What technology area does this patent fall under?

Primary CPC classification G06F21/6263. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Apr 02 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Data processing systems and methods for automatically protecting sensitive data within privacy management systems

US11947708B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11947708-B2
Application number	US-202218091750-A
Country	US
Kind code	B2
Filing date	Dec 30, 2022
Priority date	Sep 7, 2018
Publication date	Apr 2, 2024
Grant date	Apr 2, 2024

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving, by computing hardware associated with an entity, a data subject access request associated with a data subject; responsive to receiving the data subject access request, determining, by the computing hardware and based on the data subject access request, a data source from which data associated with the data subject is to be acquired, wherein the data source is not operated by the entity; retrieving, by the computing hardware using metadata, a credential used for accessing the data source from data storage associated with the entity, wherein the metadata maps the credential to the data source; acquiring, by the computing hardware using the credential, the data associated with the data subject from the data storage; processing, by the computing hardware, the data subject access request using the data associated with the data subject from the data storage; and subsequent to processing the data subject access request: identifying, by the computing hardware, that the credential is invalid; and responsive to determining that the credential is invalid, deleting, by the computing hardware, the credential from the data storage and the metadata mapping the credential to the data source to prevent the computing hardware from acquiring further data from the data source. 2. The method of claim 1 further comprising, after deleting the credential and the metadata: submitting, by the computing hardware, a notification requesting a second credential to access the data source; receiving, by the computing hardware and based on the notification, the second credential; and responsive to receiving the second credential: generating, by the computing hardware, second metadata mapping the second credential to the data source; and storing the second credential in the data storage so that the computing hardware can use the second credential to acquire the further data from the data source. 3. The method of claim 1 further comprising determining, by the computing hardware and based on a data map, an availability of the credential, wherein the data map defines the availability of the credential for the data source. 4. The method of claim 1 further comprising determining, by the computing hardware, that the credential is valid prior to acquiring the data associated with the data subject from the data storage. 5. The method of claim 1 , wherein determining the data source from which the data associated with the data subject is to be acquired is based on criteria associated with the data subject access request that identifies at least one of a type for the data subject, a type for the data subject access request, or a type for the data. 6. The method of claim 1 , wherein the credential employs at least one of a username and password combination, a public/private key system, or multi-factor authentication in accessing the data source. 7. The method of claim 1 , wherein the data comprises personal data of the data subject. 8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein the system is associated with an entity, and the processing device is configured to execute the instructions and thereby perform operations comprising: receiving a data subject access request associated with a data subject; responsive to receiving the data subject access request, determining, based on the data subject access request, a data source from which data associated with the data subject is to be acquired, wherein the data source is not operated by the entity; retrieving, using metadata, a credential used for accessing the data source from data storage associated with the entity, wherein the metadata maps the credential to the data source; acquiring, using the credential, the data associated with the data subject from the data storage; processing the data subject access request using the data associated with the data subject from the data storage; and subsequent to processing the data subject access request: identifying that the credential is invalid; and responsive to determining that the credential is invalid, preventing further use of the credential to acquire further data from the data source. 9. The system of claim 8 , wherein preventing further use of the credential comprises deleting the credential from the data storage and the metadata mapping the credential to the data source. 10. The system of claim 8 , wherein preventing further use of the credential comprises modifying a validity status of the credential to indicate the credential is invalid. 11. The system of claim 8 , wherein the operations further comprise, after preventing further use of the credential: submitting a notification requesting a second credential to access the data source; receiving, based on the notification, the second credential; and responsive to receiving the second credential: generating second metadata mapping the second credential to the data source; and storing the second credential in the data storage so that the system can use the second credential to acquire the further data from the data source. 12. The system of claim 8 , wherein the operations further comprise determining, based on a data map, an availability of the credential, the data map defining the availability of the credential for the data source. 13. The system of claim 8 , wherein the operations further comprise determining that the credential is valid prior to acquiring the data associated with the data subject from the data storage. 14. The system of claim 8 , wherein determining the data source from which the data associated with the data subject is to be acquired is based on criteria associated with the data subject access request that identifies at least one of a type for the data subject, a type for the data subject access request, or a type for the data. 15. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: determining, based on a processing activity to be performed by an entity, a data source from which data associated with the processing activity is to be acquired, wherein the data source is not operated by the entity; retrieving, using metadata, a credential used for accessing the data source from data storage associated with the entity, wherein the metadata maps the credential to the data source; acquiring, using the credential, the data from the data storage; performing the processing activity using the data from the data storage; and subsequent to performing the processing activity: identifying that the credential is invalid; and responsive to determining that the credential is invalid, preventing further use of the credential to acquire further data from the data source. 16. The non-transitory computer-readable medium of claim 15 , wherein preventing further use of the credential comprises deleting the credential from the data storage and the metadata mapping the credential to the data source. 17. The non-transitory computer-readable medium of claim 15 , wherein preventing further use of the credential comprises modifying a validity status of the credential to indicate the credential is invalid. 18. The non-transitory computer-readable medium of claim 15 , wherein the operations further comprise, after preventing further use of the credential: submitting a notification

Assignees

Onetrust Llc

Inventors

Classifications

G06F21/6263Primary
during internet communication, e.g. revealing personal data from cookies · CPC title
G06F3/0482
Interaction with lists of selectable items, e.g. menus · CPC title
G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title

Patent family

Related publications grouped by family.

View patent family 80004392

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11947708B2 cover?: In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to p…
Who is the assignee on this patent?: Onetrust Llc
What technology area does this patent fall under?: Primary CPC classification G06F21/6263. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Apr 02 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).