Collection and reporting of customer survey data
US-8983972-B2 · Mar 17, 2015 · US
Data processing systems for data testing to confirm data deletion and related methods
US11645418B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11645418-B2 |
| Application number | US-202217831700-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 3, 2022 |
| Priority date | Jun 10, 2016 |
| Publication date | May 9, 2023 |
| Grant date | May 9, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: receiving, by computing hardware and via an interface associated with a computer system of an entity, a unique identifier associated with a deletion request for a data subject, wherein the unique identifier lacks any personal data of the data subject; initiating, by the computing hardware and subsequent to at least one of (1) a time after which the deletion request to delete the personal data has been submitted to the entity or (2) an expected data retention time for the personal data, a test interaction associated with the unique identifier and involving submitting a request for a response from the computer system; determining, by the computing hardware, the computer system has initiated the response to the request, wherein the response includes using the unique identifier to determine that the personal data of the data subject is stored by the computer system subsequent to the deletion request; and performing, by the computing hardware, an action with regard to the computer system, wherein the action comprises: scanning the computer system to identify the personal data stored by the computer system; flagging the personal data in the computer system; and providing, to an individual associated with the entity, a notification that the personal data is stored by the computer system subsequent to the deletion request. 2. The method of claim 1 , wherein the unique identifier is provided to the data subject after submitting the deletion request. 3. The method of claim 1 , wherein the test interaction requests the response be sent to the data subject. 4. The method of claim 3 , wherein determining the computer system has initiated the response to the request comprises determining the computer system has initiated the response to the data subject via a personal communication data platform. 5. The method of claim 1 , wherein the interface comprises a webform. 6. The method of claim 1 , wherein the notification comprises the personal data that is stored by the computer system. 7. A system comprising: a first computer system communicatively coupled to a second computer system of an entity, the first computer system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: receiving, via an interface associated with a second computer system of an entity, a unique identifier associated with a request for a data subject, wherein the unique identifier lacks any personal data of the data subject; initiating, subsequent to at least one of (1) a time after which the request to delete the personal data has been submitted to the entity or (2) an expected data retention time for the personal data, a test interaction associated with the unique identifier and involving submitting a test request for a response from the second computer system; determining the second computer system has initiated the response to the test request, wherein the response includes using the unique identifier to determine that the personal data of the data subject is processed by the computer system subsequent to the request; and providing, to an individual associated with the entity, a notification that the personal data is being processed by the second computer system subsequent to the request; and the second computer system, wherein the second computer system is configured for performing an action with regard to the second computer system, wherein the action comprises: scanning a storage device of the second computer system to identify the personal data stored by the second computer system, and flagging the personal data in the second computer system. 8. The system of claim 7 , wherein the unique identifier is provided to the data subject after submitting the request. 9. The system of claim 7 , wherein the request involves at least one of obtaining a confirmation of whether the entity is processing the personal data of the data subject or obtaining information about a purpose for the entity in processing the personal data of the data subject. 10. The system of claim 7 , wherein: the test interaction requests the response be sent to the data subject, and determining the second computer system has initiated the response to the request comprises determining the second computer system has initiated the response to the data subject via a personal communication data platform. 11. The system of claim 7 , wherein the interface comprises a webform. 12. The system of claim 7 , wherein the notification comprises the personal data that is stored by the second computer system. 13. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: receiving a unique identifier associated with a data subject submitted through an interface associated with a computer system of an entity, wherein the unique identifier lacks any personal data of the data subject; initiating, subsequent to at least one of (1) a time after which the deletion request to delete the personal data has been submitted to the entity or (2) an expected data retention time for the personal data, a test interaction associated with the unique identifier and involving submitting a request for a response from the computer system; determining, by the computing hardware, the computer system has initiated the response to the request, wherein the response includes using the unique identifier to determine that the personal data of the data subject is stored by the computer system subsequent to the deletion request, wherein the computer system is configured to scan a storage device of the computer system to identify the personal data stored by the computer system and flag the personal data in the computer system; and providing, to a device associated with the entity, a notification that the personal data is being processed by the computer system subsequent to the request. 14. The non-transitory computer-readable medium of claim 13 , wherein the unique identifier is provided to the data subject after submitting the request. 15. The non-transitory computer-readable medium of claim 13 , wherein the interface comprises a webform. 16. The non-transitory computer-readable medium of claim 13 , wherein the report comprises the personal data that is stored by the computer system. 17. The non-transitory computer-readable medium of claim 13 , wherein the individual is associated with the entity.
Assignees
Inventors
Classifications
User profiles · CPC title
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
- G06F21/552Primary
involving long-term monitoring or reporting · CPC title
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
where protection concerns the structure of data, e.g. records, types, queries · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11645418B2 cover?
- In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. T…
- Who is the assignee on this patent?
- Onetrust Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 09 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).