US 12,136,055 B2
Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
Kabir A. Barday, Atlanta, GA (US); Mihir S. Karanjkar, Marietta, GA (US); Steven W. Finch, Kennesaw, GA (US); Ken A. Browne, Johns Creek, GA (US); Aakash H. Patel, Norcross, GA (US); Jason L. Sabourin, Brookhaven, GA (US); Richard L. Daniel, Atlanta, GA (US); Dylan D. Patton-Kuhl, Atlanta, GA (US); Kevin Jones, Atlanta, GA (US); and Jonathan Blake Brannon, Smyrna, GA (US)
Assigned to OneTrust, LLC, Atlanta, GA (US)
Filed by OneTrust, LLC, Atlanta, GA (US)
Filed on Apr. 18, 2022, as Appl. No. 17/722,643.
Application 17/722,643 is a continuation in part of application No. 16/908,081, filed on Jun. 22, 2020, granted, now 11,308,435.
Application 16/908,081 is a continuation of application No. 16/714,355, filed on Dec. 13, 2019, granted, now 10,692,033, issued on Jun. 23, 2020.
Application 16/714,355 is a continuation of application No. 16/403,358, filed on May 3, 2019, granted, now 10,510,031, issued on Dec. 17, 2019.
Application 16/403,358 is a continuation of application No. 16/159,634, filed on Oct. 13, 2018, granted, now 10,282,692, issued on May 7, 2019.
Application 16/159,634 is a continuation in part of application No. 16/055,083, filed on Aug. 4, 2018, granted, now 10,289,870, issued on May 14, 2019.
Application 16/055,083 is a continuation in part of application No. 15/996,208, filed on Jun. 1, 2018, granted, now 10,181,051, issued on Jan. 15, 2019.
Application 15/996,208 is a continuation in part of application No. 15/853,674, filed on Dec. 22, 2017, granted, now 10,019,597, issued on Jul. 10, 2018.
Application 15/853,674 is a continuation in part of application No. 15/619,455, filed on Jun. 10, 2017, granted, now 9,851,966, issued on Dec. 26, 2017.
Application 15/619,455 is a continuation in part of application No. 15/254,901, filed on Sep. 1, 2016, granted, now 9,729,583, issued on Aug. 8, 2017.
Claims priority of provisional application 62/728,435, filed on Sep. 7, 2018.
Claims priority of provisional application 62/572,096, filed on Oct. 13, 2017.
Claims priority of provisional application 62/547,530, filed on Aug. 18, 2017.
Claims priority of provisional application 62/541,613, filed on Aug. 4, 2017.
Claims priority of provisional application 62/537,839, filed on Jul. 27, 2017.
Claims priority of provisional application 62/360,123, filed on Jul. 8, 2016.
Claims priority of provisional application 62/353,802, filed on Jun. 23, 2016.
Claims priority of provisional application 62/348,695, filed on Jun. 10, 2016.
Prior Publication US 2022/0237538 A1, Jul. 28, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06Q 10/0635 (2023.01); G06F 15/76 (2006.01); G06F 21/55 (2013.01); G06F 21/57 (2013.01); G06F 21/62 (2013.01); G06Q 10/067 (2023.01); G06F 16/95 (2019.01)
CPC G06Q 10/0635 (2013.01) [G06F 15/76 (2013.01); G06F 21/552 (2013.01); G06F 21/577 (2013.01); G06F 21/6245 (2013.01); G06Q 10/067 (2013.01); G06F 16/95 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
identifying, by computing hardware, a potential risk trigger for an entity, wherein the potential risk trigger involves introducing at least one of a new risk or a change in a level of risk that the entity is exposed to in handling a certain type of data;
assessing, by the computing hardware, risk remediation data for a similarly situated entity to the entity, wherein the risk remediation data comprises:
a previous risk trigger experienced by the similarly situated entity that introduced at least one of a new risk or a change in a level of risk that the similarly situated entity was exposed to in handling at least one of the certain type of data or a similar type of data; and
a relevance of a risk posed by the previous risk trigger;
identifying, by the computing hardware and based on assessing the risk remediation data, that the previous risk trigger is similar to the potential risk trigger;
responsive to identifying that the previous risk trigger is similar to the potential risk trigger, identifying, by the computing hardware and based on the relevance of the risk posed by the previous risk trigger, a relevance of the risk posed by the potential risk trigger to the entity;
scanning, by the computing hardware, a data model, wherein the data model comprises an inventory for each of a plurality of data assets, and each respective inventory comprises a plurality of inventory attributes;
identifying, by the computing hardware and based on the plurality of inventory attributes for the respective inventory, the potential risk trigger has an effect on a particular data asset of the plurality of data assets in handling the certain type of data;
determining, by the computing hardware and based on the relevance of the risk posed by the potential risk trigger to the entity, to take an action to remediate the effect the potential risk trigger has on the particular data asset in handling the certain type of data; and
causing, by the computing hardware, the action to be performed to remediate the effect the potential risk trigger has on the particular data asset in handling the certain type of data.