This disclosure describes some aspects of systems, non-transitory computer-readable media, and computer-implemented methods that generate insightful user interfaces that display data processing activity components from the application codes, data categories for the detected components, and/or modifications of data categories and/or data processing activity components. For example, the disclosed system can utilize the application code scan to categorize one or more data types and/or data processing purposes represented by the various detected data processing activity components. Additionally, the disclosed systems can generate dynamic graphical user interfaces with the data processing activity components and data categories to enable quick and insightful access to a wide breadth of information from an application code scan. Moreover, the disclosed systems can also determine (and display) changes of data processing activity components and/or data categories detected between scans of different versions of the application code.
This disclosure describes some aspects of systems, non-transitory computer-readable media, and computer-implemented methods that generate insightful user interfaces that display data processing activity components from the application codes, data categories for the detected components, and/or modifications of data categories and/or data processing activity components. For example, the disclosed system can utilize the application code scan to categorize one or more data types and/or data processing purposes represented by the various detected data processing activity components. Additionally, the disclosed systems can generate dynamic graphical user interfaces with the data processing activity components and data categories to enable quick and insightful access to a wide breadth of information from an application code scan. Moreover, the disclosed systems can also determine (and display) changes of data processing activity components and/or data categories detected between scans of different versions of the application code.
In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems. The risk management and mitigation computing system can generate a recommended control when integrating the third party computing system functionality.
Methods, systems, and non-transitory computer readable storage media are disclosed for updating the priority of classifiers in a classifier model. Specifically, the disclosed systems execute operations to extract data elements from a digital dataset. The disclosed system generates first classifier labels for a first subset of data elements (e.g., a test dataset) by utilizing a classification model to apply a predetermined order of classifiers to the first subset of data elements. The disclosed systems utilize the first classifier labels to determine a priority order for the classifiers for applying to a second subset of data elements the digital dataset. Using the determined priority order of the classifiers, the disclosed systems can generate second classifier labels for a second subset of data elements by utilizing the classifier model to apply the classifiers according to the priority order.
Various embodiments provide methods, apparatus, systems, computing devices, computing entities, and/or the like for identifying targeted data for a data subject across a plurality of data objects in a data source. In accordance with one embodiment, a method is provided comprising: receiving a request to identify targeted data for a data subject; identifying a first data object using metadata for a data source that identifies the first data object as associated with a first targeted data type for a data portion from the request; identifying a first data field from a graph data structure of the first data object that identifies the first data field as used for storing data having the first targeted data type; and querying the first data object based on the first data field and the data for the first targeted data type to identify a first targeted data portion for the data subject.
Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.
Aspects of the present invention provide methods, systems, and/or the like for (1) receiving a set of delegates; (2) generating a corresponding GUI for each delegate in the set of delegates, wherein the corresponding GUI is configured with a respective display element that provides a request for the corresponding data unit and an input element for receiving the corresponding data unit; (3) generating at least one corresponding delegate record for each delegate of the set of delegates, wherein the at least one corresponding delegate record identifies the corresponding data unit and the corresponding graphical user interface and is stored in a centralized repository; (4) generating a corresponding electronic communication for each delegate of the set of delegates, wherein the corresponding electronic communication comprises a link to access the corresponding GUI; and (5) sending the corresponding electronic communication for each delegate of the set of delegates to the corresponding assignee.
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p.ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comport
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p.ex. des interruptions ou des opérations d'entrée–sortie
10.
IDENTIFYING SIMILAR DOCUMENTS IN A FILE REPOSITORY USING UNIQUE DOCUMENT SIGNATURES
Methods, systems, and non-transitory computer readable storage media are disclosed for determining clusters of similar digital documents using unique document signatures. Specifically, the disclosed system processes digital text in a digital document to tokenize character strings (e.g., words) in the digital document by combining a subset of character values and string lengths in the character strings. Additionally, the disclosed system generates a document signature for the digital document by combining subsets of tokens generated for the digital document into a token sequence indicative of the digital text in the digital document. The disclosed system determines a cluster of similar digital documents including the digital document by comparing the document signature of the digital document to document signatures corresponding to a plurality of digital documents.
Methods, systems, and non-transitory computer readable storage media are disclosed for managing implementation of machine-learning models within computing environments according to system requirements frameworks via common data objects. The disclosed system generates a common data object to represent an implementation of a machine-learning model with a data process. For example, the disclosed system determines attribute values of the common data object according to data objects representing the machine-learning model and related datasets. Furthermore, the disclosed system utilizes the common data object to validate the machine-learning model according to a digital representation of a system requirements framework that includes usage requirements for machine-learning models to store, process, transmit, or otherwise handle specific data types in specific ways for the one or more data processes within a computing environment. The disclosed systems also perform operations to implement, suspend, or otherwise modify the machine-learning model or datasets based on the validation.
Methods, systems, and non-transitory computer readable storage media are disclosed for utilizing dynamic request queues to process electronic requests in a shared infrastructure environment. The disclosed system dynamically generates a plurality of separate request queues for tenant computing systems that utilize a shared processing infrastructure to issue electronic requests for processing by various recipient processors (e.g., one or more processing threads) by separating a primary request queue into the separate requests queues based on the tenant computing systems. The disclosed system also generates a plurality of queue order scores for the request queues based in part on a processing recency of each of the request queues and whether the request queues have pending electronic requests. The disclosed system processes electronic requests in the request queues by selecting a request queue based on the queue order scores and processing a batch of electronic requests utilizing a recipient processor.
H04L 47/62 - Ordonnancement des files d’attente caractérisé par des critères d’ordonnancement
H04L 67/1031 - Commande du fonctionnement des serveurs par un répartiteur de charge, p.ex. en ajoutant ou en supprimant de serveurs qui servent des requêtes
H04L 47/52 - Ordonnancement selon la bande passante des files d'attente
H04L 47/60 - Ordonnancement des files d’attente en implémentant un ordonnancement hiérarchique
13.
DATA PROCESSING SYSTEMS AND METHODS FOR AUTOMATICALLY DETECTING TARGET DATA TRANSFERS AND TARGET DATA PROCESSING
Aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for protection of system software, or data from destruction, unauthorized modification, and/or unauthorized disclosure securing by, for example, detecting the transfer and/or processing of target data. Accordingly, a method is provided that involves: scanning a software application to identify functionality configured for processing target data; identifying fields associated with the functionality; identifying metadata associated with a field; generating, from the metadata, an identification of a type of data associated with the field; determining a location based on the processing of the target data by the functionality; determining a risk associated with the functionality processing the target data based on the location and the type of data; determining that the risk satisfies a threshold level of risk; and in response, causing an action to be performed to mitigate the risk.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
14.
MANAGING IMPLEMENTATION OF DATA CONTROLS FOR COMPUTING SYSTEMS
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for managing implementation of data controls for computing systems. In various aspects, a method is provided that comprises: comparing a first version of a dataset describing a regulatory framework to a second version of the dataset to identify a change to a data control; in response: processing, using a featurization technique, a portion of the dataset to generate a feature representation of the change that comprises feature attributes representing the change; processing, using a first machine-learning model, the feature representation to generate tags representing characteristics of the change; processing, using a second machine-learning model, the tags to generate an applicable domain; identifying, based on the domain, a computing system affected by the change; and in response, coordinating an action to be performed for the computing system to address the change.
A privacy-related consent extension and data processing system may be configured to automatically extend one or more privacy-related consents for a user of a first computing device to a second computing device. In various embodiments, the system is configured to provide a computer-readable indicium (indicia) on a previously unknown computing device upon initiation of a transaction between a user and an entity collecting and processing privacy data. In response to a user using a known computing device to scan the computer-readable indicium, in various embodiments, the system may provide the ability to share user consent data provided by the first known device to the second unknown device, allowing the user to provide consent without manually re-entering privacy and consent preferences.
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations modifying physical emissions sources of an entity based on past and modeled emissions for the entity. Specifically, the disclosed system monitors emissions produced by an entity by determining a number of emissions sources corresponding to an entity and a plurality of emissions values for the emissions sources. Additionally, the disclosed system determines a plurality of constraints corresponding to the entity. The disclosed system also determines goals for the entity including target emissions values. The disclosed system utilizes a modified gradient descent model to iteratively adjust emissions values for the physical emissions sources to obtain the target emissions values according to the constraints. The disclosed system generates action recommendations for modifying the physical emissions sources utilizing the modified gradient descent model and provides the action recommendations for display within a graphical user interface.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
17.
GENERATING FORECASTED EMISSIONS VALUE MODIFICATIONS AND MONITORING FOR PHYSICAL EMISSIONS SOURCES UTILIZING MACHINE-LEARNING MODELS
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for generating action recommendations for modifying physical emissions sources of an entity based on forecasting and monitoring emissions production for the entity utilizing machine-learning models. Specifically, the disclosed system forecasts emissions produced by an entity by utilizing a plurality of different forecasting machine-learning models corresponding to different physical emissions sources to generate forecasted source attributes. Additionally, the disclosed system combines the forecasted source attributes to generate a plurality of forecasted emissions value modifications for a future time period. The disclosed system generates action recommendations for modifying the physical emissions sources based on the forecasted emissions value modifications. In additional embodiments, the disclosed system tracks emissions of the entity during the future time period and generate additional action recommendations in response to detecting deviations from forecasted emissions production.
G06Q 50/06 - Fourniture d'électricité, de gaz ou d'eau
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
G06F 40/40 - Traitement ou traduction du langage naturel
18.
DATA PROCESSING SYSTEMS AND METHODS FOR AUTOMATICALLY REDACTING UNSTRUCTURED DATA FROM A DATA SUBJECT ACCESS REQUEST
System and methods are disclosed for redacting analyzing unstructured data in a request for data associated with a data subject to determine whether the unstructured data is relevant to the request. The relevancy of pieces of the unstructured data may be determined by determining a categorization for each such piece of unstructured data and comparing them to known personal data associated with the data subject having the same categorization. Pieces of the unstructured data that do not match known personal data having the same categorization are redacted from the request before the request is processed.
In general, various aspects provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for performing data discovery on a target computing system. In various aspects, a third party computing connects, via a public data network, to an edge node of the target computing system and instructs the target computing system to execute jobs to discover target data stored in data repositories in a private data network in the target computing system. In some aspects, the third party computing system may schedule the jobs on the target computing system based on computing resource availability on the target computing system.
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 40/284 - Analyse lexicale, p.ex. segmentation en unités ou cooccurrence
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06Q 10/063 - Recherche, analyse ou gestion opérationnelles
G06F 18/21 - Conception ou mise en place de systèmes ou de techniques; Extraction de caractéristiques dans l'espace des caractéristiques; Séparation aveugle de sources
20.
FIRST-PARTY COMPUTING SYSTEM SPECIFIC QUERY RESPONSE GENERATION FOR INTEGRATION OF THIRD-PARTY COMPUTING SYSTEM FUNCTIONALITY
A method, in various aspects, comprises: (1) receiving a query from a first party computing system related to integrating third party computing functionality into the first party computing system; (2) identifying a set of third party entities that provide the third party computing functionality; (3) accessing integration data; (4) identifying a set of reference entities, the set of reference entities including, for each respective third party entity, a respective reference entity that has previously integrated the third party computing into a respective reference entity computing system associated with the respective reference entity; (5) determining second integration data with respect to the set of reference entities integrating the third party computing functionality; (6) generating, based on the first integration data and the second integration data, data responsive to the query that is specific to the first party computing system; and (7) taking an action with respect to the data.
G06Q 10/0635 - Analyse des risques liés aux activités d’entreprises ou d’organisations
G06Q 10/067 - Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
21.
MAPPING ENTITIES IN UNSTRUCTURED TEXT DOCUMENTS VIA ENTITY CORRECTION AND ENTITY RESOLUTION
Methods, systems, and non-transitory computer readable storage media are disclosed for correcting entity detection errors with entity correction and resolution in optical character recognition for digitization of physical documents. Specifically, the disclosed system utilizes named entity recognition to extract entities from character strings (e.g., words) in a digital text document. The disclosed system also tokenizes the character strings in the digital text document based on attributes of the character strings. Furthermore, the disclosed system compares the extracted entities and tokenized character strings to determine similarity metrics between the extracted entities and tokenized character strings. The disclosed system also compares extracted entities to character strings including special/numerical characters to determine similarity metrics indicating correlation probabilities between entities and character strings. The disclosed systems generate mappings between the tokens and entities based on the similarity metrics to resolve entities to likely corresponding character strings while correcting for errors during entity extraction.
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.
G06Q 10/0635 - Analyse des risques liés aux activités d’entreprises ou d’organisations
G06Q 10/067 - Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
24.
DATA-PROCESSING CONSENT REFRESH, RE-PROMPT, AND RECAPTURE SYSTEMS AND RELATED METHODS
In various embodiments, a Consent Refresh, Re-Prompt, and Recapture System is configured to interface with a Consent Receipt Management System in order to, for example: (1) monitor previously provided consent by one or more data subjects that may be subject to future expiration; (2) monitor a data subject's activity to anticipate the data subject attempting an activity that may require a level of consent (e.g., for the processing of particular data subject data) that is higher than the system has received; and/or (3) identify other changes in circumstances or triggering events for a data subject that may warrant a refresh or recapture (e.g., or attempted capture) of a particular required consent (e.g., required to enable an entity to properly or legally execute a transaction with a data subject). The system may then be configured to automatically refresh, re-prompt for, and/or recapture consent as necessary.
In various embodiments, an entity may provide a WebView where a transaction between an entity and a data subject may be performed. As described herein, the transaction may involve the collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction. Additionally, the entity may provide a native application where the transactions between the entity and a data subject may be performed. In some embodiments, the system may be configured to share consent data between the WebView and the native application so data subjects experience a seamless transition while using either the WebView or the native application, and the data subjects are not required to go through a consent workflow for each of the WebView and the native application.
Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.
G06F 16/25 - Systèmes d’intégration ou d’interfaçage impliquant les systèmes de gestion de bases de données
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.
Data processing systems and methods, according to various embodiments, are adapted for determining a categorization for each tracking tool that executes on a particular webpage based on a variety of criteria, such as the purpose of the tracking tool and its source script. The system may compare the characteristics of tracking tools on a webpage to a database of known tracking tools to determine the appropriate categorization. When a user visits the webpage, the system analyzes these categories and determines whether the tracking tool should be permitted to run based on the categories and/or other criteria, such as whether the user has consented to the use of that type of tracking tool.
A data processing central consent repository system may be configured to, for example: (1) identify a form used to collect one or more pieces of personal data, (2) determine a data asset of a plurality of data assets of the organization where input data of the form is transmitted, (3) add the data asset to the third-party data repository with an electronic link to the form, (4) in response to a user submitting the form, create a unique subject identifier to submit to the third-party data repository and, along with the form data provided by the user in the form, to the data asset, (5) submit the unique subject identifier and the form data provided by the user to the third-party data repository and the data asset, and (6) digitally store the unique subject identifier and the form data in the third-party data repository and the data asset.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/951 - Indexation; Techniques d’exploration du Web
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.
Methods, systems, and non-transitory computer readable storage media are disclosed for managing computing systems according to detect and correct configuration gaps with specific system requirements frameworks. Specifically, the disclosed system accesses a digital data repository to determine attribute values of data objects representing functions or infrastructure associated with handling target data for an entity. The disclosed system determines a digital representation of a system requirements framework that indicates controls associated with handling specific data types. Based on the attribute values and a gap rules set associated with the system requirements framework, the disclosed system determines configuration gaps to be addressed via control actions for installing controls in connection with various data assets or data processing operations. The disclosed system generates tasks to display via a graphical user interface of a computing device for applying modifications to the data assets and/or data processing operations to address the configuration gaps.
In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 3/0482 - Interaction avec des listes d’éléments sélectionnables, p.ex. des menus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
33.
Limiting usage of physical emissions sources by utilizing a modified gradient descent model
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations modifying physical emissions sources of an entity based on past and modeled emissions for the entity. Specifically, the disclosed system monitors emissions produced by an entity by determining a number of emissions sources corresponding to an entity and a plurality of emissions values for the emissions sources. Additionally, the disclosed system determines a plurality of constraints corresponding to the entity. The disclosed system also determines goals for the entity including target emissions values. The disclosed system utilizes a modified gradient descent model to iteratively adjust emissions values for the physical emissions sources to obtain the target emissions values according to the constraints. The disclosed system generates action recommendations for modifying the physical emissions sources utilizing the modified gradient descent model and provides the action recommendations for display within a graphical user interface.
GENERATING ACTION RECOMMENDATIONS FOR MODIFYING PHYSICAL EMISSION SOURCES BASED ON MANY SIMULATIONS OF DIFFERENT SCENARIOS UTILIZING A MODIFIED GRADIENT DESCENT MODEL
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for modifying physical emissions sources based on a plurality of simulations of different scenarios utilizing a modified gradient descent model. Specifically, the disclosed system utilizes the modified gradient descent model to generate emissions value modifications for physical emissions sources corresponding to an entity based on a set of constraints and target emissions values. The disclosed system runs a plurality of simulations to generate modified target emissions values, utilizing the modified gradient descent model, by modifying source attributes of the physical emissions sources according to a plurality of probability distributions representing source attributes of the physical emissions sources. The disclosed system then compares the initial target emissions values to the modified target emissions values determined from the simulations to generate action recommendations for modifying the physical emissions sources.
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for generating action recommendations for modifying physical emissions sources of an entity based on forecasting and monitoring emissions production for the entity utilizing machine-learning models. Specifically, the disclosed system forecasts emissions produced by an entity by utilizing a plurality of different forecasting machine-learning models corresponding to different physical emissions sources to generate forecasted source attributes. Additionally, the disclosed system combines the forecasted source attributes to generate a plurality of forecasted emissions value modifications for a future time period. The disclosed system generates action recommendations for modifying the physical emissions sources based on the forecasted emissions value modifications. In additional embodiments, the disclosed system tracks emissions of the entity during the future time period and generate additional action recommendations in response to detecting deviations from forecasted emissions production.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating customized user interfaces. In accordance with various aspects, a method is provided that comprises: providing a content generation interface that includes control elements for selecting interactive content; receiving, via the control elements, a selection of a set of webpages comprising the interactive content; configuring, based on the selection, the interactive content to be displayed via browser tabs by: including a set of object identifiers, wherein each object identifier represents a corresponding webpage that is to be displayed via a browser tab; and transmitting an instruction to a browser application executing on a target device causing the browser application to launch browser tabs to display the interactive content by displaying the corresponding webpage via a browser tab of the browser tabs.
G06F 3/0482 - Interaction avec des listes d’éléments sélectionnables, p.ex. des menus
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
38.
Identifying similar documents in a file repository using unique document signatures
Methods, systems, and non-transitory computer readable storage media are disclosed for determining clusters of similar digital documents using unique document signatures. Specifically, the disclosed system processes digital text in a digital document to tokenize character strings (e.g., words) in the digital document by combining a subset of character values and string lengths in the character strings. Additionally, the disclosed system generates a document signature for the digital document by combining subsets of tokens generated for the digital document into a token sequence indicative of the digital text in the digital document. The disclosed system determines a cluster of similar digital documents including the digital document by comparing the document signature of the digital document to document signatures corresponding to a plurality of digital documents.
Embodiments of the present invention provide methods, systems, and/or the like for versioning a graph representation in a graph data structure. In accordance with one embodiment, a method is provided comprising: conducting a plurality of iterations involving: validating a first data source comprising a new version of data based on a schema from a plurality of schemas in which each schema corresponds to a graph representation found in a graph data structure; and identifying errors in the first source based on the validating of the source; identifying an applicable schema as a schema producing fewer errors than at least one other schema; comparing the first source with a second source comprising a previous version of the data to identify a difference; generating a query for the difference based on the applicable schema; and providing the query for execution to migrate the difference into the graph representation.
In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for addressing a modified risk rating identifying a risk to an entity of having computer-implemented functionality provided by a vendor integrated with a computing system of the entity. In accordance various aspects, a method is provided that comprises: receiving a first assessment dataset for computer-implemented functionality; detecting an inconsistency between a value of an attribute for the computer-implemented functionality specified in the first assessment dataset and a corresponding value of the attribute specified in a second assessment dataset for the computer-implemented functionality; modifying a risk rating that identifies a risk to the entity of having the computer-implemented functionality integrated with the computing system to generate a modified risk rating based on the inconsistency; and in response, performing an action with respect to the computing system to address the modified risk rating.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
42.
COMPUTING PLATFORM FOR FACILITATING DATA EXCHANGE AMONG COMPUTING ENVIRONMENTS
Various aspects of the disclosure provide methods, apparatus, systems, computing devices, computing entities, and/or the like for facilitating the exchange of data among a diverse group of first and third party computing environments. Accordingly, various aspects of the disclosure provide a data exchange computing platform that facilitates data exchange among a diverse group of first and third party computing environments. In some aspects, the data exchange computing platform provides a data exchange service available to various first and third parties who wish to exchange data.
The present disclosure provides methods, systems, computing devices, computing entities, and/or the like for identifying and/or retrieving targeted data found in unstructured documents. In accordance with various aspects, a method is provided that comprises: receiving, a targeted data request identifying a data subject; processing a first feature representation of each document of a plurality of documents using a classifier machine-learning model to generate a prediction that the document contains the targeted data; generating a dataset that comprises each document having a prediction that satisfy a threshold; processing a second feature representation of each document of the dataset using a clustering machine-learning model to identify a document cluster for the document; and providing the document clusters so that an analysis can be performed on each document cluster to eliminate the document cluster as having targeted data and/or identify the targeted data associated with the data subject found in the document cluster.
G06V 30/414 - Extraction de la structure géométrique, p.ex. arborescence; Découpage en blocs, p.ex. boîtes englobantes pour les éléments graphiques ou textuels
A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
45.
Systems and methods for automatically blocking the use of tracking tools
Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.
A chat robot may be used to facilitate interaction with a user in the determination of whether to initiate and process a data subject access request (DSAR). At a DSAR submission webpage, the chatbot may interact with a user to determine the information the user is in need of and/or the actions that the user may take. The chatbot may provide the information, avoiding the processing overhead of submission and fulfillment of a DSAR. In addition, data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset.
Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.
In particular embodiments, a consent conversion optimization system is configured to test two or more test consent interfaces against one another to determine which of the two or more consent interfaces results in a higher conversion percentage (e.g., to determine which of the two or more interfaces lead to a higher number of end users and/or data subjects providing a requested level of consent for the creation, storage and use or cookies by a particular website). The system may, for example, analyze end user interaction with each particular test consent interface to determine which of the two or more user interfaces: (1) result in a higher incidence of a desired level of provided consent; (2) are easier to use by the end users and/or data subjects (e.g., take less time to complete, require a fewer number of clicks, etc.); (3) etc.
Data processing systems and methods, according to various embodiments, are adapted for performing a process of procuring a vendor and sub-processes associated therewith, such as performing vendor risk assessments and providing training specific to the procurement of that particular vendor. Training requirements for the user procuring the vendor and/or for the vendor itself are determined and any deficiencies in current, valid training requirements are identified. Training to address any identified deficiencies is provided as part of the vendor procurement process. Training may be customized based on trainee and/or organization attributes to improve the effectiveness of such training.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
50.
Data processing systems and methods for preventing execution of an action documenting a consent rejection
Various aspects involve forgoing updates to consent data for at least one consent rejection generated by an automated consent rejection tool. For instance, a consent management system can be communicatively coupled to a user device. The user device can detect invocations of a consent rejection function, such as when browser states of a browser application indicate requests for web pages or other online content. The consent management system can document a consent rejection for one or more of the invocations. The consent management system can also prevent documentation of consent being rejected for at least one invocation initiated by an automated consent rejection tool.
A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.
In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.
A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.
In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for addressing a modified risk rating identifying a risk to an entity of having computer-implemented functionality provided by a vendor integrated with a computing system of the entity. In accordance various aspects, a method is provided that comprises: receiving a first assessment dataset for computer-implemented functionality; detecting an inconsistency between a value of an attribute for the computer-implemented functionality specified in the first assessment dataset and a corresponding value of the attribute specified in a second assessment dataset for the computer-implemented functionality; modifying a risk rating that identifies a risk to the entity of having the computer-implemented functionality integrated with the computing system to generate a modified risk rating based on the inconsistency; and in response, performing an action with respect to the computing system to address the modified risk rating.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
55.
Data processing systems and communication systems and methods for the efficient generation of risk assessments
Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.
A Data Subject Access Request (DSAR) Prioritization System, according to various embodiments, is adapted for (1) executing the steps of receiving a data subject access request (DSAR); (2) at least partially in response to receiving the DSAR, obtaining metadata associated with at least one of the DSAR or a data subject associated with the DSAR; (3) using the metadata to determine whether a priority of the DSAR should be adjusted based at least in part on the obtained metadata; and (4) in response to determining that the priority of the DSAR should be adjusted based at least in part on the obtained metadata, adjusting the priority of the DSAR.
Computer-readable media, according to various embodiments, store computer-executable instructions for: (1) analyzing computer code for a mobile application to identify a tracking technology being used by the mobile application for collecting personal data of a user of the mobile application; (1) identifying a recommendation for managing a design of the mobile application in light of the tracking technology; (3) identifying a task to implement the recommendation; (4) generating output comprising a report documenting the task; and (5) providing the report for display to an individual on a display screen.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
58.
Systems and methods for identifying data processing activities based on data discovery results
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.
A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.
In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
62.
Data transfer discovery and analysis systems and related methods
In various aspects, a data transfer discovery and analysis system may query an entity computing system to identify access credentials for third-party computing systems and scan each access credential to determine associated permissions provided by each access credential on the entity computing system. The data transfer discovery and analysis system may further inspect access logs to identify actual data transfers between the entity computing system and third-party computing systems as well as other access activity associated with each of the credentials. The system can generate and store a mapping of all actual data transfers (e.g., based on the access log data) and potential data transfers (e.g., based on particular access permissions) between/among the entity computing system and the third-party computing systems. By analyzing access logs to determine actual data transfers executed under each particular access credential, the data transfer discovery and analysis system can identify unused and/or underutilized access permissions.
In particular embodiments, computer-implemented data processing, systems, and method configured to: receive a request to initiate a transaction between an entity and a data subject, generate (i) a consent receipt for the transaction comprising at least a unique subject identifier and a unique consent receipt key and (ii) a unique cookie to identify the data subject's transaction initiated by the data subject, store the consent receipt for the transaction and the unique cookie, receive a data subject access request from the data subject, verify an identity of the data subject based at least in part on the unique cookie process the request, process the request by identifying one or more pieces of personal data associated with the data subject, and taking one or more actions based at least in part on the data subject access request.
An application privacy analysis system is described, where the system obtains an application and analyzes it for privacy related data use. The system may determine privacy related activities of the application from established sources of such data and/or may decompile the application and analyze the resulting code to determine the privacy related activities of the application. The system may execute the application and monitor the communications traffic exchanged by the application to determine privacy related activities of the application. The system may store the results of such analyses for future reference.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
65.
Managing custom workflows for domain objects defined within microservices
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating and managing custom workflows for domain objects defined within microservices. In accordance with various aspects, a method is that comprises: receiving an attribute value for a custom workflow to include in a microservice that corresponds to an attribute defined for a workflow component; accessing mapping data for an attribute; identifying, based on the mapping data, a corresponding field of a workflows table mapped to the attribute; storing a record in the workflows table for the custom workflow with the attribute value stored in the corresponding field for the record to persist the custom workflow in the microservice.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying and documenting certain subject matter found in media content, as well as selectively redacting the subject matter found in media content. In accordance with various aspects, a method is provided that comprises: obtaining first metadata for media content, the metadata identifying a context and a portion of content for an individual; identifying, based on the context, a certain subject matter for the media content; determining that a particular item associated with the subject matter is present in the portion of content associated with the individual; generating second metadata to document the particular item present in the portion of content; and using the second metadata to selectively redacting the item from the portion of content associated with the individual upon request to do so with respect to the individual.
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
68.
Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems. The risk management and mitigation computing system can generate a recommended control when integrating the third party computing system functionality.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
70.
DATA PROCESSING SYSTEMS AND METHODS FOR CUSTOMIZING PRIVACY TRAINING
Data processing systems and methods, according to various embodiments, are adapted for performing a process of procuring a vendor and sub-processes associated therewith, such as performing vendor risk assessments and providing training specific to the procurement of that particular vendor. Training requirements for the user procuring the vendor and/or for the vendor itself are determined and any deficiencies in current, valid training requirements are identified. Training to address any identified deficiencies is provided as part of the vendor procurement process. Training may be customized based on trainee and/or organization attributes to improve the effectiveness of such training.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
71.
Managing custom attributes for domain objects defined within microservices
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating and managing custom attributes and corresponding values for domain objects defined within microservices. In accordance with various aspects, a method is provided that comprises: receiving a custom attribute request for a domain object defined in a microservice that comprises a domain object identifier, a custom attribute to add to the domain object, and a value type for the custom attribute; identifying, based on the domain object identifier and the value type, a custom value table for the domain object that comprises placeholder fields; identifying a placeholder field that is available in the custom value table; and storing a record in the attribute schema table for the domain object and the custom attribute comprising mapping data that maps the custom attribute to the placeholder field for the custom value table.
A consent receipt management system is configured to: (1) automatically cause a prior, validly received consent to expire (e.g., in response to a triggering event); and (2) in response to causing the previously received consent to expire, automatically trigger a recapture of consent. In particular embodiments, the system may, for example, be configured to cause a prior, validly received consent to expire in response to one or more triggering events.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
73.
DATA PROCESSING SYSTEMS FOR IDENTIFYING, ASSESSING, AND REMEDIATING DATA PROCESSING RISKS USING DATA MODELING TECHNIQUES
In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
74.
Systems and methods for discovery, classification, and indexing of data in a native computing system
In general, various aspects provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for performing data discovery on a target computing system. In various aspects, a third party computing connects, via a public data network, to an edge node of the target computing system and instructs the target computing system to execute jobs to discover target data stored in data repositories in a private data network in the target computing system. In some aspects, the third party computing system may schedule the jobs on the target computing system based on computing resource availability on the target computing system.
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 40/284 - Analyse lexicale, p.ex. segmentation en unités ou cooccurrence
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06Q 10/063 - Recherche, analyse ou gestion opérationnelles
G06F 18/21 - Conception ou mise en place de systèmes ou de techniques; Extraction de caractéristiques dans l'espace des caractéristiques; Séparation aveugle de sources
G06K 9/62 - Méthodes ou dispositions pour la reconnaissance utilisant des moyens électroniques
75.
Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.
G06F 16/25 - Systèmes d’intégration ou d’interfaçage impliquant les systèmes de gestion de bases de données
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for verifying the identity of a data subject. In one embodiment, a method is provided comprising: receiving, via a browser, a consumer rights request for a data subject for performing an action with regard to personal data associated with the data subject; detecting a state of the browser indicating a location; identifying a law based on the location; determining a level of identity verification required based on the law; generating, based on the level, a GUI by configuring a first prompt on the GUI configured for receiving input for a first type of identity verification; transmitting an instruction to present the GUI; receiving the input for the first type of identity verification; verifying the identity of the data subject based on the input; and responsive to verifying the identity, causing performance of the action.
A data transfer analysis system is disclosed that analyzes data transfer log entries to determine whether a data transfer is authorized. The system determines information about the data assets involved in the data transfer (e.g., network address, geographical location, etc.) and uses a data map to determine if data transfers are authorized between the two data assets. If not, the system may take one or more actions, such as generating a notification, terminating the data transfer, restricting the access of the user that initiated the transfer, modifying network communications capabilities between the assets to prevent future transfers, and storing metadata that can be used to prevent future such transfers.
G06F 16/9038 - Présentation des résultats des requêtes
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
78.
Questionnaire response automation for compliance management
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
In various embodiments, a system may be configured to analyze data for a particular consent capture point to identify a change in consent capture rate from the capture point. The system may, for example, be configured to automatically detect that the system has stopped receiving consent records from a particular capture point. In such embodiments, the system may be configured to generate an alert, and transmit the alert to any suitable individual (e.g., privacy team member, IT department member, etc.) regarding the capture point. The system may, for example, enable an entity to identify one or more capture points that may have become non-functional (e.g., as a result of one or more changes to the capture point).
In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/64 - Protection de l’intégrité des données, p.ex. par sommes de contrôle, certificats ou signatures
Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include automatically/continuously creating asset populations and drawing samples from the asset populations for auditing. The population samples may be generated by entering natural language queries in the platform. Asset data from the asset populations is used to feed/populate various other modules and systems used by the tenant of the platform.
Data processing systems and methods, according to various embodiments, are adapted for efficiently processing data to allow for the streamlined assessment of risk ratings for one or more vendors. In various embodiments, the systems/methods may use one or more particular vendor attributes (e.g., as determined from scanning one or more webpages associated with the particular vendor) and the contents of one or more completed privacy templates for the vendor to determine a vendor risk rating for the particular vendor. As a particular example, the system may scan a website associated with the vendor to automatically determine one or more security certifications associated with the vendor and use that information, along with information from a completed privacy template for the vendor, to calculate a vendor risk rating that indicates the risk of doing business with the vendor.
G06F 21/50 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, determining whether a data subject engagement rating does or does not satisfy a criteria (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the data subject engagement rating does or does not satisfy a criteria, at least substantially automatically populating and/or submitting a data subject access request to an entity computing system via a public data network (e.g., to delete all personal information being processed by the entity).
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06V 30/40 - Reconnaissance des formes à partir d’images axée sur les documents
86.
DATA PROCESSING SYSTEMS AND METHODS FOR INTEGRATING PRIVACY INFORMATION MANAGEMENT SYSTEMS WITH DATA LOSS PREVENTION TOOLS OR OTHER TOOLS FOR PRIVACY DESIGN
Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.
G06Q 30/06 - Transactions d’achat, de vente ou de crédit-bail
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06Q 50/26 - Services gouvernementaux ou services publics
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
88.
Data processing and scanning systems for generating and populating a data inventory
In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
89.
Systems and methods for identifying data processing activities based on data discovery results
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
In particular embodiments, a Cross-Border Visualization Generation System is configured to: (1) identify one or more data assets associated with a particular entity; (2) analyze the one or more data assets to identify one or more data elements stored in the identified one or more data assets; (3) define a plurality of physical locations and identify, for each of the identified one or more data assets, a respective particular physical location of the plurality of physical locations; (4) analyze the identified one or more data elements to determine one or more data transfers between the one or more data systems in different particular physical locations; (5) determine one or more regulations that relate to the one or more data transfers; and (6) generate a visual representation of the one or more data transfers based at least in part on the one or more regulations.
G06F 16/9038 - Présentation des résultats des requêtes
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
H04L 41/12 - Découverte ou gestion des topologies de réseau
Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.
A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
95.
DATA SUBJECT ACCESS REQUEST PROCESSING SYSTEMS AND RELATED METHODS
In particular embodiments, a computer-implemented data processing method for responding to a data subject access request comprises: (A) receiving a data subject access request from a requestor comprising one or more request parameters; (B) determining that the data subject is associated with a particular geographic location; (C) verifying that the data subject is associated with the particular geographic location; (D) in response to verifying that the data subject is associated with the particular geographic location, processing the request by identifying one or more pieces of personal data associated with the data subject; and (E) taking one or more actions based at least in part on the data subject access request, the one or more actions including one or more actions related to the one or more pieces of personal data.
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for detecting prejudice bias in machine-learning models and/or data sets used in training, testing, and/or validating the models. In accordance various aspects, a method is provided comprising: receiving a data set used for training, testing, and/or validating a model that comprises data instances; generating, using a classification model, a prediction of applicability for each sub-category of a plurality of sub-categories for each bias category of a plurality of bias categories for each data instance; determining that a particular sub-category for a particular bias category is applicable to a proportion of the data set, wherein predictions of applicability for the particular sub-category generated for the proportion of the data set satisfies a threshold; and determining, based on the proportion, that the data set has a prejudice bias with respect to the particular bias category.
A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.
G06F 9/44 - Dispositions pour exécuter des programmes spécifiques
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for protection of system software, or data from destruction, unauthorized modification, and/or unauthorized disclosure securing by, for example, detecting the transfer and/or processing of target data. Accordingly, a method is provided that involves: scanning a software application to identify functionality configured for processing target data; identifying fields associated with the functionality; identifying metadata associated with a field; generating, from the metadata, an identification of a type of data associated with the field; determining a location based on the processing of the target data by the functionality; determining a risk associated with the functionality processing the target data based on the location and the type of data; determining that the risk satisfies a threshold level of risk; and in response, causing an action to be performed to mitigate the risk.
Systems and methods are disclosed detecting whether calls to consent rejection functions originate with an automated tool or a human user. The system can determine that a calls to a consent rejection function are likely from an automated tool by determining that a rate and/or number of calls to a function exceeds a threshold and/or that the calls are received before the interface requesting user consent preferences has been rendered to the user. The system can also require that a function call include a token that an automated tool would not have knowledge of or access to and reject function calls without this token. The system can also use private consent rejection function calls with obfuscated names and/or provide a follow up consent rejections confirmation interface requiring human user input before process a consent rejection.
brevets
