PatentsDB

Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques

US11244072B2 · US · B2

Patent metadata
FieldValue
Publication numberUS-11244072-B2
Application numberUS-202117334939-A
CountryUS
Kind codeB2
Filing dateMay 31, 2021
Priority dateJun 10, 2016
Publication dateFeb 8, 2022
Grant dateFeb 8, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

  1. Title

    What the patent document calls the invention.

  2. Abstract

    A short plain-language summary of the technical disclosure.

  3. Assignees and inventors

    Who owns or filed the patent and who is credited as inventor.

  4. Key dates

    Filing, priority, publication, and grant dates set the timeline.

  5. First independent claim

    The legal scope of protection — read this for what is actually claimed.

  6. CPC / IPC classifications

    Technology tags used to group this patent with similar filings.

  7. Citations and related patents

    Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: identifying, by computing hardware, a potential risk trigger involving data for an entity, wherein the potential risk trigger comprises a change in a legal or industry requirement related to the data; determining, by computing hardware, a similar risk trigger, wherein the similar risk trigger is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity, wherein the similarly situated entity comprises an entity having at least one of a same or similar geographic location as the entity, being in a same or similar industry as the entity, being a same or similar size with respect to employees as the entity, or being governed by a same or similar regulation as the entity; determining, by the computing hardware, a relevance of a risk posed by the potential risk trigger based on the similar risk trigger; identifying, by the computing hardware, a data model based on the data, wherein the data model comprises a representation of a plurality of data assets; analyzing, by the computing hardware, a respective plurality of inventory attributes for each of the plurality of data assets to identify a processing activity associated with a data asset of the plurality of data assets affected by the risk posed by the potential risk trigger, wherein analyzing the respective plurality of inventory attributes to identify the processing activity associated with the data asset affected by the risk posed by the potential risk trigger comprises identifying one of the plurality of inventory attributes re presents the processing activity; determining, by the computing hardware, whether to perform an action based on the processing activity and the relevance of the risk posed by the potential risk trigger; and responsive to determining to perform the action, having the action performed to remediate the risk posed by the potential risk trigger by the computing hardware. 2. The method of claim 1 , wherein identifying the data model based on the data comprises identifying the data model based on at least one of the plurality of data assets is used to at least one of process, collect, store, or transfer the data. 3. The method of claim 1 , wherein the potential risk trigger comprises a breach of the data. 4. The method of claim 1 , wherein the action comprises at least one of modifying a level of encryption of the data or modifying a permission for accessing the data. 5. The method of claim 1 , wherein the action comprises at least one of modifying a source of the data or modifying an amount of time for storing the data. 6. The method of claim 1 , wherein determining whether to perform the action based on the processing activity and the relevance of the risk posed by the potential risk trigger involves determining whether the relevance of the risk posed by the potential risk trigger satisfies a threshold risk level. 7. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: identifying a potential risk trigger involving data fora n entity, wherein the potential risk trigger comprises a change in a legal or industry requirement related to the data; determining a similar risk trigger that is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity, wherein the similarly situated entity comprises a second entity having at least one of a same or similar geographic location as the entity, being in a same or similar industry as the entity, being a same or similar size with respect to employees as the entity, or being governed by a same or similar regulation as the entity determining a relevance of a risk posed by the potential risk trigger based on: at least one of an amount of the data affected by the risk posed by the potential risk trigger or a type of the data affected by the risk posed by the potential risk trigger; and the similar risk trigger; identifying a data model based on the data, wherein the data model comprises a representation of a data asset; analyzing a plurality of inventory attributes for the data asset to identify a processing activity associated with the data asset affected by the risk posed by the potential risk trigger, wherein analyzing the plurality of inventory attributes for the data asset to identify the processing activity associated with the data asset affected by the risk posed by the potential risk trigger comprises identifying one of the plurality of inventory attributes re presents the processing activity; determining whether to perform an action based on the processing activity and the relevance of the risk posed by the potential risk trigger; and responsive to determining to perform the action, having the action performed to remediate the risk posed by the potential risk trigger. 8. The system of claim 7 , wherein identifying the data model based on the data comprises identifying the data model based on the data asset is used to at least one of process, collect, store, or transfer the data. 9. The system of claim 7 , wherein determining the relevance of the risk posed by the potential risk trigger involves: determining a similar risk trigger, wherein the similar risk trigger is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity; and determining the at least one of the amount of the data affected by the risk posed by the potential risk trigger or the type of the data affected by the risk posed by the potential risk trigger based on an amount of data affected by a risk posed by the similar risk trigger or a type of the data affected by the risk posed by the similar risk trigger. 10. The system of claim 7 , wherein the potential risk trigger comprises a breach of the data. 11. The system of claim 7 , wherein the action comprises at least one of modifying a level of encryption of the data or modifying a permission for accessing the data. 12. The system of claim 7 , wherein the action comprises at least one of modifying a source of the data or modifying an amount of time for storing the data. 13. The system of claim 7 , wherein determining whether to perform the action based on the processing activity and the relevance of the risk posed by the potential risk trigger involves determining whether the relevance of the risk posed by the potential risk trigger satisfies a threshold risk level. 14. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: identifying a potential risk trigger involving data fora n entity, wherein the potential risk trigger comprises a change in a legal or industry requirement related to the data; determining a similar risk trigger, wherein the similar risk trigger is similar to the potential risk trigger and was previously experienced by at least one of the entity or a similarly situated entity, wherein the similarly situated entity comprises a n entity having at least one of a same or similar geographic location as the entity, being in a same or similar industry as the entity, being a same or similar size with respect to employees as the entity, or being governed by a same or similar regulation as the entity; determining a relevance of a risk posed by the potential

Assignees

Inventors

Classifications

  • G06F21/6245Primary

    Protecting personal data, e.g. for financial or medical purposes · CPC title

  • H04L63/107

    wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title

  • G06F21/606

    by securing the transmission between two devices or processes · CPC title

  • H04L63/1433

    Vulnerability analysis · CPC title

  • G06F21/577

    Assessing vulnerabilities and evaluating computer system security · CPC title

Patent family

Related publications grouped by family.

View patent family 65275261

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11244072B2 cover?
In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, a…
Who is the assignee on this patent?
Onetrust Llc
What technology area does this patent fall under?
Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
When was this patent published?
Publication date Tue Feb 08 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?
We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).