公开(公告)号：US20230376852A1

公开(公告)日：2023-11-23

申请号：US18319301

申请日：2023-05-17

Applicant: OneTrust LLC

Inventor： Shane Wiggins ,  Kevin Jones

IPC: G06N20/00

CPC classification number: G06N20/00

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for managing implementation of machine-learning models within computing environments according to system requirements frameworks via common data objects. The disclosed system generates a common data object to represent an implementation of a machine-learning model with a data process. For example, the disclosed system determines attribute values of the common data object according to data objects representing the machine-learning model and related datasets. Furthermore, the disclosed system utilizes the common data object to validate the machine-learning model according to a digital representation of a system requirements framework that includes usage requirements for machine-learning models to store, process, transmit, or otherwise handle specific data types in specific ways for the one or more data processes within a computing environment. The disclosed systems also perform operations to implement, suspend, or otherwise modify the machine-learning model or datasets based on the validation.

公开(公告)号：US11797528B2

公开(公告)日：2023-10-24

申请号：US17370650

申请日：2021-07-08

Applicant: OneTrust, LLC

Inventor： Kevin Jones ,  Saravanan Pitchaimani ,  Subramanian Viswanathan ,  Milap Shah ,  Ramana Malladi ,  Aadil Allidina ,  Matthew Hennig ,  Dylan D. Patton-Kuhl ,  Jonathan Blake Brannon

IPC: G06F16/242 ,  G06F16/25 ,  G06F16/23 ,  G06F16/2457 ,  G06N20/00 ,  G06F11/34

CPC classification number: G06F16/2423 ,  G06F11/3409 ,  G06F16/2358 ,  G06F16/2457 ,  G06F16/258 ,  G06N20/00 ,  G06F2201/80

Abstract: Various embodiments provide methods, apparatus, systems, computing devices, computing entities, and/or the like for identifying targeted data for a data subject across a plurality of data objects in a data source. In accordance with one embodiment, a method is provided comprising: receiving a request to identify targeted data for a data subject; identifying a first data object using metadata for a data source that identifies the first data object as associated with a first targeted data type for a data portion from the request; identifying a first data field from a graph data structure of the first data object that identifies the first data field as used for storing data having the first targeted data type; and querying the first data object based on the first data field and the data for the first targeted data type to identify a first targeted data portion for the data subject.

公开(公告)号：US20230206153A1

公开(公告)日：2023-06-29

申请号：US18117190

申请日：2023-03-03

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Jason L. Sabourin ,  Jonathan Blake Brannon ,  Mihir S. Karanjkar ,  Kevin Jones

IPC: G06Q10/0635 ,  G06Q10/067 ,  G06F21/62 ,  G06F21/57 ,  G06F21/55 ,  G06F15/76

CPC classification number: G06Q10/0635 ,  G06Q10/067 ,  G06F21/6245 ,  G06F21/577 ,  G06F21/552 ,  G06F15/76 ,  G06F16/95

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

公开(公告)号：US11636171B2

公开(公告)日：2023-04-25

申请号：US17675760

申请日：2022-02-18

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Casey Hill ,  Kevin Jones ,  Richard A. Beaumont

IPC: G06F16/958 ,  G06F16/957 ,  G06F16/951 ,  G06F40/174

Abstract: In various embodiments, a system may be configured to analyze data for a particular consent capture point to identify a change in consent capture rate from the capture point. The system may, for example, be configured to automatically detect that the system has stopped receiving consent records from a particular capture point. In such embodiments, the system may be configured to generate an alert, and transmit the alert to any suitable individual (e.g., privacy team member, IT department member, etc.) regarding the capture point. The system may, for example, enable an entity to identify one or more capture points that may have become non-functional (e.g., as a result of one or more changes to the capture point).

公开(公告)号：US11544409B2

公开(公告)日：2023-01-03

申请号：US17499595

申请日：2021-10-12

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Kevin Jones ,  Saravanan Pitchaimani ,  Jeremy Turk

IPC: G06F21/00 ,  G06F21/62 ,  G06F3/0482

Abstract: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

公开(公告)号：US11533315B2

公开(公告)日：2022-12-20

申请号：US17689683

申请日：2022-03-08

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Kevin Jones

IPC: H04L9/40

Abstract: In various aspects, a data transfer discovery and analysis system may query an entity computing system to identify access credentials for third-party computing systems and scan each access credential to determine associated permissions provided by each access credential on the entity computing system. The data transfer discovery and analysis system may further inspect access logs to identify actual data transfers between the entity computing system and third-party computing systems as well as other access activity associated with each of the credentials. The system can generate and store a mapping of all actual data transfers (e.g., based on the access log data) and potential data transfers (e.g., based on particular access permissions) between/among the entity computing system and the third-party computing systems. By analyzing access logs to determine actual data transfers executed under each particular access credential, the data transfer discovery and analysis system can identify unused and/or underutilized access permissions.

公开(公告)号：US11468196B2

公开(公告)日：2022-10-11

申请号：US17572276

申请日：2022-01-10

Applicant: OneTrust, LLC

Inventor： Kevin Jones ,  Jonathan Blake Brannon

IPC: G06F21/62 ,  G06F21/32 ,  G06F21/60 ,  G06F21/45

Abstract: In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.

公开(公告)号：US11416636B2

公开(公告)日：2022-08-16

申请号：US17479807

申请日：2021-09-20

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Casey Hill ,  Kevin Jones ,  Richard A. Beaumont

IPC: G06F21/62 ,  G06F21/60

Abstract: In various embodiments, a personal data processing system may require guardian consent (e.g., parental consent) for a data subject in order to collect, store, and or process the subject's personal data. The system may prompt the data subject to initiate a request for guardian consent or the system may initiate a request for guardian consent without initiation from the data subject (e.g., in the background of a transaction). In some embodiments, the system may require guardian consent when a data subject is under the age for valid consent for the particular type of personal data that will be collected as part of a particular transaction. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects and/or from guardians on their behalf (e.g., in the case of a minor data subject).

公开(公告)号：US11416589B2

公开(公告)日：2022-08-16

申请号：US17493332

申请日：2021-10-04

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Kabir A. Barday ,  Jason L. Sabourin ,  Kevin Jones ,  Subramanian Viswanathan ,  Milap Shah

IPC: G06F21/31 ,  G06F21/62 ,  G06F11/34

Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.

公开(公告)号：US20220237538A1

公开(公告)日：2022-07-28

申请号：US17722643

申请日：2022-04-18

Applicant: OneTrust, LLC

Inventor： Kabir A. Barday ,  Mihir S. Karanjkar ,  Steven W. Finch ,  Ken A. Browne ,  Nathan W. Heard ,  Aakash H. Patel ,  Jason L. Sabourin ,  Richard L. Daniel ,  Dylan D. Patton-Kuhl ,  Kevin Jones ,  Jonathan Blake Brannon

IPC: G06Q10/06 ,  G06F21/62 ,  G06F21/57 ,  G06F21/55 ,  G06F15/76

Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.