Returning to
FIG. 2 , step six (element 75) of the process is provide the user with access to the collection, library, of data privacy materials that has been collected by the enterprise.FIG. 12 illustrates auser interface screen 800 for providing the user with this access. Each of the items on this screen is a hyperlink the privacy materials described in the item's title. Broadly the types of materials include a list of the contacts within the enterprise that are able to assist the user with questions about data privacy, privacy papers generated by the enterprise, the enterprise's policies and procedures with respect to data privacy, U.S. Federal Legislation, U.S. State Legislation, International Legislation, other privacy materials and a privacy glossary - Although the present invention has been described in relation to particular embodiments thereof, many other variations and other uses will be apparent to those skilled in the art. It is preferred, therefore, that the present invention be limited not by the specific disclosure herein, but only by the gist and scope of the disclosure.
Claims (22)
1-31. (canceled)
32. A computer implemented method for managing protection of data privacy, the method comprising the steps of:
maintaining a repository for managing data privacy assessments for an entity;
presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies;
tracking responses associated with each automated questionnaire in the repository;
evaluating compliance with the one or more policies based on the responses;
assigning a rating of exposure to risk associated with the compliance; and
determining an action based on the rating of exposure.
33. The method of claim 32 , wherein the one or more policies comprise one or more privacy regulations.
34. The method of claim 33 , wherein the one or more privacy regulations comprise one or more Federal regulations.
35. The method of claim 34 , wherein the Federal regulations comprise Health Insurance Portability and Accountability Act (HIPAA).
36. The method of claim 32 , wherein the one or more policies are specific to a jurisdiction associated with the entity.
37. The method of claim 32 , wherein the rating represents a degree of compliance with the one or more policies.
38. The method of claim 32 , wherein the one or more users are associated with one or more groups within the entity and wherein the one or more questionnaires are specific to each group.
39. The method of claim 32 , wherein the step of determining an action comprises formulating a plan for reducing the risk.
40. The method of claim 32 , wherein the step of determining an action comprises formulating a plan for compliance.
41. The method of claim 32 , wherein the step of determining an action comprises disclaiming the risk.
42. The method of claim 32 , further comprising the step of:
forwarding the rating of exposure to one or more designated users for evaluating the exposure of risk relative to other groups within the entity.
43. The method of claim 32 , further comprising the step of:
generating one or more reports that provide compliance status.
44. The method of claim 32 , further comprising the step of:
searching the repository for identifying one or more of risk and compliance information.
45. A computer implemented system for managing protection of data privacy, the system comprising:
a repository for managing data privacy assessments for an entity; and
a decision engine for presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies; tracking responses associated with each automated questionnaire; evaluating compliance with the one or more policies based on the responses; assigning a rating of exposure to risk associated with the compliance; and determining an action based on the rating of exposure.
46. The system of claim 45 , wherein the one or more policies comprise one or more privacy regulations based on Federal regulations.
47. The system of claim 46 , wherein the Federal regulations comprise Health Insurance Portability and Accountability Act (HIPAA).
48. The system of claim 45 , wherein the rating represents a degree of compliance with the one or more policies.
49. The system of claim 45 , wherein the one or more users are associated with one or more groups within the entity and wherein the one or more questionnaires are specific to each group.
50. The system of claim 45 , wherein determining an action comprises one or more of formulating a plan for reducing the risk; formulating a plan for compliance and disclaiming the risk.
51. A method for an enterprise to manage privacy of information, the method comprising:
identifying application information that describes at least one software application used by the enterprise;
storing the application information in a database;
identifying types of information that are contained in or used by the application;
storing the types of information in the database;
determining jurisdiction information that describes the jurisdictions in which the application operates;
storing the jurisdiction information in the database;
identifying the procedures used to protect the privacy of the types of information;
storing procedural information related to the procedures in the database;
automatically determining a compliance rating associated with the application;
storing the compliance rating in the database;
providing status data from the database, wherein the status data comprises at least the compliance rating.
52. The method of claim 51 , wherein the step of automatically determining the compliance rating associated with the application is in response to one or more regulations.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/763,030 US20070283171A1 (en) | 2002-09-17 | 2007-06-14 | System and method for managing data privacy |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US41137002P | 2002-09-17 | 2002-09-17 | |
US10/664,530 US7234065B2 (en) | 2002-09-17 | 2003-09-17 | System and method for managing data privacy |
US11/763,030 US20070283171A1 (en) | 2002-09-17 | 2007-06-14 | System and method for managing data privacy |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/664,530 Continuation US7234065B2 (en) | 2002-09-17 | 2003-09-17 | System and method for managing data privacy |
Publications (1)
Publication Number | Publication Date |
---|---|
US20070283171A1 true US20070283171A1 (en) | 2007-12-06 |
Family
ID=32302523
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/664,530 Active 2025-08-30 US7234065B2 (en) | 2002-09-17 | 2003-09-17 | System and method for managing data privacy |
US11/763,030 Abandoned US20070283171A1 (en) | 2002-09-17 | 2007-06-14 | System and method for managing data privacy |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/664,530 Active 2025-08-30 US7234065B2 (en) | 2002-09-17 | 2003-09-17 | System and method for managing data privacy |
Country Status (1)
Country | Link |
---|---|
US (2) | US7234065B2 (en) |
Cited By (191)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040193907A1 (en) * | 2003-03-28 | 2004-09-30 | Joseph Patanella | Methods and systems for assessing and advising on electronic compliance |
US20050027575A1 (en) * | 2003-07-30 | 2005-02-03 | International Business Machines Corporation | Customer relationship management system with compliance tracking capabilities |
AU2008100458B4 (en) * | 2008-04-30 | 2008-10-02 | Anthony Sork | Attachment measurement device, system and methodology |
US7809595B2 (en) | 2002-09-17 | 2010-10-05 | Jpmorgan Chase Bank, Na | System and method for managing risks associated with outside service providers |
US20100257577A1 (en) * | 2009-04-03 | 2010-10-07 | International Business Machines Corporation | Managing privacy settings for a social network |
US20110029566A1 (en) * | 2009-07-31 | 2011-02-03 | International Business Machines Corporation | Providing and managing privacy scores |
WO2011136891A1 (en) * | 2010-04-30 | 2011-11-03 | Bank Of America Corporation | International cross border data movement |
US8554631B1 (en) | 2010-07-02 | 2013-10-08 | Jpmorgan Chase Bank, N.A. | Method and system for determining point of sale authorization |
WO2017086926A1 (en) * | 2015-11-17 | 2017-05-26 | Hewlett Packard Enterprise Development Lp | Privacy risk assessments |
WO2017214607A1 (en) * | 2016-06-10 | 2017-12-14 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US9851966B1 (en) | 2016-06-10 | 2017-12-26 | OneTrust, LLC | Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design |
US9858439B1 (en) | 2017-06-16 | 2018-01-02 | OneTrust, LLC | Data processing systems for identifying whether cookies contain personally identifying information |
US9892442B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US9892477B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and methods for implementing audit schedules for privacy campaigns |
US9892444B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US9892443B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems for modifying privacy campaign data via electronic messaging systems |
US9898769B2 (en) | 2016-04-01 | 2018-02-20 | OneTrust, LLC | Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications |
US10013577B1 (en) | 2017-06-16 | 2018-07-03 | OneTrust, LLC | Data processing systems for identifying whether cookies contain personally identifying information |
US10019597B2 (en) | 2016-06-10 | 2018-07-10 | OneTrust, LLC | Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design |
US10026110B2 (en) | 2016-04-01 | 2018-07-17 | OneTrust, LLC | Data processing systems and methods for generating personal data inventories for organizations and other entities |
US10032172B2 (en) | 2016-06-10 | 2018-07-24 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10104103B1 (en) | 2018-01-19 | 2018-10-16 | OneTrust, LLC | Data processing systems for tracking reputational risk via scanning and registry lookup |
US10102533B2 (en) | 2016-06-10 | 2018-10-16 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US10171658B2 (en) | 2010-03-24 | 2019-01-01 | Jpmorgan Chase Bank, N.A. | System and method for managing customer communications over communication channels |
US10169609B1 (en) | 2016-06-10 | 2019-01-01 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10176502B2 (en) | 2016-04-01 | 2019-01-08 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US10176503B2 (en) | 2016-04-01 | 2019-01-08 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US10181019B2 (en) | 2016-06-10 | 2019-01-15 | OneTrust, LLC | Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design |
US10181051B2 (en) | 2016-06-10 | 2019-01-15 | OneTrust, LLC | Data processing systems for generating and populating a data inventory for processing data access requests |
US10204154B2 (en) | 2016-06-10 | 2019-02-12 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10235534B2 (en) | 2016-06-10 | 2019-03-19 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
US10242228B2 (en) | 2016-06-10 | 2019-03-26 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10250748B1 (en) | 2012-01-30 | 2019-04-02 | Jpmorgan Chase Bank, N.A. | System and method for unified calling |
US10275614B2 (en) | 2016-06-10 | 2019-04-30 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10282692B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10282700B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10284604B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US10282559B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10289866B2 (en) | 2016-06-10 | 2019-05-14 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10289867B2 (en) | 2014-07-27 | 2019-05-14 | OneTrust, LLC | Data processing systems for webform crawling to map processing activities and related methods |
US10289870B2 (en) | 2016-06-10 | 2019-05-14 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10318761B2 (en) | 2016-06-10 | 2019-06-11 | OneTrust, LLC | Data processing systems and methods for auditing data request compliance |
US10346637B2 (en) | 2016-06-10 | 2019-07-09 | OneTrust, LLC | Data processing systems for the identification and deletion of personal data in computer systems |
US10346638B2 (en) | 2016-06-10 | 2019-07-09 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US10353673B2 (en) | 2016-06-10 | 2019-07-16 | OneTrust, LLC | Data processing systems for integration of consumer feedback with data subject access requests and related methods |
US10353674B2 (en) | 2016-06-10 | 2019-07-16 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US10416966B2 (en) | 2016-06-10 | 2019-09-17 | OneTrust, LLC | Data processing systems for identity validation of data subject access requests and related methods |
US10423996B2 (en) | 2016-04-01 | 2019-09-24 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US10430740B2 (en) | 2016-06-10 | 2019-10-01 | One Trust, LLC | Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods |
US10438017B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10437412B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Consent receipt management systems and related methods |
US10440062B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Consent receipt management systems and related methods |
US10452864B2 (en) | 2016-06-10 | 2019-10-22 | OneTrust, LLC | Data processing systems for webform crawling to map processing activities and related methods |
US10452866B2 (en) | 2016-06-10 | 2019-10-22 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10454973B2 (en) | 2016-06-10 | 2019-10-22 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10467432B2 (en) | 2016-06-10 | 2019-11-05 | OneTrust, LLC | Data processing systems for use in automatically generating, populating, and submitting data subject access requests |
US10496846B1 (en) | 2016-06-10 | 2019-12-03 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US10496803B2 (en) | 2016-06-10 | 2019-12-03 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US10503926B2 (en) | 2016-06-10 | 2019-12-10 | OneTrust, LLC | Consent receipt management systems and related methods |
US10509894B2 (en) | 2016-06-10 | 2019-12-17 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US10509920B2 (en) | 2016-06-10 | 2019-12-17 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10510031B2 (en) | 2016-06-10 | 2019-12-17 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10565161B2 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10565397B1 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10565236B1 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10572686B2 (en) | 2016-06-10 | 2020-02-25 | OneTrust, LLC | Consent receipt management systems and related methods |
US10586075B2 (en) | 2016-06-10 | 2020-03-10 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US10585968B2 (en) | 2016-06-10 | 2020-03-10 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10592692B2 (en) | 2016-06-10 | 2020-03-17 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US10592648B2 (en) | 2016-06-10 | 2020-03-17 | OneTrust, LLC | Consent receipt management systems and related methods |
US10606916B2 (en) | 2016-06-10 | 2020-03-31 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US10607028B2 (en) | 2016-06-10 | 2020-03-31 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US10614247B2 (en) | 2016-06-10 | 2020-04-07 | OneTrust, LLC | Data processing systems for automated classification of personal information from documents and related methods |
US10642870B2 (en) | 2016-06-10 | 2020-05-05 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US10678945B2 (en) | 2016-06-10 | 2020-06-09 | OneTrust, LLC | Consent receipt management systems and related methods |
US10685140B2 (en) | 2016-06-10 | 2020-06-16 | OneTrust, LLC | Consent receipt management systems and related methods |
US10708305B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Automated data processing systems and methods for automatically processing requests for privacy-related information |
US10706176B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data-processing consent refresh, re-prompt, and recapture systems and related methods |
US10706447B2 (en) | 2016-04-01 | 2020-07-07 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US10706379B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems for automatic preparation for remediation and related methods |
US10706174B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
US10706131B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US10713387B2 (en) | 2016-06-10 | 2020-07-14 | OneTrust, LLC | Consent conversion optimization systems and related methods |
US10726158B2 (en) | 2016-06-10 | 2020-07-28 | OneTrust, LLC | Consent receipt management and automated process blocking systems and related methods |
US10740487B2 (en) | 2016-06-10 | 2020-08-11 | OneTrust, LLC | Data processing systems and methods for populating and maintaining a centralized database of personal data |
US10762236B2 (en) | 2016-06-10 | 2020-09-01 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US10769301B2 (en) | 2016-06-10 | 2020-09-08 | OneTrust, LLC | Data processing systems for webform crawling to map processing activities and related methods |
US10776517B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods |
US10776518B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Consent receipt management systems and related methods |
US10776514B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Data processing systems for the identification and deletion of personal data in computer systems |
US10783256B2 (en) | 2016-06-10 | 2020-09-22 | OneTrust, LLC | Data processing systems for data transfer risk identification and related methods |
US10798133B2 (en) | 2016-06-10 | 2020-10-06 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10796260B2 (en) | 2016-06-10 | 2020-10-06 | OneTrust, LLC | Privacy management systems and methods |
US10803202B2 (en) | 2018-09-07 | 2020-10-13 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US10803200B2 (en) | 2016-06-10 | 2020-10-13 | OneTrust, LLC | Data processing systems for processing and managing data subject access in a distributed environment |
US10839102B2 (en) | 2016-06-10 | 2020-11-17 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US10848523B2 (en) | 2016-06-10 | 2020-11-24 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10846433B2 (en) | 2016-06-10 | 2020-11-24 | OneTrust, LLC | Data processing consent management systems and related methods |
US10853501B2 (en) | 2016-06-10 | 2020-12-01 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US10873606B2 (en) | 2016-06-10 | 2020-12-22 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10878127B2 (en) | 2016-06-10 | 2020-12-29 | OneTrust, LLC | Data subject access request processing systems and related methods |
US10885485B2 (en) | 2016-06-10 | 2021-01-05 | OneTrust, LLC | Privacy management systems and methods |
US10896394B2 (en) | 2016-06-10 | 2021-01-19 | OneTrust, LLC | Privacy management systems and methods |
US10909265B2 (en) | 2016-06-10 | 2021-02-02 | OneTrust, LLC | Application privacy scanning systems and related methods |
US10909488B2 (en) | 2016-06-10 | 2021-02-02 | OneTrust, LLC | Data processing systems for assessing readiness for responding to privacy-related incidents |
US10944725B2 (en) | 2016-06-10 | 2021-03-09 | OneTrust, LLC | Data processing systems and methods for using a data model to select a target data asset in a data migration |
US10949170B2 (en) | 2016-06-10 | 2021-03-16 | OneTrust, LLC | Data processing systems for integration of consumer feedback with data subject access requests and related methods |
US10949565B2 (en) | 2016-06-10 | 2021-03-16 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10997315B2 (en) | 2016-06-10 | 2021-05-04 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10997318B2 (en) | 2016-06-10 | 2021-05-04 | OneTrust, LLC | Data processing systems for generating and populating a data inventory for processing data access requests |
US11004125B2 (en) | 2016-04-01 | 2021-05-11 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US20210142239A1 (en) * | 2016-06-10 | 2021-05-13 | OneTrust, LLC | Data processing systems and methods for estimating vendor procurement timing |
US11023842B2 (en) | 2016-06-10 | 2021-06-01 | OneTrust, LLC | Data processing systems and methods for bundled privacy policies |
US11025675B2 (en) | 2016-06-10 | 2021-06-01 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US11038925B2 (en) | 2016-06-10 | 2021-06-15 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11057356B2 (en) | 2016-06-10 | 2021-07-06 | OneTrust, LLC | Automated data processing systems and methods for automatically processing data subject access requests using a chatbot |
US11074367B2 (en) | 2016-06-10 | 2021-07-27 | OneTrust, LLC | Data processing systems for identity validation for consumer rights requests and related methods |
US11087260B2 (en) | 2016-06-10 | 2021-08-10 | OneTrust, LLC | Data processing systems and methods for customizing privacy training |
US11100444B2 (en) | 2016-06-10 | 2021-08-24 | OneTrust, LLC | Data processing systems and methods for providing training in a vendor procurement process |
US11134086B2 (en) | 2016-06-10 | 2021-09-28 | OneTrust, LLC | Consent conversion optimization systems and related methods |
US11138242B2 (en) | 2016-06-10 | 2021-10-05 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US11138299B2 (en) | 2016-06-10 | 2021-10-05 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11146566B2 (en) | 2016-06-10 | 2021-10-12 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US11144622B2 (en) | 2016-06-10 | 2021-10-12 | OneTrust, LLC | Privacy management systems and methods |
US11144675B2 (en) | 2018-09-07 | 2021-10-12 | OneTrust, LLC | Data processing systems and methods for automatically protecting sensitive data within privacy management systems |
US11151233B2 (en) | 2016-06-10 | 2021-10-19 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11157600B2 (en) | 2016-06-10 | 2021-10-26 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11188862B2 (en) | 2016-06-10 | 2021-11-30 | OneTrust, LLC | Privacy management systems and methods |
US11188657B2 (en) | 2018-05-12 | 2021-11-30 | Netgovern Inc. | Method and system for managing electronic documents based on sensitivity of information |
US11188615B2 (en) | 2016-06-10 | 2021-11-30 | OneTrust, LLC | Data processing consent capture systems and related methods |
US11200341B2 (en) | 2016-06-10 | 2021-12-14 | OneTrust, LLC | Consent receipt management systems and related methods |
US11210420B2 (en) | 2016-06-10 | 2021-12-28 | OneTrust, LLC | Data subject access request processing systems and related methods |
US11222142B2 (en) | 2016-06-10 | 2022-01-11 | OneTrust, LLC | Data processing systems for validating authorization for personal data collection, storage, and processing |
US11222309B2 (en) | 2016-06-10 | 2022-01-11 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11222139B2 (en) | 2016-06-10 | 2022-01-11 | OneTrust, LLC | Data processing systems and methods for automatic discovery and assessment of mobile software development kits |
US11227247B2 (en) | 2016-06-10 | 2022-01-18 | OneTrust, LLC | Data processing systems and methods for bundled privacy policies |
US11228620B2 (en) | 2016-06-10 | 2022-01-18 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11238390B2 (en) | 2016-06-10 | 2022-02-01 | OneTrust, LLC | Privacy management systems and methods |
US11244367B2 (en) | 2016-04-01 | 2022-02-08 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US11277448B2 (en) | 2016-06-10 | 2022-03-15 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11294939B2 (en) | 2016-06-10 | 2022-04-05 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US11295316B2 (en) | 2016-06-10 | 2022-04-05 | OneTrust, LLC | Data processing systems for identity validation for consumer rights requests and related methods |
US11301796B2 (en) | 2016-06-10 | 2022-04-12 | OneTrust, LLC | Data processing systems and methods for customizing privacy training |
US11328092B2 (en) | 2016-06-10 | 2022-05-10 | OneTrust, LLC | Data processing systems for processing and managing data subject access in a distributed environment |
US11336697B2 (en) | 2016-06-10 | 2022-05-17 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11343284B2 (en) | 2016-06-10 | 2022-05-24 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US11341447B2 (en) * | 2016-06-10 | 2022-05-24 | OneTrust, LLC | Privacy management systems and methods |
US11354434B2 (en) | 2016-06-10 | 2022-06-07 | OneTrust, LLC | Data processing systems for verification of consent and notice processing and related methods |
US11354435B2 (en) | 2016-06-10 | 2022-06-07 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US11366786B2 (en) | 2016-06-10 | 2022-06-21 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US11366909B2 (en) | 2016-06-10 | 2022-06-21 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11392720B2 (en) | 2016-06-10 | 2022-07-19 | OneTrust, LLC | Data processing systems for verification of consent and notice processing and related methods |
US11397819B2 (en) | 2020-11-06 | 2022-07-26 | OneTrust, LLC | Systems and methods for identifying data processing activities based on data discovery results |
US11403377B2 (en) | 2016-06-10 | 2022-08-02 | OneTrust, LLC | Privacy management systems and methods |
US11416589B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11416798B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing systems and methods for providing training in a vendor procurement process |
US11416590B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11418492B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing systems and methods for using a data model to select a target data asset in a data migration |
US11416109B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Automated data processing systems and methods for automatically processing data subject access requests using a chatbot |
US11438386B2 (en) | 2016-06-10 | 2022-09-06 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11436373B2 (en) | 2020-09-15 | 2022-09-06 | OneTrust, LLC | Data processing systems and methods for detecting tools for the automatic blocking of consent requests |
US11442906B2 (en) | 2021-02-04 | 2022-09-13 | OneTrust, LLC | Managing custom attributes for domain objects defined within microservices |
US11444976B2 (en) | 2020-07-28 | 2022-09-13 | OneTrust, LLC | Systems and methods for automatically blocking the use of tracking tools |
US11461500B2 (en) | 2016-06-10 | 2022-10-04 | OneTrust, LLC | Data processing systems for cookie compliance testing with website scanning and related methods |
US11475165B2 (en) | 2020-08-06 | 2022-10-18 | OneTrust, LLC | Data processing systems and methods for automatically redacting unstructured data from a data subject access request |
US11475136B2 (en) | 2016-06-10 | 2022-10-18 | OneTrust, LLC | Data processing systems for data transfer risk identification and related methods |
US11481710B2 (en) | 2016-06-10 | 2022-10-25 | OneTrust, LLC | Privacy management systems and methods |
US11494515B2 (en) | 2021-02-08 | 2022-11-08 | OneTrust, LLC | Data processing systems and methods for anonymizing data samples in classification analysis |
US11520928B2 (en) | 2016-06-10 | 2022-12-06 | OneTrust, LLC | Data processing systems for generating personal data receipts and related methods |
US11526624B2 (en) | 2020-09-21 | 2022-12-13 | OneTrust, LLC | Data processing systems and methods for automatically detecting target data transfers and target data processing |
US11533315B2 (en) | 2021-03-08 | 2022-12-20 | OneTrust, LLC | Data transfer discovery and analysis systems and related methods |
US11544667B2 (en) | 2016-06-10 | 2023-01-03 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11544409B2 (en) | 2018-09-07 | 2023-01-03 | OneTrust, LLC | Data processing systems and methods for automatically protecting sensitive data within privacy management systems |
US11546661B2 (en) | 2021-02-18 | 2023-01-03 | OneTrust, LLC | Selective redaction of media content |
US11562078B2 (en) | 2021-04-16 | 2023-01-24 | OneTrust, LLC | Assessing and managing computational risk involved with integrating third party computing functionality within a computing system |
US11562097B2 (en) | 2016-06-10 | 2023-01-24 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US11586700B2 (en) | 2016-06-10 | 2023-02-21 | OneTrust, LLC | Data processing systems and methods for automatically blocking the use of tracking tools |
US11601464B2 (en) | 2021-02-10 | 2023-03-07 | OneTrust, LLC | Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system |
US11620142B1 (en) | 2022-06-03 | 2023-04-04 | OneTrust, LLC | Generating and customizing user interfaces for demonstrating functions of interactive user environments |
US11625502B2 (en) | 2016-06-10 | 2023-04-11 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US11636171B2 (en) | 2016-06-10 | 2023-04-25 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US11651104B2 (en) | 2016-06-10 | 2023-05-16 | OneTrust, LLC | Consent receipt management systems and related methods |
US11651402B2 (en) | 2016-04-01 | 2023-05-16 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of risk assessments |
US11651106B2 (en) | 2016-06-10 | 2023-05-16 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US11675929B2 (en) | 2016-06-10 | 2023-06-13 | OneTrust, LLC | Data processing consent sharing systems and related methods |
US11687528B2 (en) | 2021-01-25 | 2023-06-27 | OneTrust, LLC | Systems and methods for discovery, classification, and indexing of data in a native computing system |
US11727141B2 (en) | 2016-06-10 | 2023-08-15 | OneTrust, LLC | Data processing systems and methods for synching privacy-related user consent across multiple computing devices |
US11775348B2 (en) | 2021-02-17 | 2023-10-03 | OneTrust, LLC | Managing custom workflows for domain objects defined within microservices |
US11797528B2 (en) | 2020-07-08 | 2023-10-24 | OneTrust, LLC | Systems and methods for targeted data discovery |
US12045266B2 (en) | 2016-06-10 | 2024-07-23 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US12052289B2 (en) | 2016-06-10 | 2024-07-30 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
Families Citing this family (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7249372B1 (en) * | 2000-01-14 | 2007-07-24 | Target Training International Performance Systems | Network based document distribution method |
US20040186758A1 (en) * | 2003-03-20 | 2004-09-23 | Yilmaz Halac | System for bringing a business process into compliance with statutory regulations |
WO2004104788A2 (en) * | 2003-05-20 | 2004-12-02 | United States Postal Service | Methods and systems for determining security requirements for an information resource |
US7966663B2 (en) * | 2003-05-20 | 2011-06-21 | United States Postal Service | Methods and systems for determining privacy requirements for an information resource |
US7908208B2 (en) * | 2003-12-10 | 2011-03-15 | Alphacap Ventures Llc | Private entity profile network |
US9621539B2 (en) * | 2004-01-30 | 2017-04-11 | William H. Shawn | Method and apparatus for securing the privacy of a computer network |
US20070288313A1 (en) * | 2006-06-09 | 2007-12-13 | Mark Brodson | E-Coupon System and Method |
US10248951B2 (en) * | 2004-12-01 | 2019-04-02 | Metavante Corporation | E-coupon settlement and clearing process |
US7797725B2 (en) * | 2004-12-02 | 2010-09-14 | Palo Alto Research Center Incorporated | Systems and methods for protecting privacy |
US8019843B2 (en) * | 2005-05-24 | 2011-09-13 | CRIF Corporation | System and method for defining attributes, decision rules, or both, for remote execution, claim set II |
US8019828B2 (en) * | 2005-05-24 | 2011-09-13 | CRIF Corporation | System and method for defining attributes, decision rules, or both, for remote execution, claim set III |
US8024778B2 (en) * | 2005-05-24 | 2011-09-20 | CRIF Corporation | System and method for defining attributes, decision rules, or both, for remote execution, claim set I |
US7860782B2 (en) | 2005-05-24 | 2010-12-28 | Magnum Communications, Limited | System and method for defining attributes, decision rules, or both, for remote execution, claim set IV |
CN1921377B (en) * | 2005-08-26 | 2010-09-15 | 鸿富锦精密工业(深圳)有限公司 | Data synchronizing system and method |
JP4140920B2 (en) * | 2006-04-20 | 2008-08-27 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Information processing device that supports the protection of personal information |
US20070266420A1 (en) * | 2006-05-12 | 2007-11-15 | International Business Machines Corporation | Privacy modeling framework for software applications |
US8141160B2 (en) * | 2006-07-26 | 2012-03-20 | International Business Machines Corporation | Mitigating and managing privacy risks using planning |
US8965868B2 (en) * | 2006-11-15 | 2015-02-24 | Barclays Capital Inc. | Method and system for conducting pre-employment process |
US9990617B2 (en) * | 2007-01-25 | 2018-06-05 | Sony Corporation | Consumer opt-in to information sharing at point of sale |
US7797305B2 (en) * | 2007-09-25 | 2010-09-14 | International Business Machines Corporation | Method for intelligent consumer earcons |
US7792820B2 (en) * | 2007-09-25 | 2010-09-07 | International Business Machines Corporation | System for intelligent consumer earcons |
KR101086452B1 (en) * | 2007-12-05 | 2011-11-25 | 한국전자통신연구원 | System for identity management with privacy policy using number and method thereof |
US8347380B1 (en) * | 2008-06-30 | 2013-01-01 | Symantec Corporation | Protecting users from accidentally disclosing personal information in an insecure environment |
US20100293618A1 (en) * | 2009-05-12 | 2010-11-18 | Microsoft Corporation | Runtime analysis of software privacy issues |
US9727919B2 (en) | 2011-11-14 | 2017-08-08 | Identity Theft Guard Solutions, Inc. | Systems and methods for reducing medical claims fraud |
US9781147B2 (en) * | 2012-02-14 | 2017-10-03 | Radar, Inc. | Systems and methods for managing data incidents |
US10331904B2 (en) | 2012-02-14 | 2019-06-25 | Radar, Llc | Systems and methods for managing multifaceted data incidents |
US10204238B2 (en) * | 2012-02-14 | 2019-02-12 | Radar, Inc. | Systems and methods for managing data incidents |
US8707445B2 (en) * | 2012-02-14 | 2014-04-22 | Identity Theft Guard Solutions, Llc | Systems and methods for managing data incidents |
US10445508B2 (en) | 2012-02-14 | 2019-10-15 | Radar, Llc | Systems and methods for managing multi-region data incidents |
US9053345B2 (en) * | 2012-09-18 | 2015-06-09 | Samsung Electronics Co., Ltd. | Computing system with privacy mechanism and method of operation thereof |
US8918632B1 (en) * | 2013-01-23 | 2014-12-23 | The Privacy Factor, LLC | Methods for analyzing application privacy and devices thereof |
US20140282581A1 (en) * | 2013-03-15 | 2014-09-18 | Mckesson Financial Holdings | Method and apparatus for providing a component block architecture |
WO2015042808A1 (en) * | 2013-09-25 | 2015-04-02 | Thomson Licensing | Method and device for protecting private information |
US10600085B2 (en) * | 2014-05-15 | 2020-03-24 | Alan Rodriguez | Systems and methods for communicating privacy and marketing preferences |
US9672349B2 (en) | 2014-07-11 | 2017-06-06 | Microsoft Technology Licensing, Llc | Multiple-key feature toggles for compliance |
US10795856B1 (en) * | 2014-12-29 | 2020-10-06 | EMC IP Holding Company LLC | Methods, systems, and computer readable mediums for implementing a data protection policy for a transferred enterprise application |
US9507960B2 (en) * | 2015-02-25 | 2016-11-29 | Citigroup Technology, Inc. | Systems and methods for automated data privacy compliance |
US11450415B1 (en) * | 2015-04-17 | 2022-09-20 | Medable Inc. | Methods and systems for health insurance portability and accountability act application compliance |
US20170093917A1 (en) * | 2015-09-30 | 2017-03-30 | Fortinet, Inc. | Centralized management and enforcement of online behavioral tracking policies |
WO2017111967A1 (en) | 2015-12-22 | 2017-06-29 | Hewlett Packard Enterprise Development Lp | Privacy risk information display |
US20170286716A1 (en) * | 2016-04-01 | 2017-10-05 | Onetrust Llc | Data processing systems and methods for implementing audit schedules for privacy campaigns |
US10956664B2 (en) | 2016-11-22 | 2021-03-23 | Accenture Global Solutions Limited | Automated form generation and analysis |
US10484868B2 (en) * | 2017-01-17 | 2019-11-19 | International Business Machines Corporation | Configuring privacy policies by formulating questions and evaluating responses |
US9930062B1 (en) | 2017-06-26 | 2018-03-27 | Factory Mutual Insurance Company | Systems and methods for cyber security risk assessment |
RU2690763C1 (en) * | 2017-12-15 | 2019-06-05 | Общество с ограниченной ответственностью "САЙТСЕКЬЮР" | System and method of making a web site gathering personal information in accordance legislation on personal data when detecting its violations |
US12086285B1 (en) | 2020-06-29 | 2024-09-10 | Wells Fargo Bank, N.A. | Data subject request tiering |
US20220067204A1 (en) * | 2020-08-27 | 2022-03-03 | Accenture Global Solutions Limited | System architecture for providing privacy by design |
CN112084528B (en) * | 2020-08-28 | 2024-02-02 | 杭州数云信息技术有限公司 | Customer privacy data identification and protection method based on data model |
US11599658B2 (en) * | 2020-12-01 | 2023-03-07 | Salesforce.Com, Inc. | Compliance with data policies in view of a possible migration |
US11893130B2 (en) | 2020-12-18 | 2024-02-06 | Paypal, Inc. | Data lifecycle discovery and management |
US20220198044A1 (en) * | 2020-12-18 | 2022-06-23 | Paypal, Inc. | Governance management relating to data lifecycle discovery and management |
CN115065561B (en) * | 2022-08-17 | 2022-11-18 | 深圳市乙辰科技股份有限公司 | Information interaction method and system based on database data storage |
CN115866024B (en) * | 2023-01-09 | 2023-07-21 | 广州市汇朗信息技术有限公司 | Data processing method and system based on hybrid cloud intelligent deployment |
Citations (100)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3860870A (en) * | 1973-01-12 | 1975-01-14 | Nippon Electric Co | Microwave relay system having auxiliary signal transmission arrangement |
US3938091A (en) * | 1972-03-17 | 1976-02-10 | Atalla Technovations Company | Personal verification system |
US4567359A (en) * | 1984-05-24 | 1986-01-28 | Lockwood Lawrence B | Automatic information, goods and services dispensing system |
US4725719A (en) * | 1986-07-21 | 1988-02-16 | First City National Bank Of Austin | Restricted purpose, commercial, monetary regulation method |
US4799156A (en) * | 1986-10-01 | 1989-01-17 | Strategic Processing Corporation | Interactive market management system |
US4801787A (en) * | 1985-07-05 | 1989-01-31 | Casio Computer Co., Ltd. | IC card identification system having first and second data identification functions |
US4992940A (en) * | 1989-03-13 | 1991-02-12 | H-Renee, Incorporated | System and method for automated selection of equipment for purchase through input of user desired specifications |
US5084816A (en) * | 1987-11-25 | 1992-01-28 | Bell Communications Research, Inc. | Real time fault tolerant transaction processing system |
US5189606A (en) * | 1989-08-30 | 1993-02-23 | The United States Of America As Represented By The Secretary Of The Air Force | Totally integrated construction cost estimating, analysis, and reporting system |
US5287268A (en) * | 1989-01-27 | 1994-02-15 | Mccarthy Patrick D | Centralized consumer cash value accumulation system for multiple merchants |
US5381332A (en) * | 1991-12-09 | 1995-01-10 | Motorola, Inc. | Project management system with automated schedule and cost integration |
US5485370A (en) * | 1988-05-05 | 1996-01-16 | Transaction Technology, Inc. | Home services delivery system with intelligent terminal emulator |
US5592553A (en) * | 1993-07-30 | 1997-01-07 | International Business Machines Corporation | Authentication system using one-time passwords |
US5592560A (en) * | 1989-05-01 | 1997-01-07 | Credit Verification Corporation | Method and system for building a database and performing marketing based upon prior shopping history |
US5592378A (en) * | 1994-08-19 | 1997-01-07 | Andersen Consulting Llp | Computerized order entry system and method |
US5594837A (en) * | 1993-01-29 | 1997-01-14 | Noyes; Dallas B. | Method for representation of knowledge in a computer as a network database system |
US5598557A (en) * | 1992-09-22 | 1997-01-28 | Caere Corporation | Apparatus and method for retrieving and grouping images representing text files based on the relevance of key words extracted from a selected file to the text files |
US5602936A (en) * | 1993-01-21 | 1997-02-11 | Greenway Corporation | Method of and apparatus for document data recapture |
US5603025A (en) * | 1994-07-29 | 1997-02-11 | Borland International, Inc. | Methods for hypertext reporting in a relational database management system |
US5604490A (en) * | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
US5606496A (en) * | 1990-08-14 | 1997-02-25 | Aegis Technologies, Inc. | Personal assistant computer method |
US5710889A (en) * | 1995-02-22 | 1998-01-20 | Citibank, N.A. | Interface device for electronically integrating global financial services |
US5710886A (en) * | 1995-06-16 | 1998-01-20 | Sellectsoft, L.C. | Electric couponing method and apparatus |
US5710887A (en) * | 1995-08-29 | 1998-01-20 | Broadvision | Computer system and method for electronic commerce |
US5715298A (en) * | 1996-05-16 | 1998-02-03 | Telepay | Automated interactive bill payment system using debit cards |
US5715402A (en) * | 1995-11-09 | 1998-02-03 | Spot Metals Online | Method and system for matching sellers and buyers of spot metals |
US5715450A (en) * | 1995-09-27 | 1998-02-03 | Siebel Systems, Inc. | Method of selecting and presenting data from a database using a query language to a user of a computer system |
US5715314A (en) * | 1994-10-24 | 1998-02-03 | Open Market, Inc. | Network sales system |
US5715399A (en) * | 1995-03-30 | 1998-02-03 | Amazon.Com, Inc. | Secure method and system for communicating a list of credit card numbers over a non-secure network |
US5857079A (en) * | 1994-12-23 | 1999-01-05 | Lucent Technologies Inc. | Smart card for automatic financial records |
US5862223A (en) * | 1996-07-24 | 1999-01-19 | Walker Asset Management Limited Partnership | Method and apparatus for a cryptographically-assisted commercial network system designed to facilitate and support expert-based commerce |
US5862323A (en) * | 1995-11-13 | 1999-01-19 | International Business Machines Corporation | Retrieving plain-text passwords from a main registry by a plurality of foreign registries |
US5864830A (en) * | 1997-02-13 | 1999-01-26 | Armetta; David | Data processing method of configuring and monitoring a satellite spending card linked to a host credit card |
US5866889A (en) * | 1995-06-07 | 1999-02-02 | Citibank, N.A. | Integrated full service consumer banking system and system and method for opening an account |
US5870725A (en) * | 1995-08-11 | 1999-02-09 | Wachovia Corporation | High volume financial image media creation and display system and method |
US5870718A (en) * | 1996-02-26 | 1999-02-09 | Spector; Donald | Computer-printer terminal for producing composite greeting and gift certificate card |
US5870724A (en) * | 1989-12-08 | 1999-02-09 | Online Resources & Communications Corporation | Targeting advertising in a home retail banking delivery service |
US5871398A (en) * | 1995-06-30 | 1999-02-16 | Walker Asset Management Limited Partnership | Off-line remote system for lotteries and games of skill |
US5873072A (en) * | 1991-07-25 | 1999-02-16 | Checkfree Corporation | System and method for electronically providing customer services including payment of bills, financial analysis and loans |
US5873096A (en) * | 1997-10-08 | 1999-02-16 | Siebel Systems, Inc. | Method of maintaining a network of partially replicated database system |
US6010404A (en) * | 1997-04-03 | 2000-01-04 | Walker Asset Management Limited Partnership | Method and apparatus for using a player input code to affect a gambling outcome |
US6012088A (en) * | 1996-12-10 | 2000-01-04 | International Business Machines Corporation | Automatic configuration for internet access device |
US6014439A (en) * | 1997-04-08 | 2000-01-11 | Walker Asset Management Limited Partnership | Method and apparatus for entertaining callers in a queue |
US6012983A (en) * | 1996-12-30 | 2000-01-11 | Walker Asset Management Limited Partnership | Automated play gaming device |
US6014635A (en) * | 1997-12-08 | 2000-01-11 | Shc Direct, Inc. | System and method for providing a discount credit transaction network |
US6014645A (en) * | 1996-04-19 | 2000-01-11 | Block Financial Corporation | Real-time financial card application system |
US6014638A (en) * | 1996-05-29 | 2000-01-11 | America Online, Inc. | System for customizing computer displays in accordance with user preferences |
US6014636A (en) * | 1997-05-06 | 2000-01-11 | Lucent Technologies Inc. | Point of sale method and system |
US6014641A (en) * | 1996-12-11 | 2000-01-11 | Walker Asset Management Limited Partnership | Method and apparatus for providing open-ended subscriptions to commodity items normally available only through term-based subscriptions |
US6016476A (en) * | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
US6016810A (en) * | 1995-01-31 | 2000-01-25 | Boston Scientific Corporation | Endovasular aortic graft |
US6018718A (en) * | 1997-08-28 | 2000-01-25 | Walker Asset Management Limited Partnership | Method and system for processing customized reward offers |
US6018714A (en) * | 1997-11-08 | 2000-01-25 | Ip Value, Llc | Method of protecting against a change in value of intellectual property, and product providing such protection |
US6026398A (en) * | 1997-10-16 | 2000-02-15 | Imarket, Incorporated | System and methods for searching and matching databases |
US6026429A (en) * | 1995-06-07 | 2000-02-15 | America Online, Inc. | Seamless integration of internet resources |
US6032147A (en) * | 1996-04-24 | 2000-02-29 | Linguateq, Inc. | Method and apparatus for rationalizing different data formats in a data management system |
US6032134A (en) * | 1998-11-18 | 2000-02-29 | Weissman; Steven I. | Credit card billing system for identifying expenditures on a credit card account |
US6170011B1 (en) * | 1998-09-11 | 2001-01-02 | Genesys Telecommunications Laboratories, Inc. | Method and apparatus for determining and initiating interaction directionality within a multimedia communication center |
US6178511B1 (en) * | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
US6182052B1 (en) * | 1994-06-06 | 2001-01-30 | Huntington Bancshares Incorporated | Communications network interface for user friendly interactive access to online services |
US6182142B1 (en) * | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
US6182225B1 (en) * | 1997-02-03 | 2001-01-30 | Canon Kabushiki Kaisha | Network data base control device and method thereof |
US6182220B1 (en) * | 1998-03-30 | 2001-01-30 | International Business Machines Corporation | System and method for building and exchanging encrypted passwords between a client and server |
US6185242B1 (en) * | 2000-05-24 | 2001-02-06 | South Carolina Systems, Inc. | Integral side wall and tap hole cover for an eccentric bottom tap (EBT) electric furnace |
US6189029B1 (en) * | 1996-09-20 | 2001-02-13 | Silicon Graphics, Inc. | Web survey tool builder and result compiler |
US6195644B1 (en) * | 1987-07-08 | 2001-02-27 | Stuart S. Bowie | Computer program and system for credit card companies for recording and processing bonus credits issued to card users |
US20010001144A1 (en) * | 1998-02-27 | 2001-05-10 | Kapp Thomas L. | Pharmacy drug management system providing patient specific drug dosing, drug interaction analysis, order generation, and patient data matching |
US6336104B1 (en) * | 1997-03-21 | 2002-01-01 | Walker Digital, Llc | Method and apparatus for providing and processing installment plans at a terminal |
US20020007313A1 (en) * | 2000-07-12 | 2002-01-17 | Khanh Mai | Credit system |
US20020007460A1 (en) * | 2000-07-14 | 2002-01-17 | Nec Corporation | Single sign-on system and single sign-on method for a web site and recording medium |
US20020010668A1 (en) * | 2000-01-27 | 2002-01-24 | Travis Roger M. | Online merchandising and marketing system |
US20020010599A1 (en) * | 2000-01-12 | 2002-01-24 | Levison Michael D. | Method for targeting insurance policy incentive rewards |
US6343279B1 (en) * | 1998-08-26 | 2002-01-29 | American Management Systems, Inc. | System integrating credit card transactions into a financial management system |
US6345261B1 (en) * | 1999-09-21 | 2002-02-05 | Stockback Holdings, Inc. | Customer loyalty investment program |
US20020019938A1 (en) * | 2000-08-04 | 2002-02-14 | Aarons Michael Thomas | Method and apparatus for secure identification for networked environments |
US20020018585A1 (en) * | 2000-07-19 | 2002-02-14 | Kim Young Wan | System and method for cardless secure credit transaction processing |
US6349336B1 (en) * | 1999-04-26 | 2002-02-19 | Hewlett-Packard Company | Agent/proxy connection control across a firewall |
US6349242B2 (en) * | 1999-02-05 | 2002-02-19 | First Data Corporation | Method for selectively printing messages and adding inserts to merchant statements |
US20020023108A1 (en) * | 1999-09-09 | 2002-02-21 | Neil Daswani | Automatic web form interaction proxy |
US20020091944A1 (en) * | 2001-01-10 | 2002-07-11 | Center 7, Inc. | Reporting and maintenance systems for enterprise management from a central location |
US20020129221A1 (en) * | 2000-12-12 | 2002-09-12 | Evelyn Borgia | System and method for managing global risk |
US20030001888A1 (en) * | 2000-03-01 | 2003-01-02 | Power Mark P J | Data transfer method and apparatus |
US6507912B1 (en) * | 1999-01-27 | 2003-01-14 | International Business Machines Corporation | Protection of biometric data via key-dependent sampling |
US6510523B1 (en) * | 1999-02-22 | 2003-01-21 | Sun Microsystems Inc. | Method and system for providing limited access privileges with an untrusted terminal |
US20030018915A1 (en) * | 2001-07-19 | 2003-01-23 | Louis Stoll | Method and system for user authentication and authorization of services |
US20030023880A1 (en) * | 2001-07-27 | 2003-01-30 | Edwards Nigel John | Multi-domain authorization and authentication |
US20030034388A1 (en) * | 2000-05-15 | 2003-02-20 | Larry Routhenstein | Method for generating customer secure card numbers subject to use restrictions by an electronic card |
US20030037131A1 (en) * | 2001-08-17 | 2003-02-20 | International Business Machines Corporation | User information coordination across multiple domains |
US20030037142A1 (en) * | 1998-10-30 | 2003-02-20 | Science Applications International Corporation | Agile network protocol for secure communications with assured system availability |
US6526404B1 (en) * | 1998-01-30 | 2003-02-25 | Sopheon Edinburgh Limited | Information system using human resource profiles |
US20030040995A1 (en) * | 2001-08-23 | 2003-02-27 | Daddario Donato V. | Benefit provider system and method |
US6675261B2 (en) * | 2000-12-22 | 2004-01-06 | Oblix, Inc. | Request based caching of data store data |
US6678355B2 (en) * | 2000-06-26 | 2004-01-13 | Bearingpoint, Inc. | Testing an operational support system (OSS) of an incumbent provider for compliance with a regulatory scheme |
US6684384B1 (en) * | 1997-03-28 | 2004-01-27 | International Business Machines Corporation | Extensible object oriented framework for general ledger |
US6687222B1 (en) * | 1999-07-02 | 2004-02-03 | Cisco Technology, Inc. | Backup service managers for providing reliable network services in a distributed environment |
US6687245B2 (en) * | 2001-04-03 | 2004-02-03 | Voxpath Networks, Inc. | System and method for performing IP telephony |
US20040031856A1 (en) * | 1998-09-16 | 2004-02-19 | Alon Atsmon | Physical presence digital authentication system |
US6847991B1 (en) * | 2000-09-06 | 2005-01-25 | Cisco Technology, Inc. | Data communication among processes of a network component |
US6983421B1 (en) * | 2001-06-22 | 2006-01-03 | I2 Technologies Us, Inc. | Using connectors to automatically update graphical user interface elements at a client system according to an updated state of a configuration |
US6992786B1 (en) * | 2000-06-27 | 2006-01-31 | Printon Ab | Method and system for online creation and ordering of customized material for printing |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3705385A (en) * | 1969-12-10 | 1972-12-05 | Northern Illinois Gas Co | Remote meter reading system |
US4013962A (en) * | 1975-08-14 | 1977-03-22 | Motorola, Inc. | Improved receiver selecting (voting) system |
-
2003
- 2003-09-17 US US10/664,530 patent/US7234065B2/en active Active
-
2007
- 2007-06-14 US US11/763,030 patent/US20070283171A1/en not_active Abandoned
Patent Citations (102)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3938091A (en) * | 1972-03-17 | 1976-02-10 | Atalla Technovations Company | Personal verification system |
US3860870A (en) * | 1973-01-12 | 1975-01-14 | Nippon Electric Co | Microwave relay system having auxiliary signal transmission arrangement |
US4567359A (en) * | 1984-05-24 | 1986-01-28 | Lockwood Lawrence B | Automatic information, goods and services dispensing system |
US4801787A (en) * | 1985-07-05 | 1989-01-31 | Casio Computer Co., Ltd. | IC card identification system having first and second data identification functions |
US4725719A (en) * | 1986-07-21 | 1988-02-16 | First City National Bank Of Austin | Restricted purpose, commercial, monetary regulation method |
US4799156A (en) * | 1986-10-01 | 1989-01-17 | Strategic Processing Corporation | Interactive market management system |
US6195644B1 (en) * | 1987-07-08 | 2001-02-27 | Stuart S. Bowie | Computer program and system for credit card companies for recording and processing bonus credits issued to card users |
US5084816A (en) * | 1987-11-25 | 1992-01-28 | Bell Communications Research, Inc. | Real time fault tolerant transaction processing system |
US5485370A (en) * | 1988-05-05 | 1996-01-16 | Transaction Technology, Inc. | Home services delivery system with intelligent terminal emulator |
US5287268A (en) * | 1989-01-27 | 1994-02-15 | Mccarthy Patrick D | Centralized consumer cash value accumulation system for multiple merchants |
USRE36116E (en) * | 1989-01-27 | 1999-02-23 | Mccarthy; Patrick D. | Centralized consumer cash value accumulation system for multiple merchants |
US4992940A (en) * | 1989-03-13 | 1991-02-12 | H-Renee, Incorporated | System and method for automated selection of equipment for purchase through input of user desired specifications |
US5592560A (en) * | 1989-05-01 | 1997-01-07 | Credit Verification Corporation | Method and system for building a database and performing marketing based upon prior shopping history |
US5189606A (en) * | 1989-08-30 | 1993-02-23 | The United States Of America As Represented By The Secretary Of The Air Force | Totally integrated construction cost estimating, analysis, and reporting system |
US5870724A (en) * | 1989-12-08 | 1999-02-09 | Online Resources & Communications Corporation | Targeting advertising in a home retail banking delivery service |
US5606496A (en) * | 1990-08-14 | 1997-02-25 | Aegis Technologies, Inc. | Personal assistant computer method |
US5873072A (en) * | 1991-07-25 | 1999-02-16 | Checkfree Corporation | System and method for electronically providing customer services including payment of bills, financial analysis and loans |
US5381332A (en) * | 1991-12-09 | 1995-01-10 | Motorola, Inc. | Project management system with automated schedule and cost integration |
US5598557A (en) * | 1992-09-22 | 1997-01-28 | Caere Corporation | Apparatus and method for retrieving and grouping images representing text files based on the relevance of key words extracted from a selected file to the text files |
US5602936A (en) * | 1993-01-21 | 1997-02-11 | Greenway Corporation | Method of and apparatus for document data recapture |
US5594837A (en) * | 1993-01-29 | 1997-01-14 | Noyes; Dallas B. | Method for representation of knowledge in a computer as a network database system |
US5592553A (en) * | 1993-07-30 | 1997-01-07 | International Business Machines Corporation | Authentication system using one-time passwords |
US6182052B1 (en) * | 1994-06-06 | 2001-01-30 | Huntington Bancshares Incorporated | Communications network interface for user friendly interactive access to online services |
US5603025A (en) * | 1994-07-29 | 1997-02-11 | Borland International, Inc. | Methods for hypertext reporting in a relational database management system |
US5592378A (en) * | 1994-08-19 | 1997-01-07 | Andersen Consulting Llp | Computerized order entry system and method |
US5604490A (en) * | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
US5715314A (en) * | 1994-10-24 | 1998-02-03 | Open Market, Inc. | Network sales system |
US5857079A (en) * | 1994-12-23 | 1999-01-05 | Lucent Technologies Inc. | Smart card for automatic financial records |
US6016810A (en) * | 1995-01-31 | 2000-01-25 | Boston Scientific Corporation | Endovasular aortic graft |
US5710889A (en) * | 1995-02-22 | 1998-01-20 | Citibank, N.A. | Interface device for electronically integrating global financial services |
US5715399A (en) * | 1995-03-30 | 1998-02-03 | Amazon.Com, Inc. | Secure method and system for communicating a list of credit card numbers over a non-secure network |
US5866889A (en) * | 1995-06-07 | 1999-02-02 | Citibank, N.A. | Integrated full service consumer banking system and system and method for opening an account |
US6026429A (en) * | 1995-06-07 | 2000-02-15 | America Online, Inc. | Seamless integration of internet resources |
US5710886A (en) * | 1995-06-16 | 1998-01-20 | Sellectsoft, L.C. | Electric couponing method and apparatus |
US5871398A (en) * | 1995-06-30 | 1999-02-16 | Walker Asset Management Limited Partnership | Off-line remote system for lotteries and games of skill |
US6024640A (en) * | 1995-06-30 | 2000-02-15 | Walker Asset Management Limited Partnership | Off-line remote lottery system |
US5870725A (en) * | 1995-08-11 | 1999-02-09 | Wachovia Corporation | High volume financial image media creation and display system and method |
US5710887A (en) * | 1995-08-29 | 1998-01-20 | Broadvision | Computer system and method for electronic commerce |
US5715450A (en) * | 1995-09-27 | 1998-02-03 | Siebel Systems, Inc. | Method of selecting and presenting data from a database using a query language to a user of a computer system |
US5715402A (en) * | 1995-11-09 | 1998-02-03 | Spot Metals Online | Method and system for matching sellers and buyers of spot metals |
US5862323A (en) * | 1995-11-13 | 1999-01-19 | International Business Machines Corporation | Retrieving plain-text passwords from a main registry by a plurality of foreign registries |
US5870718A (en) * | 1996-02-26 | 1999-02-09 | Spector; Donald | Computer-printer terminal for producing composite greeting and gift certificate card |
US6014645A (en) * | 1996-04-19 | 2000-01-11 | Block Financial Corporation | Real-time financial card application system |
US6032147A (en) * | 1996-04-24 | 2000-02-29 | Linguateq, Inc. | Method and apparatus for rationalizing different data formats in a data management system |
US5715298A (en) * | 1996-05-16 | 1998-02-03 | Telepay | Automated interactive bill payment system using debit cards |
US6014638A (en) * | 1996-05-29 | 2000-01-11 | America Online, Inc. | System for customizing computer displays in accordance with user preferences |
US5862223A (en) * | 1996-07-24 | 1999-01-19 | Walker Asset Management Limited Partnership | Method and apparatus for a cryptographically-assisted commercial network system designed to facilitate and support expert-based commerce |
US6189029B1 (en) * | 1996-09-20 | 2001-02-13 | Silicon Graphics, Inc. | Web survey tool builder and result compiler |
US6012088A (en) * | 1996-12-10 | 2000-01-04 | International Business Machines Corporation | Automatic configuration for internet access device |
US6014641A (en) * | 1996-12-11 | 2000-01-11 | Walker Asset Management Limited Partnership | Method and apparatus for providing open-ended subscriptions to commodity items normally available only through term-based subscriptions |
US6012983A (en) * | 1996-12-30 | 2000-01-11 | Walker Asset Management Limited Partnership | Automated play gaming device |
US6182225B1 (en) * | 1997-02-03 | 2001-01-30 | Canon Kabushiki Kaisha | Network data base control device and method thereof |
US5864830A (en) * | 1997-02-13 | 1999-01-26 | Armetta; David | Data processing method of configuring and monitoring a satellite spending card linked to a host credit card |
US6336104B1 (en) * | 1997-03-21 | 2002-01-01 | Walker Digital, Llc | Method and apparatus for providing and processing installment plans at a terminal |
US6684384B1 (en) * | 1997-03-28 | 2004-01-27 | International Business Machines Corporation | Extensible object oriented framework for general ledger |
US6010404A (en) * | 1997-04-03 | 2000-01-04 | Walker Asset Management Limited Partnership | Method and apparatus for using a player input code to affect a gambling outcome |
US6014439A (en) * | 1997-04-08 | 2000-01-11 | Walker Asset Management Limited Partnership | Method and apparatus for entertaining callers in a queue |
US6014636A (en) * | 1997-05-06 | 2000-01-11 | Lucent Technologies Inc. | Point of sale method and system |
US6016476A (en) * | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
US6018718A (en) * | 1997-08-28 | 2000-01-25 | Walker Asset Management Limited Partnership | Method and system for processing customized reward offers |
US5873096A (en) * | 1997-10-08 | 1999-02-16 | Siebel Systems, Inc. | Method of maintaining a network of partially replicated database system |
US6026398A (en) * | 1997-10-16 | 2000-02-15 | Imarket, Incorporated | System and methods for searching and matching databases |
US6018714A (en) * | 1997-11-08 | 2000-01-25 | Ip Value, Llc | Method of protecting against a change in value of intellectual property, and product providing such protection |
US6014635A (en) * | 1997-12-08 | 2000-01-11 | Shc Direct, Inc. | System and method for providing a discount credit transaction network |
US6526404B1 (en) * | 1998-01-30 | 2003-02-25 | Sopheon Edinburgh Limited | Information system using human resource profiles |
US20010001144A1 (en) * | 1998-02-27 | 2001-05-10 | Kapp Thomas L. | Pharmacy drug management system providing patient specific drug dosing, drug interaction analysis, order generation, and patient data matching |
US6182220B1 (en) * | 1998-03-30 | 2001-01-30 | International Business Machines Corporation | System and method for building and exchanging encrypted passwords between a client and server |
US6178511B1 (en) * | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
US6182142B1 (en) * | 1998-07-10 | 2001-01-30 | Encommerce, Inc. | Distributed access management of information resources |
US6343279B1 (en) * | 1998-08-26 | 2002-01-29 | American Management Systems, Inc. | System integrating credit card transactions into a financial management system |
US6170011B1 (en) * | 1998-09-11 | 2001-01-02 | Genesys Telecommunications Laboratories, Inc. | Method and apparatus for determining and initiating interaction directionality within a multimedia communication center |
US20040031856A1 (en) * | 1998-09-16 | 2004-02-19 | Alon Atsmon | Physical presence digital authentication system |
US20030037142A1 (en) * | 1998-10-30 | 2003-02-20 | Science Applications International Corporation | Agile network protocol for secure communications with assured system availability |
US6032134A (en) * | 1998-11-18 | 2000-02-29 | Weissman; Steven I. | Credit card billing system for identifying expenditures on a credit card account |
US6507912B1 (en) * | 1999-01-27 | 2003-01-14 | International Business Machines Corporation | Protection of biometric data via key-dependent sampling |
US6349242B2 (en) * | 1999-02-05 | 2002-02-19 | First Data Corporation | Method for selectively printing messages and adding inserts to merchant statements |
US6510523B1 (en) * | 1999-02-22 | 2003-01-21 | Sun Microsystems Inc. | Method and system for providing limited access privileges with an untrusted terminal |
US6349336B1 (en) * | 1999-04-26 | 2002-02-19 | Hewlett-Packard Company | Agent/proxy connection control across a firewall |
US6687222B1 (en) * | 1999-07-02 | 2004-02-03 | Cisco Technology, Inc. | Backup service managers for providing reliable network services in a distributed environment |
US20020023108A1 (en) * | 1999-09-09 | 2002-02-21 | Neil Daswani | Automatic web form interaction proxy |
US6345261B1 (en) * | 1999-09-21 | 2002-02-05 | Stockback Holdings, Inc. | Customer loyalty investment program |
US20020010599A1 (en) * | 2000-01-12 | 2002-01-24 | Levison Michael D. | Method for targeting insurance policy incentive rewards |
US20020010668A1 (en) * | 2000-01-27 | 2002-01-24 | Travis Roger M. | Online merchandising and marketing system |
US20030001888A1 (en) * | 2000-03-01 | 2003-01-02 | Power Mark P J | Data transfer method and apparatus |
US20030034388A1 (en) * | 2000-05-15 | 2003-02-20 | Larry Routhenstein | Method for generating customer secure card numbers subject to use restrictions by an electronic card |
US6185242B1 (en) * | 2000-05-24 | 2001-02-06 | South Carolina Systems, Inc. | Integral side wall and tap hole cover for an eccentric bottom tap (EBT) electric furnace |
US6678355B2 (en) * | 2000-06-26 | 2004-01-13 | Bearingpoint, Inc. | Testing an operational support system (OSS) of an incumbent provider for compliance with a regulatory scheme |
US6992786B1 (en) * | 2000-06-27 | 2006-01-31 | Printon Ab | Method and system for online creation and ordering of customized material for printing |
US20020007313A1 (en) * | 2000-07-12 | 2002-01-17 | Khanh Mai | Credit system |
US20020007460A1 (en) * | 2000-07-14 | 2002-01-17 | Nec Corporation | Single sign-on system and single sign-on method for a web site and recording medium |
US20020018585A1 (en) * | 2000-07-19 | 2002-02-14 | Kim Young Wan | System and method for cardless secure credit transaction processing |
US20020019938A1 (en) * | 2000-08-04 | 2002-02-14 | Aarons Michael Thomas | Method and apparatus for secure identification for networked environments |
US6847991B1 (en) * | 2000-09-06 | 2005-01-25 | Cisco Technology, Inc. | Data communication among processes of a network component |
US20020129221A1 (en) * | 2000-12-12 | 2002-09-12 | Evelyn Borgia | System and method for managing global risk |
US6675261B2 (en) * | 2000-12-22 | 2004-01-06 | Oblix, Inc. | Request based caching of data store data |
US20020091944A1 (en) * | 2001-01-10 | 2002-07-11 | Center 7, Inc. | Reporting and maintenance systems for enterprise management from a central location |
US6687245B2 (en) * | 2001-04-03 | 2004-02-03 | Voxpath Networks, Inc. | System and method for performing IP telephony |
US6983421B1 (en) * | 2001-06-22 | 2006-01-03 | I2 Technologies Us, Inc. | Using connectors to automatically update graphical user interface elements at a client system according to an updated state of a configuration |
US20030018915A1 (en) * | 2001-07-19 | 2003-01-23 | Louis Stoll | Method and system for user authentication and authorization of services |
US20030023880A1 (en) * | 2001-07-27 | 2003-01-30 | Edwards Nigel John | Multi-domain authorization and authentication |
US20030037131A1 (en) * | 2001-08-17 | 2003-02-20 | International Business Machines Corporation | User information coordination across multiple domains |
US20030040995A1 (en) * | 2001-08-23 | 2003-02-27 | Daddario Donato V. | Benefit provider system and method |
Cited By (320)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7809595B2 (en) | 2002-09-17 | 2010-10-05 | Jpmorgan Chase Bank, Na | System and method for managing risks associated with outside service providers |
US20040193907A1 (en) * | 2003-03-28 | 2004-09-30 | Joseph Patanella | Methods and systems for assessing and advising on electronic compliance |
US8201256B2 (en) * | 2003-03-28 | 2012-06-12 | Trustwave Holdings, Inc. | Methods and systems for assessing and advising on electronic compliance |
US20050027575A1 (en) * | 2003-07-30 | 2005-02-03 | International Business Machines Corporation | Customer relationship management system with compliance tracking capabilities |
US8005700B2 (en) * | 2003-07-30 | 2011-08-23 | International Business Machines Corporation | Customer relationship management system with compliance tracking capabilities |
AU2008100458B4 (en) * | 2008-04-30 | 2008-10-02 | Anthony Sork | Attachment measurement device, system and methodology |
US20100257577A1 (en) * | 2009-04-03 | 2010-10-07 | International Business Machines Corporation | Managing privacy settings for a social network |
US8234688B2 (en) | 2009-04-03 | 2012-07-31 | International Business Machines Corporation | Managing privacy settings for a social network |
US9704203B2 (en) | 2009-07-31 | 2017-07-11 | International Business Machines Corporation | Providing and managing privacy scores |
US20110029566A1 (en) * | 2009-07-31 | 2011-02-03 | International Business Machines Corporation | Providing and managing privacy scores |
US10789656B2 (en) | 2009-07-31 | 2020-09-29 | International Business Machines Corporation | Providing and managing privacy scores |
US10171658B2 (en) | 2010-03-24 | 2019-01-01 | Jpmorgan Chase Bank, N.A. | System and method for managing customer communications over communication channels |
US8473324B2 (en) | 2010-04-30 | 2013-06-25 | Bank Of America Corporation | Assessment of risk associated with international cross border data movement |
WO2011136891A1 (en) * | 2010-04-30 | 2011-11-03 | Bank Of America Corporation | International cross border data movement |
US8983918B2 (en) | 2010-04-30 | 2015-03-17 | Bank Of America Corporation | International cross border data movement |
US9111278B1 (en) | 2010-07-02 | 2015-08-18 | Jpmorgan Chase Bank, N.A. | Method and system for determining point of sale authorization |
US8554631B1 (en) | 2010-07-02 | 2013-10-08 | Jpmorgan Chase Bank, N.A. | Method and system for determining point of sale authorization |
US10250748B1 (en) | 2012-01-30 | 2019-04-02 | Jpmorgan Chase Bank, N.A. | System and method for unified calling |
US10289867B2 (en) | 2014-07-27 | 2019-05-14 | OneTrust, LLC | Data processing systems for webform crawling to map processing activities and related methods |
WO2017086926A1 (en) * | 2015-11-17 | 2017-05-26 | Hewlett Packard Enterprise Development Lp | Privacy risk assessments |
US10963571B2 (en) * | 2015-11-17 | 2021-03-30 | Micro Focus Llc | Privacy risk assessments |
US9892443B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems for modifying privacy campaign data via electronic messaging systems |
US10176502B2 (en) | 2016-04-01 | 2019-01-08 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US9892441B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns |
US9892444B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US9892442B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US9898769B2 (en) | 2016-04-01 | 2018-02-20 | OneTrust, LLC | Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications |
US10956952B2 (en) | 2016-04-01 | 2021-03-23 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US10853859B2 (en) | 2016-04-01 | 2020-12-01 | OneTrust, LLC | Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns |
US10026110B2 (en) | 2016-04-01 | 2018-07-17 | OneTrust, LLC | Data processing systems and methods for generating personal data inventories for organizations and other entities |
US9892477B2 (en) | 2016-04-01 | 2018-02-13 | OneTrust, LLC | Data processing systems and methods for implementing audit schedules for privacy campaigns |
US10706447B2 (en) | 2016-04-01 | 2020-07-07 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US10423996B2 (en) | 2016-04-01 | 2019-09-24 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US11004125B2 (en) | 2016-04-01 | 2021-05-11 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US11244367B2 (en) | 2016-04-01 | 2022-02-08 | OneTrust, LLC | Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design |
US10169788B2 (en) | 2016-04-01 | 2019-01-01 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US10169789B2 (en) | 2016-04-01 | 2019-01-01 | OneTrust, LLC | Data processing systems for modifying privacy campaign data via electronic messaging systems |
US10169790B2 (en) | 2016-04-01 | 2019-01-01 | OneTrust, LLC | Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications |
US11651402B2 (en) | 2016-04-01 | 2023-05-16 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of risk assessments |
US10176503B2 (en) | 2016-04-01 | 2019-01-08 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US10949565B2 (en) | 2016-06-10 | 2021-03-16 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11030274B2 (en) | 2016-06-10 | 2021-06-08 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US10181019B2 (en) | 2016-06-10 | 2019-01-15 | OneTrust, LLC | Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design |
US10181051B2 (en) | 2016-06-10 | 2019-01-15 | OneTrust, LLC | Data processing systems for generating and populating a data inventory for processing data access requests |
US10204154B2 (en) | 2016-06-10 | 2019-02-12 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10235534B2 (en) | 2016-06-10 | 2019-03-19 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
US10242228B2 (en) | 2016-06-10 | 2019-03-26 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10165011B2 (en) | 2016-06-10 | 2018-12-25 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10275614B2 (en) | 2016-06-10 | 2019-04-30 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10282692B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10282700B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10282370B1 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10284604B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US10282559B2 (en) | 2016-06-10 | 2019-05-07 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10289866B2 (en) | 2016-06-10 | 2019-05-14 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10158676B2 (en) | 2016-06-10 | 2018-12-18 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10289870B2 (en) | 2016-06-10 | 2019-05-14 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10318761B2 (en) | 2016-06-10 | 2019-06-11 | OneTrust, LLC | Data processing systems and methods for auditing data request compliance |
US10346637B2 (en) | 2016-06-10 | 2019-07-09 | OneTrust, LLC | Data processing systems for the identification and deletion of personal data in computer systems |
US10346638B2 (en) | 2016-06-10 | 2019-07-09 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US10346598B2 (en) | 2016-06-10 | 2019-07-09 | OneTrust, LLC | Data processing systems for monitoring user system inputs and related methods |
US10348775B2 (en) | 2016-06-10 | 2019-07-09 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10353673B2 (en) | 2016-06-10 | 2019-07-16 | OneTrust, LLC | Data processing systems for integration of consumer feedback with data subject access requests and related methods |
US10354089B2 (en) | 2016-06-10 | 2019-07-16 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10353674B2 (en) | 2016-06-10 | 2019-07-16 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US10416966B2 (en) | 2016-06-10 | 2019-09-17 | OneTrust, LLC | Data processing systems for identity validation of data subject access requests and related methods |
US10419493B2 (en) | 2016-06-10 | 2019-09-17 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10417450B2 (en) | 2016-06-10 | 2019-09-17 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
US10102533B2 (en) | 2016-06-10 | 2018-10-16 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US10430740B2 (en) | 2016-06-10 | 2019-10-01 | One Trust, LLC | Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods |
US10438017B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10437860B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10437412B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Consent receipt management systems and related methods |
US10440062B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Consent receipt management systems and related methods |
US10438016B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10438020B2 (en) | 2016-06-10 | 2019-10-08 | OneTrust, LLC | Data processing systems for generating and populating a data inventory for processing data access requests |
US10445526B2 (en) | 2016-06-10 | 2019-10-15 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10452864B2 (en) | 2016-06-10 | 2019-10-22 | OneTrust, LLC | Data processing systems for webform crawling to map processing activities and related methods |
US10452866B2 (en) | 2016-06-10 | 2019-10-22 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10454973B2 (en) | 2016-06-10 | 2019-10-22 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10467432B2 (en) | 2016-06-10 | 2019-11-05 | OneTrust, LLC | Data processing systems for use in automatically generating, populating, and submitting data subject access requests |
US10496846B1 (en) | 2016-06-10 | 2019-12-03 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US10496803B2 (en) | 2016-06-10 | 2019-12-03 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US10498770B2 (en) | 2016-06-10 | 2019-12-03 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10503926B2 (en) | 2016-06-10 | 2019-12-10 | OneTrust, LLC | Consent receipt management systems and related methods |
US10509894B2 (en) | 2016-06-10 | 2019-12-17 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US10509920B2 (en) | 2016-06-10 | 2019-12-17 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10510031B2 (en) | 2016-06-10 | 2019-12-17 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10558821B2 (en) | 2016-06-10 | 2020-02-11 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10565161B2 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10567439B2 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10565397B1 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10565236B1 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10564936B2 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for identity validation of data subject access requests and related methods |
US10564935B2 (en) | 2016-06-10 | 2020-02-18 | OneTrust, LLC | Data processing systems for integration of consumer feedback with data subject access requests and related methods |
US10574705B2 (en) | 2016-06-10 | 2020-02-25 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US10572686B2 (en) | 2016-06-10 | 2020-02-25 | OneTrust, LLC | Consent receipt management systems and related methods |
US10586075B2 (en) | 2016-06-10 | 2020-03-10 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US10585968B2 (en) | 2016-06-10 | 2020-03-10 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10586072B2 (en) | 2016-06-10 | 2020-03-10 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10592692B2 (en) | 2016-06-10 | 2020-03-17 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US10592648B2 (en) | 2016-06-10 | 2020-03-17 | OneTrust, LLC | Consent receipt management systems and related methods |
US10594740B2 (en) | 2016-06-10 | 2020-03-17 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10599870B2 (en) | 2016-06-10 | 2020-03-24 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10606916B2 (en) | 2016-06-10 | 2020-03-31 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US10607028B2 (en) | 2016-06-10 | 2020-03-31 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US10614247B2 (en) | 2016-06-10 | 2020-04-07 | OneTrust, LLC | Data processing systems for automated classification of personal information from documents and related methods |
US10614246B2 (en) | 2016-06-10 | 2020-04-07 | OneTrust, LLC | Data processing systems and methods for auditing data request compliance |
US10642870B2 (en) | 2016-06-10 | 2020-05-05 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US10678945B2 (en) | 2016-06-10 | 2020-06-09 | OneTrust, LLC | Consent receipt management systems and related methods |
US10685140B2 (en) | 2016-06-10 | 2020-06-16 | OneTrust, LLC | Consent receipt management systems and related methods |
US10692033B2 (en) | 2016-06-10 | 2020-06-23 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US10708305B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Automated data processing systems and methods for automatically processing requests for privacy-related information |
US10706176B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data-processing consent refresh, re-prompt, and recapture systems and related methods |
US12086748B2 (en) | 2016-06-10 | 2024-09-10 | OneTrust, LLC | Data processing systems for assessing readiness for responding to privacy-related incidents |
US10706379B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems for automatic preparation for remediation and related methods |
US10706174B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems for prioritizing data subject access requests for fulfillment and related methods |
US10706131B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems and methods for efficiently assessing the risk of privacy campaigns |
US10705801B2 (en) | 2016-06-10 | 2020-07-07 | OneTrust, LLC | Data processing systems for identity validation of data subject access requests and related methods |
US10713387B2 (en) | 2016-06-10 | 2020-07-14 | OneTrust, LLC | Consent conversion optimization systems and related methods |
US10726158B2 (en) | 2016-06-10 | 2020-07-28 | OneTrust, LLC | Consent receipt management and automated process blocking systems and related methods |
US10740487B2 (en) | 2016-06-10 | 2020-08-11 | OneTrust, LLC | Data processing systems and methods for populating and maintaining a centralized database of personal data |
US10754981B2 (en) | 2016-06-10 | 2020-08-25 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10762236B2 (en) | 2016-06-10 | 2020-09-01 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US10769303B2 (en) | 2016-06-10 | 2020-09-08 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US10769301B2 (en) | 2016-06-10 | 2020-09-08 | OneTrust, LLC | Data processing systems for webform crawling to map processing activities and related methods |
US10769302B2 (en) | 2016-06-10 | 2020-09-08 | OneTrust, LLC | Consent receipt management systems and related methods |
US10776515B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10776517B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods |
US10776518B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Consent receipt management systems and related methods |
US10776514B2 (en) | 2016-06-10 | 2020-09-15 | OneTrust, LLC | Data processing systems for the identification and deletion of personal data in computer systems |
US10783256B2 (en) | 2016-06-10 | 2020-09-22 | OneTrust, LLC | Data processing systems for data transfer risk identification and related methods |
US10032172B2 (en) | 2016-06-10 | 2018-07-24 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10791150B2 (en) | 2016-06-10 | 2020-09-29 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US10798133B2 (en) | 2016-06-10 | 2020-10-06 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10796260B2 (en) | 2016-06-10 | 2020-10-06 | OneTrust, LLC | Privacy management systems and methods |
US10796020B2 (en) | 2016-06-10 | 2020-10-06 | OneTrust, LLC | Consent receipt management systems and related methods |
US10803198B2 (en) | 2016-06-10 | 2020-10-13 | OneTrust, LLC | Data processing systems for use in automatically generating, populating, and submitting data subject access requests |
US10803199B2 (en) | 2016-06-10 | 2020-10-13 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US12052289B2 (en) | 2016-06-10 | 2024-07-30 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10805354B2 (en) | 2016-06-10 | 2020-10-13 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US10803097B2 (en) | 2016-06-10 | 2020-10-13 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10803200B2 (en) | 2016-06-10 | 2020-10-13 | OneTrust, LLC | Data processing systems for processing and managing data subject access in a distributed environment |
US10839102B2 (en) | 2016-06-10 | 2020-11-17 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US10848523B2 (en) | 2016-06-10 | 2020-11-24 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10846261B2 (en) | 2016-06-10 | 2020-11-24 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US10846433B2 (en) | 2016-06-10 | 2020-11-24 | OneTrust, LLC | Data processing consent management systems and related methods |
US10853501B2 (en) | 2016-06-10 | 2020-12-01 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US10019597B2 (en) | 2016-06-10 | 2018-07-10 | OneTrust, LLC | Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design |
US10867072B2 (en) | 2016-06-10 | 2020-12-15 | OneTrust, LLC | Data processing systems for measuring privacy maturity within an organization |
US10867007B2 (en) | 2016-06-10 | 2020-12-15 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10873606B2 (en) | 2016-06-10 | 2020-12-22 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US10878127B2 (en) | 2016-06-10 | 2020-12-29 | OneTrust, LLC | Data subject access request processing systems and related methods |
US10885485B2 (en) | 2016-06-10 | 2021-01-05 | OneTrust, LLC | Privacy management systems and methods |
US10896394B2 (en) | 2016-06-10 | 2021-01-19 | OneTrust, LLC | Privacy management systems and methods |
US10909265B2 (en) | 2016-06-10 | 2021-02-02 | OneTrust, LLC | Application privacy scanning systems and related methods |
US10909488B2 (en) | 2016-06-10 | 2021-02-02 | OneTrust, LLC | Data processing systems for assessing readiness for responding to privacy-related incidents |
US10929559B2 (en) | 2016-06-10 | 2021-02-23 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US10944725B2 (en) | 2016-06-10 | 2021-03-09 | OneTrust, LLC | Data processing systems and methods for using a data model to select a target data asset in a data migration |
US10949170B2 (en) | 2016-06-10 | 2021-03-16 | OneTrust, LLC | Data processing systems for integration of consumer feedback with data subject access requests and related methods |
US12045266B2 (en) | 2016-06-10 | 2024-07-23 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10949567B2 (en) | 2016-06-10 | 2021-03-16 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10949544B2 (en) | 2016-06-10 | 2021-03-16 | OneTrust, LLC | Data processing systems for data transfer risk identification and related methods |
US9882935B2 (en) | 2016-06-10 | 2018-01-30 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US12026651B2 (en) | 2016-06-10 | 2024-07-02 | OneTrust, LLC | Data processing systems and methods for providing training in a vendor procurement process |
US11960564B2 (en) | 2016-06-10 | 2024-04-16 | OneTrust, LLC | Data processing systems and methods for automatically blocking the use of tracking tools |
US10970675B2 (en) | 2016-06-10 | 2021-04-06 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US10972509B2 (en) | 2016-06-10 | 2021-04-06 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US10970371B2 (en) | 2016-06-10 | 2021-04-06 | OneTrust, LLC | Consent receipt management systems and related methods |
US10984132B2 (en) | 2016-06-10 | 2021-04-20 | OneTrust, LLC | Data processing systems and methods for populating and maintaining a centralized database of personal data |
US10997315B2 (en) | 2016-06-10 | 2021-05-04 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US10997318B2 (en) | 2016-06-10 | 2021-05-04 | OneTrust, LLC | Data processing systems for generating and populating a data inventory for processing data access requests |
US10997542B2 (en) | 2016-06-10 | 2021-05-04 | OneTrust, LLC | Privacy management systems and methods |
US9851966B1 (en) | 2016-06-10 | 2017-12-26 | OneTrust, LLC | Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design |
US20210142239A1 (en) * | 2016-06-10 | 2021-05-13 | OneTrust, LLC | Data processing systems and methods for estimating vendor procurement timing |
US11023842B2 (en) | 2016-06-10 | 2021-06-01 | OneTrust, LLC | Data processing systems and methods for bundled privacy policies |
US11023616B2 (en) | 2016-06-10 | 2021-06-01 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US11025675B2 (en) | 2016-06-10 | 2021-06-01 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US11030563B2 (en) | 2016-06-10 | 2021-06-08 | OneTrust, LLC | Privacy management systems and methods |
US10169609B1 (en) | 2016-06-10 | 2019-01-01 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US11030327B2 (en) | 2016-06-10 | 2021-06-08 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11036882B2 (en) | 2016-06-10 | 2021-06-15 | OneTrust, LLC | Data processing systems for processing and managing data subject access in a distributed environment |
US11038925B2 (en) | 2016-06-10 | 2021-06-15 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11036771B2 (en) | 2016-06-10 | 2021-06-15 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11036674B2 (en) | 2016-06-10 | 2021-06-15 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US11057356B2 (en) | 2016-06-10 | 2021-07-06 | OneTrust, LLC | Automated data processing systems and methods for automatically processing data subject access requests using a chatbot |
US11062051B2 (en) | 2016-06-10 | 2021-07-13 | OneTrust, LLC | Consent receipt management systems and related methods |
US11068618B2 (en) | 2016-06-10 | 2021-07-20 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US11070593B2 (en) | 2016-06-10 | 2021-07-20 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11074367B2 (en) | 2016-06-10 | 2021-07-27 | OneTrust, LLC | Data processing systems for identity validation for consumer rights requests and related methods |
US11087260B2 (en) | 2016-06-10 | 2021-08-10 | OneTrust, LLC | Data processing systems and methods for customizing privacy training |
US11100445B2 (en) | 2016-06-10 | 2021-08-24 | OneTrust, LLC | Data processing systems for assessing readiness for responding to privacy-related incidents |
US11100444B2 (en) | 2016-06-10 | 2021-08-24 | OneTrust, LLC | Data processing systems and methods for providing training in a vendor procurement process |
US11113416B2 (en) | 2016-06-10 | 2021-09-07 | OneTrust, LLC | Application privacy scanning systems and related methods |
US11120162B2 (en) | 2016-06-10 | 2021-09-14 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US11120161B2 (en) | 2016-06-10 | 2021-09-14 | OneTrust, LLC | Data subject access request processing systems and related methods |
US11122011B2 (en) | 2016-06-10 | 2021-09-14 | OneTrust, LLC | Data processing systems and methods for using a data model to select a target data asset in a data migration |
US11126748B2 (en) | 2016-06-10 | 2021-09-21 | OneTrust, LLC | Data processing consent management systems and related methods |
US11134086B2 (en) | 2016-06-10 | 2021-09-28 | OneTrust, LLC | Consent conversion optimization systems and related methods |
US11138336B2 (en) * | 2016-06-10 | 2021-10-05 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11138242B2 (en) | 2016-06-10 | 2021-10-05 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US11138318B2 (en) | 2016-06-10 | 2021-10-05 | OneTrust, LLC | Data processing systems for data transfer risk identification and related methods |
US11138299B2 (en) | 2016-06-10 | 2021-10-05 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11146566B2 (en) | 2016-06-10 | 2021-10-12 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US11144622B2 (en) | 2016-06-10 | 2021-10-12 | OneTrust, LLC | Privacy management systems and methods |
US11144670B2 (en) | 2016-06-10 | 2021-10-12 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US11921894B2 (en) | 2016-06-10 | 2024-03-05 | OneTrust, LLC | Data processing systems for generating and populating a data inventory for processing data access requests |
US11151233B2 (en) | 2016-06-10 | 2021-10-19 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11868507B2 (en) | 2016-06-10 | 2024-01-09 | OneTrust, LLC | Data processing systems for cookie compliance testing with website scanning and related methods |
US11157600B2 (en) | 2016-06-10 | 2021-10-26 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11182501B2 (en) | 2016-06-10 | 2021-11-23 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
US11188862B2 (en) | 2016-06-10 | 2021-11-30 | OneTrust, LLC | Privacy management systems and methods |
US11847182B2 (en) | 2016-06-10 | 2023-12-19 | OneTrust, LLC | Data processing consent capture systems and related methods |
US11188615B2 (en) | 2016-06-10 | 2021-11-30 | OneTrust, LLC | Data processing consent capture systems and related methods |
US11195134B2 (en) | 2016-06-10 | 2021-12-07 | OneTrust, LLC | Privacy management systems and methods |
US11200341B2 (en) | 2016-06-10 | 2021-12-14 | OneTrust, LLC | Consent receipt management systems and related methods |
US11210420B2 (en) | 2016-06-10 | 2021-12-28 | OneTrust, LLC | Data subject access request processing systems and related methods |
US11222142B2 (en) | 2016-06-10 | 2022-01-11 | OneTrust, LLC | Data processing systems for validating authorization for personal data collection, storage, and processing |
US11222309B2 (en) | 2016-06-10 | 2022-01-11 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11222139B2 (en) | 2016-06-10 | 2022-01-11 | OneTrust, LLC | Data processing systems and methods for automatic discovery and assessment of mobile software development kits |
US11227247B2 (en) | 2016-06-10 | 2022-01-18 | OneTrust, LLC | Data processing systems and methods for bundled privacy policies |
US11228620B2 (en) | 2016-06-10 | 2022-01-18 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11240273B2 (en) | 2016-06-10 | 2022-02-01 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US11238390B2 (en) | 2016-06-10 | 2022-02-01 | OneTrust, LLC | Privacy management systems and methods |
WO2017214603A1 (en) * | 2016-06-10 | 2017-12-14 | OneTrust, LLC | Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments |
US11244072B2 (en) | 2016-06-10 | 2022-02-08 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US11244071B2 (en) | 2016-06-10 | 2022-02-08 | OneTrust, LLC | Data processing systems for use in automatically generating, populating, and submitting data subject access requests |
US11256777B2 (en) | 2016-06-10 | 2022-02-22 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US11277448B2 (en) | 2016-06-10 | 2022-03-15 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11294939B2 (en) | 2016-06-10 | 2022-04-05 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US11295316B2 (en) | 2016-06-10 | 2022-04-05 | OneTrust, LLC | Data processing systems for identity validation for consumer rights requests and related methods |
US11301589B2 (en) | 2016-06-10 | 2022-04-12 | OneTrust, LLC | Consent receipt management systems and related methods |
US11301796B2 (en) | 2016-06-10 | 2022-04-12 | OneTrust, LLC | Data processing systems and methods for customizing privacy training |
US11308435B2 (en) | 2016-06-10 | 2022-04-19 | OneTrust, LLC | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques |
US11328092B2 (en) | 2016-06-10 | 2022-05-10 | OneTrust, LLC | Data processing systems for processing and managing data subject access in a distributed environment |
US11328240B2 (en) | 2016-06-10 | 2022-05-10 | OneTrust, LLC | Data processing systems for assessing readiness for responding to privacy-related incidents |
US11334681B2 (en) | 2016-06-10 | 2022-05-17 | OneTrust, LLC | Application privacy scanning systems and related meihods |
US11334682B2 (en) | 2016-06-10 | 2022-05-17 | OneTrust, LLC | Data subject access request processing systems and related methods |
US11336697B2 (en) | 2016-06-10 | 2022-05-17 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11343284B2 (en) | 2016-06-10 | 2022-05-24 | OneTrust, LLC | Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance |
US11341447B2 (en) * | 2016-06-10 | 2022-05-24 | OneTrust, LLC | Privacy management systems and methods |
US11347889B2 (en) | 2016-06-10 | 2022-05-31 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11354434B2 (en) | 2016-06-10 | 2022-06-07 | OneTrust, LLC | Data processing systems for verification of consent and notice processing and related methods |
US11354435B2 (en) | 2016-06-10 | 2022-06-07 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US11361057B2 (en) | 2016-06-10 | 2022-06-14 | OneTrust, LLC | Consent receipt management systems and related methods |
US11366786B2 (en) | 2016-06-10 | 2022-06-21 | OneTrust, LLC | Data processing systems for processing data subject access requests |
US11366909B2 (en) | 2016-06-10 | 2022-06-21 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11727141B2 (en) | 2016-06-10 | 2023-08-15 | OneTrust, LLC | Data processing systems and methods for synching privacy-related user consent across multiple computing devices |
US11392720B2 (en) | 2016-06-10 | 2022-07-19 | OneTrust, LLC | Data processing systems for verification of consent and notice processing and related methods |
US11675929B2 (en) | 2016-06-10 | 2023-06-13 | OneTrust, LLC | Data processing consent sharing systems and related methods |
US11403377B2 (en) | 2016-06-10 | 2022-08-02 | OneTrust, LLC | Privacy management systems and methods |
US11409908B2 (en) | 2016-06-10 | 2022-08-09 | OneTrust, LLC | Data processing systems and methods for populating and maintaining a centralized database of personal data |
US11416589B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11416634B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Consent receipt management systems and related methods |
US11416798B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing systems and methods for providing training in a vendor procurement process |
US11416590B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11416576B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing consent capture systems and related methods |
US11418492B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing systems and methods for using a data model to select a target data asset in a data migration |
US11418516B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Consent conversion optimization systems and related methods |
US11416109B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Automated data processing systems and methods for automatically processing data subject access requests using a chatbot |
US11416636B2 (en) | 2016-06-10 | 2022-08-16 | OneTrust, LLC | Data processing consent management systems and related methods |
US11438386B2 (en) | 2016-06-10 | 2022-09-06 | OneTrust, LLC | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods |
US11651106B2 (en) | 2016-06-10 | 2023-05-16 | OneTrust, LLC | Data processing systems for fulfilling data subject access requests and related methods |
WO2017214607A1 (en) * | 2016-06-10 | 2017-12-14 | OneTrust, LLC | Data processing and communications systems and methods for the efficient implementation of privacy by design |
US11651104B2 (en) | 2016-06-10 | 2023-05-16 | OneTrust, LLC | Consent receipt management systems and related methods |
US11449633B2 (en) | 2016-06-10 | 2022-09-20 | OneTrust, LLC | Data processing systems and methods for automatic discovery and assessment of mobile software development kits |
US11461500B2 (en) | 2016-06-10 | 2022-10-04 | OneTrust, LLC | Data processing systems for cookie compliance testing with website scanning and related methods |
US11461722B2 (en) | 2016-06-10 | 2022-10-04 | OneTrust, LLC | Questionnaire response automation for compliance management |
US11468196B2 (en) | 2016-06-10 | 2022-10-11 | OneTrust, LLC | Data processing systems for validating authorization for personal data collection, storage, and processing |
US11468386B2 (en) | 2016-06-10 | 2022-10-11 | OneTrust, LLC | Data processing systems and methods for bundled privacy policies |
US11645418B2 (en) | 2016-06-10 | 2023-05-09 | OneTrust, LLC | Data processing systems for data testing to confirm data deletion and related methods |
US11475136B2 (en) | 2016-06-10 | 2022-10-18 | OneTrust, LLC | Data processing systems for data transfer risk identification and related methods |
US11481710B2 (en) | 2016-06-10 | 2022-10-25 | OneTrust, LLC | Privacy management systems and methods |
US11488085B2 (en) | 2016-06-10 | 2022-11-01 | OneTrust, LLC | Questionnaire response automation for compliance management |
US11645353B2 (en) | 2016-06-10 | 2023-05-09 | OneTrust, LLC | Data processing consent capture systems and related methods |
US11520928B2 (en) | 2016-06-10 | 2022-12-06 | OneTrust, LLC | Data processing systems for generating personal data receipts and related methods |
US11636171B2 (en) | 2016-06-10 | 2023-04-25 | OneTrust, LLC | Data processing user interface monitoring systems and related methods |
US11625502B2 (en) | 2016-06-10 | 2023-04-11 | OneTrust, LLC | Data processing systems for identifying and modifying processes that are subject to data subject access requests |
US11544667B2 (en) | 2016-06-10 | 2023-01-03 | OneTrust, LLC | Data processing systems for generating and populating a data inventory |
US11544405B2 (en) | 2016-06-10 | 2023-01-03 | OneTrust, LLC | Data processing systems for verification of consent and notice processing and related methods |
US11609939B2 (en) | 2016-06-10 | 2023-03-21 | OneTrust, LLC | Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software |
US11586762B2 (en) | 2016-06-10 | 2023-02-21 | OneTrust, LLC | Data processing systems and methods for auditing data request compliance |
US11550897B2 (en) | 2016-06-10 | 2023-01-10 | OneTrust, LLC | Data processing and scanning systems for assessing vendor risk |
US11551174B2 (en) | 2016-06-10 | 2023-01-10 | OneTrust, LLC | Privacy management systems and methods |
US11558429B2 (en) | 2016-06-10 | 2023-01-17 | OneTrust, LLC | Data processing and scanning systems for generating and populating a data inventory |
US11556672B2 (en) | 2016-06-10 | 2023-01-17 | OneTrust, LLC | Data processing systems for verification of consent and notice processing and related methods |
US11586700B2 (en) | 2016-06-10 | 2023-02-21 | OneTrust, LLC | Data processing systems and methods for automatically blocking the use of tracking tools |
US11562097B2 (en) | 2016-06-10 | 2023-01-24 | OneTrust, LLC | Data processing systems for central consent repository and related methods |
US9858439B1 (en) | 2017-06-16 | 2018-01-02 | OneTrust, LLC | Data processing systems for identifying whether cookies contain personally identifying information |
US11373007B2 (en) | 2017-06-16 | 2022-06-28 | OneTrust, LLC | Data processing systems for identifying whether cookies contain personally identifying information |
US11663359B2 (en) | 2017-06-16 | 2023-05-30 | OneTrust, LLC | Data processing systems for identifying whether cookies contain personally identifying information |
US10013577B1 (en) | 2017-06-16 | 2018-07-03 | OneTrust, LLC | Data processing systems for identifying whether cookies contain personally identifying information |
US10104103B1 (en) | 2018-01-19 | 2018-10-16 | OneTrust, LLC | Data processing systems for tracking reputational risk via scanning and registry lookup |
US11188657B2 (en) | 2018-05-12 | 2021-11-30 | Netgovern Inc. | Method and system for managing electronic documents based on sensitivity of information |
US10963591B2 (en) | 2018-09-07 | 2021-03-30 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US11947708B2 (en) | 2018-09-07 | 2024-04-02 | OneTrust, LLC | Data processing systems and methods for automatically protecting sensitive data within privacy management systems |
US11144675B2 (en) | 2018-09-07 | 2021-10-12 | OneTrust, LLC | Data processing systems and methods for automatically protecting sensitive data within privacy management systems |
US11544409B2 (en) | 2018-09-07 | 2023-01-03 | OneTrust, LLC | Data processing systems and methods for automatically protecting sensitive data within privacy management systems |
US11157654B2 (en) | 2018-09-07 | 2021-10-26 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US10803202B2 (en) | 2018-09-07 | 2020-10-13 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US11593523B2 (en) | 2018-09-07 | 2023-02-28 | OneTrust, LLC | Data processing systems for orphaned data identification and deletion and related methods |
US11797528B2 (en) | 2020-07-08 | 2023-10-24 | OneTrust, LLC | Systems and methods for targeted data discovery |
US11968229B2 (en) | 2020-07-28 | 2024-04-23 | OneTrust, LLC | Systems and methods for automatically blocking the use of tracking tools |
US11444976B2 (en) | 2020-07-28 | 2022-09-13 | OneTrust, LLC | Systems and methods for automatically blocking the use of tracking tools |
US11475165B2 (en) | 2020-08-06 | 2022-10-18 | OneTrust, LLC | Data processing systems and methods for automatically redacting unstructured data from a data subject access request |
US11436373B2 (en) | 2020-09-15 | 2022-09-06 | OneTrust, LLC | Data processing systems and methods for detecting tools for the automatic blocking of consent requests |
US11704440B2 (en) | 2020-09-15 | 2023-07-18 | OneTrust, LLC | Data processing systems and methods for preventing execution of an action documenting a consent rejection |
US11526624B2 (en) | 2020-09-21 | 2022-12-13 | OneTrust, LLC | Data processing systems and methods for automatically detecting target data transfers and target data processing |
US11397819B2 (en) | 2020-11-06 | 2022-07-26 | OneTrust, LLC | Systems and methods for identifying data processing activities based on data discovery results |
US11615192B2 (en) | 2020-11-06 | 2023-03-28 | OneTrust, LLC | Systems and methods for identifying data processing activities based on data discovery results |
US11687528B2 (en) | 2021-01-25 | 2023-06-27 | OneTrust, LLC | Systems and methods for discovery, classification, and indexing of data in a native computing system |
US11442906B2 (en) | 2021-02-04 | 2022-09-13 | OneTrust, LLC | Managing custom attributes for domain objects defined within microservices |
US11494515B2 (en) | 2021-02-08 | 2022-11-08 | OneTrust, LLC | Data processing systems and methods for anonymizing data samples in classification analysis |
US11601464B2 (en) | 2021-02-10 | 2023-03-07 | OneTrust, LLC | Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system |
US11775348B2 (en) | 2021-02-17 | 2023-10-03 | OneTrust, LLC | Managing custom workflows for domain objects defined within microservices |
US11546661B2 (en) | 2021-02-18 | 2023-01-03 | OneTrust, LLC | Selective redaction of media content |
US11533315B2 (en) | 2021-03-08 | 2022-12-20 | OneTrust, LLC | Data transfer discovery and analysis systems and related methods |
US11816224B2 (en) | 2021-04-16 | 2023-11-14 | OneTrust, LLC | Assessing and managing computational risk involved with integrating third party computing functionality within a computing system |
US11562078B2 (en) | 2021-04-16 | 2023-01-24 | OneTrust, LLC | Assessing and managing computational risk involved with integrating third party computing functionality within a computing system |
US11620142B1 (en) | 2022-06-03 | 2023-04-04 | OneTrust, LLC | Generating and customizing user interfaces for demonstrating functions of interactive user environments |
Also Published As
Publication number | Publication date |
---|---|
US7234065B2 (en) | 2007-06-19 |
US20040098285A1 (en) | 2004-05-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7234065B2 (en) | System and method for managing data privacy | |
US7433829B2 (en) | System and method for managing global risk | |
US7809595B2 (en) | System and method for managing risks associated with outside service providers | |
US8005709B2 (en) | Continuous audit process control objectives | |
US7941353B2 (en) | Impacted financial statements | |
US20040064436A1 (en) | System and method for managing business continuity | |
US20140278730A1 (en) | Vendor management system and method for vendor risk profile and risk relationship generation | |
US20060116898A1 (en) | Interactive risk management system and method with reputation risk management | |
CISSP et al. | Official (ISC) 2 guide to the CISSP exam | |
US20060059026A1 (en) | Compliance workbench | |
US8296167B2 (en) | Process certification management | |
US20020194014A1 (en) | Legal and regulatory compliance program and legal resource database architecture | |
US20040260591A1 (en) | Business process change administration | |
US20060089861A1 (en) | Survey based risk assessment for processes, entities and enterprise | |
US20020143595A1 (en) | Method and system for compliance management | |
US20040260566A1 (en) | Audit management workbench | |
US20030135386A1 (en) | Proprietary information identification, management and protection | |
US20040260628A1 (en) | Hosted audit service | |
US20050028005A1 (en) | Automated accreditation system | |
US20050209899A1 (en) | Segregation of duties reporting | |
Carroll | Identifying risks in the realm of enterprise risk management | |
US20040186758A1 (en) | System for bringing a business process into compliance with statutory regulations | |
US20060074739A1 (en) | Identifying risks in conflicting duties | |
Karkhanis et al. | Improving the effectiveness of root cause analysis in hospitals | |
Campbell | Measures and metrics in corporate security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |