公开(公告)号：US20230206153A1

公开(公告)日：2023-06-29

申请号：US18117190

申请日：2023-03-03

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Jason L. Sabourin ,  Jonathan Blake Brannon ,  Mihir S. Karanjkar ,  Kevin Jones

IPC: G06Q10/0635 ,  G06Q10/067 ,  G06F21/62 ,  G06F21/57 ,  G06F21/55 ,  G06F15/76

CPC classification number: G06Q10/0635 ,  G06Q10/067 ,  G06F21/6245 ,  G06F21/577 ,  G06F21/552 ,  G06F15/76 ,  G06F16/95

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

公开(公告)号：US11663359B2

公开(公告)日：2023-05-30

申请号：US17850244

申请日：2022-06-27

Applicant: OneTrust, LLC

Inventor： Richard Beaumont ,  John Mannix ,  Kabir A. Barday ,  Jonathan Blake Brannon

IPC: H04L29/00 ,  G06F21/62 ,  H04L9/40 ,  H04L67/02

CPC classification number: G06F21/6263 ,  H04L63/102 ,  H04L63/1433 ,  H04L63/168 ,  H04L67/02

Abstract: A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.

公开(公告)号：US11651402B2

公开(公告)日：2023-05-16

申请号：US17836430

申请日：2022-06-09

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday

IPC: G06Q30/06 ,  G06Q30/0601 ,  G06Q10/0631 ,  G06Q50/26 ,  G06Q10/0635

CPC classification number: G06Q30/0609 ,  G06Q10/0635 ,  G06Q10/063114 ,  G06Q50/265

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.

公开(公告)号：US20220286482A1

公开(公告)日：2022-09-08

申请号：US17749732

申请日：2022-05-20

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Mihir S. Karanjkar ,  Steven W. Finch ,  Ken A. Browne ,  Nathan W. Heard ,  Aakash H. Patel ,  Jason L. Sabourin ,  Richard L. Daniel ,  Dylan D. Patton-Kuhl ,  Jonathan Blake Brannon

IPC: H04L9/40 ,  G06Q10/06

Abstract: In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.

公开(公告)号：US11416589B2

公开(公告)日：2022-08-16

申请号：US17493332

申请日：2021-10-04

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Kabir A. Barday ,  Jason L. Sabourin ,  Kevin Jones ,  Subramanian Viswanathan ,  Milap Shah

IPC: G06F21/31 ,  G06F21/62 ,  G06F11/34

Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.

公开(公告)号：US20220237538A1

公开(公告)日：2022-07-28

申请号：US17722643

申请日：2022-04-18

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Mihir S. Karanjkar ,  Steven W. Finch ,  Ken A. Browne ,  Nathan W. Heard ,  Aakash H. Patel ,  Jason L. Sabourin ,  Richard L. Daniel ,  Dylan D. Patton-Kuhl ,  Kevin Jones ,  Jonathan Blake Brannon

IPC: G06Q10/06 ,  G06F21/62 ,  G06F21/57 ,  G06F21/55 ,  G06F15/76

Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.

公开(公告)号：US20220237325A1

公开(公告)日：2022-07-28

申请号：US17717587

申请日：2022-04-11

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Jonathan Blake Brannon ,  Richard A. Beaumont ,  John Mannix

IPC: G06F21/62 ,  G06Q10/10 ,  H04L9/40 ,  G06F21/60 ,  G06F21/55 ,  G06F21/57 ,  G06F15/76

Abstract: A consent receipt management system is configured to: (1) automatically cause a prior, validly received consent to expire (e.g., in response to a triggering event); and (2) in response to causing the previously received consent to expire, automatically trigger a recapture of consent. In particular embodiments, the system may, for example, be configured to cause a prior, validly received consent to expire in response to one or more triggering events.

公开(公告)号：US11343284B2

公开(公告)日：2022-05-24

申请号：US17334948

申请日：2021-05-31

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Mihir S. Karanjkar ,  Steven W. Finch ,  Ken A. Browne ,  Nathan W. Heard ,  Aakash H. Patel ,  Jason L. Sabourin ,  Richard L. Daniel ,  Dylan D. Patton-Kuhl ,  Jonathan Blake Brannon

IPC: H04L29/06 ,  G06Q10/06

Abstract: In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.

公开(公告)号：US11328092B2

公开(公告)日：2022-05-10

申请号：US17347853

申请日：2021-06-15

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Jonathan Blake Brannon ,  Jason L. Sabourin

IPC: G06F21/62 ,  G06F16/11 ,  G06F21/60

Abstract: In particular embodiments, a data subject request processing system may be configured to utilize one or more local storage nodes in order to process a data subject access request on behalf of a data subject. In particular embodiments, the one or more local storage nodes may be local to the data subject making the request (e.g., in the same country as the data subject, in the same jurisdiction, in the same geographic area, etc.). The system may, for example, be configured to: (1) receive a data subject access request from a data subject (e.g., via a web form); (2) identify a suitable local storage node based at least in part on the request and/or the data subject; (3) route the data subject access request to the identified local storage node; and (4) process the data subject access request at the identified local storage node.

公开(公告)号：US11244367B2

公开(公告)日：2022-02-08

申请号：US17316179

申请日：2021-05-10

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday

IPC: G06Q30/06 ,  G06Q10/06 ,  G06Q50/26

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.