This disclosure describes some aspects of systems, non-transitory computer-readable media, and computer-implemented methods that generate insightful user interfaces that display data processing activity components from the application codes, data categories for the detected components, and/or modifications of data categories and/or data processing activity components. For example, the disclosed system can utilize the application code scan to categorize one or more data types and/or data processing purposes represented by the various detected data processing activity components. Additionally, the disclosed systems can generate dynamic graphical user interfaces with the data processing activity components and data categories to enable quick and insightful access to a wide breadth of information from an application code scan. Moreover, the disclosed systems can also determine (and display) changes of data processing activity components and/or data categories detected between scans of different versions of the application code.
This disclosure describes some aspects of systems, non-transitory computer-readable media, and computer-implemented methods that generate insightful user interfaces that display data processing activity components from the application codes, data categories for the detected components, and/or modifications of data categories and/or data processing activity components. For example, the disclosed system can utilize the application code scan to categorize one or more data types and/or data processing purposes represented by the various detected data processing activity components. Additionally, the disclosed systems can generate dynamic graphical user interfaces with the data processing activity components and data categories to enable quick and insightful access to a wide breadth of information from an application code scan. Moreover, the disclosed systems can also determine (and display) changes of data processing activity components and/or data categories detected between scans of different versions of the application code.
G06F 8/71 - Gestion de versions ; Gestion de configuration
G06F 8/75 - Analyse structurelle pour la compréhension des programmes
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06Q 10/0635 - Analyse des risques liés aux activités d’entreprises ou d’organisations
This disclosure describes some aspects of systems, non-transitory computer-readable media, and computer-implemented methods that generate insightful user interfaces that display data processing activity components from the application codes, data categories for the detected components, and/or modifications of data categories and/or data processing activity components. For example, the disclosed system can utilize the application code scan to categorize one or more data types and/or data processing purposes represented by the various detected data processing activity components. Additionally, the disclosed systems can generate dynamic graphical user interfaces with the data processing activity components and data categories to enable quick and insightful access to a wide breadth of information from an application code scan. Moreover, the disclosed systems can also determine (and display) changes of data processing activity components and/or data categories detected between scans of different versions of the application code.
In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Digital media in the form of downloadable webcasts, podcasts, audio and video files, for use on mobile devices in the fields of responsible artificial intelligence (AI), AI governance, privacy management, consent management, compliance, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, environmental, social, and corporate governance (ESG), and ESG program management. Entertainment services, namely, providing podcasts and webcasts in the fields of responsible artificial intelligence (AI), privacy management, consent management, compliance, AI governance, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, environmental, social, and corporate governance (ESG) and ESG program management.
09 - Appareils et instruments scientifiques et électriques
35 - Publicité; Affaires commerciales
41 - Éducation, divertissements, activités sportives et culturelles
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Digital media in the form of downloadable webcasts, podcasts, audio and video files, for use on mobile devices in the fields of responsible artificial intelligence (AI); AI governance; privacy management; consent management; compliance; ethics; environmental sustainability and responsibility, carbon accounting, reduction and offsetting, environmental, social, and corporate governance (ESG), and ESG program management (1) Entertainment services, namely, providing podcasts and webcasts in the fields of responsible artificial intelligence (AI); privacy management; consent management; compliance; AI governance; ethics; environmental sustainability and responsibility, carbon accounting, reduction and offsetting, environmental, social, and corporate governance (ESG) and ESG program management.
8.
SYSTEMS AND METHODS FOR MITIGATING RISKS OF THIRD-PARTY COMPUTING SYSTEM FUNCTIONALITY INTEGRATION INTO A FIRST-PARTY COMPUTING SYSTEM
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems. The risk management and mitigation computing system can generate a recommended control when integrating the third party computing system functionality.
Methods, systems, and non-transitory computer readable storage media are disclosed for updating the priority of classifiers in a classifier model. Specifically, the disclosed systems execute operations to extract data elements from a digital dataset. The disclosed system generates first classifier labels for a first subset of data elements (e.g., a test dataset) by utilizing a classification model to apply a predetermined order of classifiers to the first subset of data elements. The disclosed systems utilize the first classifier labels to determine a priority order for the classifiers for applying to a second subset of data elements the digital dataset. Using the determined priority order of the classifiers, the disclosed systems can generate second classifier labels for a second subset of data elements by utilizing the classifier model to apply the classifiers according to the priority order.
Methods, systems, and non-transitory computer readable storage media are disclosed for updating the priority of classifiers in a classifier model. Specifically, the disclosed systems execute operations to extract data elements from a digital dataset. The disclosed system generates first classifier labels for a first subset of data elements (e.g., a test dataset) by utilizing a classification model to apply a predetermined order of classifiers to the first subset of data elements. The disclosed systems utilize the first classifier labels to determine a priority order for the classifiers for applying to a second subset of data elements the digital dataset. Using the determined priority order of the classifiers, the disclosed systems can generate second classifier labels for a second subset of data elements by utilizing the classifier model to apply the classifiers according to the priority order.
Various embodiments provide methods, apparatus, systems, computing devices, computing entities, and/or the like for identifying targeted data for a data subject across a plurality of data objects in a data source. In accordance with one embodiment, a method is provided comprising: receiving a request to identify targeted data for a data subject; identifying a first data object using metadata for a data source that identifies the first data object as associated with a first targeted data type for a data portion from the request; identifying a first data field from a graph data structure of the first data object that identifies the first data field as used for storing data having the first targeted data type; and querying the first data object based on the first data field and the data for the first targeted data type to identify a first targeted data portion for the data subject.
Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.
Aspects of the present invention provide methods, systems, and/or the like for (1) receiving a set of delegates; (2) generating a corresponding GUI for each delegate in the set of delegates, wherein the corresponding GUI is configured with a respective display element that provides a request for the corresponding data unit and an input element for receiving the corresponding data unit; (3) generating at least one corresponding delegate record for each delegate of the set of delegates, wherein the at least one corresponding delegate record identifies the corresponding data unit and the corresponding graphical user interface and is stored in a centralized repository; (4) generating a corresponding electronic communication for each delegate of the set of delegates, wherein the corresponding electronic communication comprises a link to access the corresponding GUI; and (5) sending the corresponding electronic communication for each delegate of the set of delegates to the corresponding assignee.
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p.ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comport
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p.ex. des interruptions ou des opérations d'entrée–sortie
14.
IDENTIFYING SIMILAR DOCUMENTS IN A FILE REPOSITORY USING UNIQUE DOCUMENT SIGNATURES
Methods, systems, and non-transitory computer readable storage media are disclosed for determining clusters of similar digital documents using unique document signatures. Specifically, the disclosed system processes digital text in a digital document to tokenize character strings (e.g., words) in the digital document by combining a subset of character values and string lengths in the character strings. Additionally, the disclosed system generates a document signature for the digital document by combining subsets of tokens generated for the digital document into a token sequence indicative of the digital text in the digital document. The disclosed system determines a cluster of similar digital documents including the digital document by comparing the document signature of the digital document to document signatures corresponding to a plurality of digital documents.
Methods, systems, and non-transitory computer readable storage media are disclosed for managing implementation of machine-learning models within computing environments according to system requirements frameworks via common data objects. The disclosed system generates a common data object to represent an implementation of a machine-learning model with a data process. For example, the disclosed system determines attribute values of the common data object according to data objects representing the machine-learning model and related datasets. Furthermore, the disclosed system utilizes the common data object to validate the machine-learning model according to a digital representation of a system requirements framework that includes usage requirements for machine-learning models to store, process, transmit, or otherwise handle specific data types in specific ways for the one or more data processes within a computing environment. The disclosed systems also perform operations to implement, suspend, or otherwise modify the machine-learning model or datasets based on the validation.
Methods, systems, and non-transitory computer readable storage media are disclosed for routing digital content items to priority-based processing queues based on classifications of the digital content items according to one or more system requirements frameworks. Specifically, the disclosed system scans and classifies digital content items at a digital data repository based on data types included in the digital content items. The disclosed system utilizes a classification model with a classification profile to classify the digital content items according to one or more system requirements frameworks and routes the digital content items to priority-based processing queues according to priority levels indicated by the classifications. Furthermore, the disclosed system provides indications of classifications of the portions of the digital content items (e.g., to indicate high priority data). The disclosed system can also perform additional computing operations on the digital content items according to the routing via the priority-based processing queues.
Methods, systems, and non-transitory computer readable storage media are disclosed for managing implementation of machine-learning models within computing environments according to system requirements frameworks via common data objects. The disclosed system generates a common data object to represent an implementation of a machine-learning model with a data process. For example, the disclosed system determines attribute values of the common data object according to data objects representing the machine-learning model and related datasets. Furthermore, the disclosed system utilizes the common data object to validate the machine-learning model according to a digital representation of a system requirements framework that includes usage requirements for machine-learning models to store, process, transmit, or otherwise handle specific data types in specific ways for the one or more data processes within a computing environment. The disclosed systems also perform operations to implement, suspend, or otherwise modify the machine-learning model or datasets based on the validation.
G06N 3/10 - Interfaces, langages de programmation ou boîtes à outils de développement logiciel, p.ex. pour la simulation de réseaux neuronaux
G06F 3/0482 - Interaction avec des listes d’éléments sélectionnables, p.ex. des menus
G06F 3/04847 - Techniques d’interaction pour la commande des valeurs des paramètres, p.ex. interaction avec des règles ou des cadrans
G06N 3/0442 - Réseaux récurrents, p.ex. réseaux de Hopfield caractérisés par la présence de mémoire ou de portes, p.ex. mémoire longue à court terme [LSTM] ou unités récurrentes à porte [GRU]
Methods, systems, and non-transitory computer readable storage media are disclosed for utilizing dynamic request queues to process electronic requests in a shared infrastructure environment. The disclosed system dynamically generates a plurality of separate request queues for tenant computing systems that utilize a shared processing infrastructure to issue electronic requests for processing by various recipient processors (e.g., one or more processing threads) by separating a primary request queue into the separate requests queues based on the tenant computing systems. The disclosed system also generates a plurality of queue order scores for the request queues based in part on a processing recency of each of the request queues and whether the request queues have pending electronic requests. The disclosed system processes electronic requests in the request queues by selecting a request queue based on the queue order scores and processing a batch of electronic requests utilizing a recipient processor.
H04L 47/62 - Ordonnancement des files d’attente caractérisé par des critères d’ordonnancement
H04L 67/1031 - Commande du fonctionnement des serveurs par un répartiteur de charge, p.ex. en ajoutant ou en supprimant de serveurs qui servent des requêtes
H04L 47/52 - Ordonnancement selon la bande passante des files d'attente
H04L 47/60 - Ordonnancement des files d’attente en implémentant un ordonnancement hiérarchique
19.
DATA PROCESSING SYSTEMS AND METHODS FOR AUTOMATICALLY DETECTING TARGET DATA TRANSFERS AND TARGET DATA PROCESSING
Aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for protection of system software, or data from destruction, unauthorized modification, and/or unauthorized disclosure securing by, for example, detecting the transfer and/or processing of target data. Accordingly, a method is provided that involves: scanning a software application to identify functionality configured for processing target data; identifying fields associated with the functionality; identifying metadata associated with a field; generating, from the metadata, an identification of a type of data associated with the field; determining a location based on the processing of the target data by the functionality; determining a risk associated with the functionality processing the target data based on the location and the type of data; determining that the risk satisfies a threshold level of risk; and in response, causing an action to be performed to mitigate the risk.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
09 - Appareils et instruments scientifiques et électriques
41 - Éducation, divertissements, activités sportives et culturelles
Produits et services
Digital media in the form of downloadable webcasts, podcasts, audio and video files, for use on mobile devices in the fields of responsible artificial intelligence (AI); AI governance; privacy management; consent management; compliance; ethics; environmental sustainability and responsibility, carbon accounting, reduction and offsetting, environmental, social, and corporate governance (ESG), and ESG program management Entertainment services, namely, providing podcasts and webcasts in the fields of responsible artificial intelligence (AI); privacy management; consent management; compliance; AI governance; ethics; environmental sustainability and responsibility, carbon accounting, reduction and offsetting, environmental, social, and corporate governance (ESG) and ESG program management
21.
MANAGING IMPLEMENTATION OF DATA CONTROLS FOR COMPUTING SYSTEMS
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for managing implementation of data controls for computing systems. In various aspects, a method is provided that comprises: comparing a first version of a dataset describing a regulatory framework to a second version of the dataset to identify a change to a data control; in response: processing, using a featurization technique, a portion of the dataset to generate a feature representation of the change that comprises feature attributes representing the change; processing, using a first machine-learning model, the feature representation to generate tags representing characteristics of the change; processing, using a second machine-learning model, the tags to generate an applicable domain; identifying, based on the domain, a computing system affected by the change; and in response, coordinating an action to be performed for the computing system to address the change.
A privacy-related consent extension and data processing system may be configured to automatically extend one or more privacy-related consents for a user of a first computing device to a second computing device. In various embodiments, the system is configured to provide a computer-readable indicium (indicia) on a previously unknown computing device upon initiation of a transaction between a user and an entity collecting and processing privacy data. In response to a user using a known computing device to scan the computer-readable indicium, in various embodiments, the system may provide the ability to share user consent data provided by the first known device to the second unknown device, allowing the user to provide consent without manually re-entering privacy and consent preferences.
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations modifying physical emissions sources of an entity based on past and modeled emissions for the entity. Specifically, the disclosed system monitors emissions produced by an entity by determining a number of emissions sources corresponding to an entity and a plurality of emissions values for the emissions sources. Additionally, the disclosed system determines a plurality of constraints corresponding to the entity. The disclosed system also determines goals for the entity including target emissions values. The disclosed system utilizes a modified gradient descent model to iteratively adjust emissions values for the physical emissions sources to obtain the target emissions values according to the constraints. The disclosed system generates action recommendations for modifying the physical emissions sources utilizing the modified gradient descent model and provides the action recommendations for display within a graphical user interface.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
24.
GENERATING FORECASTED EMISSIONS VALUE MODIFICATIONS AND MONITORING FOR PHYSICAL EMISSIONS SOURCES UTILIZING MACHINE-LEARNING MODELS
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for generating action recommendations for modifying physical emissions sources of an entity based on forecasting and monitoring emissions production for the entity utilizing machine-learning models. Specifically, the disclosed system forecasts emissions produced by an entity by utilizing a plurality of different forecasting machine-learning models corresponding to different physical emissions sources to generate forecasted source attributes. Additionally, the disclosed system combines the forecasted source attributes to generate a plurality of forecasted emissions value modifications for a future time period. The disclosed system generates action recommendations for modifying the physical emissions sources based on the forecasted emissions value modifications. In additional embodiments, the disclosed system tracks emissions of the entity during the future time period and generate additional action recommendations in response to detecting deviations from forecasted emissions production.
G06Q 50/06 - Fourniture d'électricité, de gaz ou d'eau
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
G06F 40/40 - Traitement ou traduction du langage naturel
25.
DATA PROCESSING SYSTEMS AND METHODS FOR AUTOMATICALLY REDACTING UNSTRUCTURED DATA FROM A DATA SUBJECT ACCESS REQUEST
System and methods are disclosed for redacting analyzing unstructured data in a request for data associated with a data subject to determine whether the unstructured data is relevant to the request. The relevancy of pieces of the unstructured data may be determined by determining a categorization for each such piece of unstructured data and comparing them to known personal data associated with the data subject having the same categorization. Pieces of the unstructured data that do not match known personal data having the same categorization are redacted from the request before the request is processed.
In general, various aspects provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for performing data discovery on a target computing system. In various aspects, a third party computing connects, via a public data network, to an edge node of the target computing system and instructs the target computing system to execute jobs to discover target data stored in data repositories in a private data network in the target computing system. In some aspects, the third party computing system may schedule the jobs on the target computing system based on computing resource availability on the target computing system.
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 40/284 - Analyse lexicale, p.ex. segmentation en unités ou cooccurrence
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
G06Q 10/063 - Recherche, analyse ou gestion opérationnelles
G06F 18/21 - Conception ou mise en place de systèmes ou de techniques; Extraction de caractéristiques dans l'espace des caractéristiques; Séparation aveugle de sources
27.
FIRST-PARTY COMPUTING SYSTEM SPECIFIC QUERY RESPONSE GENERATION FOR INTEGRATION OF THIRD-PARTY COMPUTING SYSTEM FUNCTIONALITY
A method, in various aspects, comprises: (1) receiving a query from a first party computing system related to integrating third party computing functionality into the first party computing system; (2) identifying a set of third party entities that provide the third party computing functionality; (3) accessing integration data; (4) identifying a set of reference entities, the set of reference entities including, for each respective third party entity, a respective reference entity that has previously integrated the third party computing into a respective reference entity computing system associated with the respective reference entity; (5) determining second integration data with respect to the set of reference entities integrating the third party computing functionality; (6) generating, based on the first integration data and the second integration data, data responsive to the query that is specific to the first party computing system; and (7) taking an action with respect to the data.
G06Q 10/0635 - Analyse des risques liés aux activités d’entreprises ou d’organisations
G06Q 10/067 - Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
28.
MAPPING ENTITIES IN UNSTRUCTURED TEXT DOCUMENTS VIA ENTITY CORRECTION AND ENTITY RESOLUTION
Methods, systems, and non-transitory computer readable storage media are disclosed for correcting entity detection errors with entity correction and resolution in optical character recognition for digitization of physical documents. Specifically, the disclosed system utilizes named entity recognition to extract entities from character strings (e.g., words) in a digital text document. The disclosed system also tokenizes the character strings in the digital text document based on attributes of the character strings. Furthermore, the disclosed system compares the extracted entities and tokenized character strings to determine similarity metrics between the extracted entities and tokenized character strings. The disclosed system also compares extracted entities to character strings including special/numerical characters to determine similarity metrics indicating correlation probabilities between entities and character strings. The disclosed systems generate mappings between the tokens and entities based on the similarity metrics to resolve entities to likely corresponding character strings while correcting for errors during entity extraction.
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for implementing and managing access to particular data based on access controls for implementing purpose restrictions and/or consent restrictions. In various aspects, a method is provided that comprises: receiving a request transmitted by an application executing on a client computing system and requesting access to a dataset, wherein each data record of the dataset comprises data elements; identifying, based on the application, a purpose for the application requesting access to the dataset; referencing, based on the purpose, an applicable purpose-based access-control policy to identify an authorization token; and providing the authorization token, wherein the storage computing system provides the client computing system with a view of the dataset based on the token with the view having a data element returning modified data in a manner compliant with the applicable purpose-based access-control policy.
The present disclosure relates to systems, methods, and non-transitory computer readable media for generating multidimensional risk visualizations depicting severity and frequency and for predicting risk mitigation strategies. For example, the disclosed systems generate multidimensional risk visualizations that present visual representations of risk severity and risk frequency in multidimensional formats, including many risk dimensions at once. In certain cases, the disclosed systems further utilize a particular machine learning model such as a strategy prediction neural network to generate predicted mitigation strategies based on risk data.
Methods, systems, and non-transitory computer readable storage media are disclosed for utilizing machine-learning models to deduplicate electronic survey questions of electronic surveys or questionnaires in real-time. Specifically, the disclosed system maps electronic survey questions to specific domain classifications by utilizing a machine-learning model to classify portions of electronic surveys based on context within the portions of the electronic surveys. Additionally, the disclosed system utilizes the mappings of electronic survey questions to domain classifications to determine whether to deduplicate specific questions that are semantically similar and within the same domain classifications. For instance, the disclosed system utilizes natural language processing to find semantically similar questions across a plurality of electronic surveys and deduplicate the similar questions if their domain classifications are the same.
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.
G06Q 10/0635 - Analyse des risques liés aux activités d’entreprises ou d’organisations
G06Q 10/067 - Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
34.
DATA-PROCESSING CONSENT REFRESH, RE-PROMPT, AND RECAPTURE SYSTEMS AND RELATED METHODS
In various embodiments, a Consent Refresh, Re-Prompt, and Recapture System is configured to interface with a Consent Receipt Management System in order to, for example: (1) monitor previously provided consent by one or more data subjects that may be subject to future expiration; (2) monitor a data subject's activity to anticipate the data subject attempting an activity that may require a level of consent (e.g., for the processing of particular data subject data) that is higher than the system has received; and/or (3) identify other changes in circumstances or triggering events for a data subject that may warrant a refresh or recapture (e.g., or attempted capture) of a particular required consent (e.g., required to enable an entity to properly or legally execute a transaction with a data subject). The system may then be configured to automatically refresh, re-prompt for, and/or recapture consent as necessary.
In various embodiments, an entity may provide a WebView where a transaction between an entity and a data subject may be performed. As described herein, the transaction may involve the collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction. Additionally, the entity may provide a native application where the transactions between the entity and a data subject may be performed. In some embodiments, the system may be configured to share consent data between the WebView and the native application so data subjects experience a seamless transition while using either the WebView or the native application, and the data subjects are not required to go through a consent workflow for each of the WebView and the native application.
Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.
G06F 16/25 - Systèmes d’intégration ou d’interfaçage impliquant les systèmes de gestion de bases de données
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.
Data processing systems and methods, according to various embodiments, are adapted for determining a categorization for each tracking tool that executes on a particular webpage based on a variety of criteria, such as the purpose of the tracking tool and its source script. The system may compare the characteristics of tracking tools on a webpage to a database of known tracking tools to determine the appropriate categorization. When a user visits the webpage, the system analyzes these categories and determines whether the tracking tool should be permitted to run based on the categories and/or other criteria, such as whether the user has consented to the use of that type of tracking tool.
A data processing central consent repository system may be configured to, for example: (1) identify a form used to collect one or more pieces of personal data, (2) determine a data asset of a plurality of data assets of the organization where input data of the form is transmitted, (3) add the data asset to the third-party data repository with an electronic link to the form, (4) in response to a user submitting the form, create a unique subject identifier to submit to the third-party data repository and, along with the form data provided by the user in the form, to the data asset, (5) submit the unique subject identifier and the form data provided by the user to the third-party data repository and the data asset, and (6) digitally store the unique subject identifier and the form data in the third-party data repository and the data asset.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/951 - Indexation; Techniques d’exploration du Web
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.
Methods, systems, and non-transitory computer readable storage media are disclosed for managing computing systems according to detect and correct configuration gaps with specific system requirements frameworks. Specifically, the disclosed system accesses a digital data repository to determine attribute values of data objects representing functions or infrastructure associated with handling target data for an entity. The disclosed system determines a digital representation of a system requirements framework that indicates controls associated with handling specific data types. Based on the attribute values and a gap rules set associated with the system requirements framework, the disclosed system determines configuration gaps to be addressed via control actions for installing controls in connection with various data assets or data processing operations. The disclosed system generates tasks to display via a graphical user interface of a computing device for applying modifications to the data assets and/or data processing operations to address the configuration gaps.
In particular embodiments, a sensitive data management system is configured to remove sensitive data after a period of non-use. Credentials used to access remote systems and/or third-party systems are stored with metadata that is updated with each use of the credentials. After a period of non-use, determined based on credential metadata, the credentials are deleted. Personal data retrieved to process a consumer request is stored with metadata that is updated with each use of the personal data. After a period of non-use, determined based on personal data metadata, the personal data is deleted. The personal data is also deleted if the system determines that the process or system that caused the personal data to be retrieved is no longer in use. An encrypted version of personal data may be stored for later use in verifying proper consumer request fulfillment.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 3/0482 - Interaction avec des listes d’éléments sélectionnables, p.ex. des menus
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
43.
Limiting usage of physical emissions sources by utilizing a modified gradient descent model
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations modifying physical emissions sources of an entity based on past and modeled emissions for the entity. Specifically, the disclosed system monitors emissions produced by an entity by determining a number of emissions sources corresponding to an entity and a plurality of emissions values for the emissions sources. Additionally, the disclosed system determines a plurality of constraints corresponding to the entity. The disclosed system also determines goals for the entity including target emissions values. The disclosed system utilizes a modified gradient descent model to iteratively adjust emissions values for the physical emissions sources to obtain the target emissions values according to the constraints. The disclosed system generates action recommendations for modifying the physical emissions sources utilizing the modified gradient descent model and provides the action recommendations for display within a graphical user interface.
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations modifying physical emissions sources of an entity based on past and modeled emissions for the entity. Specifically, the disclosed system monitors emissions produced by an entity by determining a number of emissions sources corresponding to an entity and a plurality of emissions values for the emissions sources. Additionally, the disclosed system determines a plurality of constraints corresponding to the entity. The disclosed system also determines goals for the entity including target emissions values. The disclosed system utilizes a modified gradient descent model to iteratively adjust emissions values for the physical emissions sources to obtain the target emissions values according to the constraints. The disclosed system generates action recommendations for modifying the physical emissions sources utilizing the modified gradient descent model and provides the action recommendations for display within a graphical user interface.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
45.
GENERATING ACTION RECOMMENDATIONS FOR MODIFYING PHYSICAL EMISSION SOURCES BASED ON MANY SIMULATIONS OF DIFFERENT SCENARIOS UTILIZING A MODIFIED GRADIENT DESCENT MODEL
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for modifying physical emissions sources based on a plurality of simulations of different scenarios utilizing a modified gradient descent model. Specifically, the disclosed system utilizes the modified gradient descent model to generate emissions value modifications for physical emissions sources corresponding to an entity based on a set of constraints and target emissions values. The disclosed system runs a plurality of simulations to generate modified target emissions values, utilizing the modified gradient descent model, by modifying source attributes of the physical emissions sources according to a plurality of probability distributions representing source attributes of the physical emissions sources. The disclosed system then compares the initial target emissions values to the modified target emissions values determined from the simulations to generate action recommendations for modifying the physical emissions sources.
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for generating action recommendations for modifying physical emissions sources of an entity based on forecasting and monitoring emissions production for the entity utilizing machine-learning models. Specifically, the disclosed system forecasts emissions produced by an entity by utilizing a plurality of different forecasting machine-learning models corresponding to different physical emissions sources to generate forecasted source attributes. Additionally, the disclosed system combines the forecasted source attributes to generate a plurality of forecasted emissions value modifications for a future time period. The disclosed system generates action recommendations for modifying the physical emissions sources based on the forecasted emissions value modifications. In additional embodiments, the disclosed system tracks emissions of the entity during the future time period and generate additional action recommendations in response to detecting deviations from forecasted emissions production.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
GENERATING ACTION RECOMMENDATIONS FOR MODIFYING PHYSICAL EMISSION SOURCES BASED ON MANY SIMULATIONS OF DIFFERENT SCENARIOS UTILIZING A MODIFIED GRADIENT DESCENT MODEL
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for modifying physical emissions sources based on a plurality of simulations of different scenarios utilizing a modified gradient descent model. Specifically, the disclosed system utilizes the modified gradient descent model to generate emissions value modifications for physical emissions sources corresponding to an entity based on a set of constraints and target emissions values. The disclosed system runs a plurality of simulations to generate modified target emissions values, utilizing the modified gradient descent model, by modifying source attributes of the physical emissions sources according to a plurality of probability distributions representing source attributes of the physical emissions sources. The disclosed system then compares the initial target emissions values to the modified target emissions values determined from the simulations to generate action recommendations for modifying the physical emissions sources.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
48.
GENERATING FORECASTED EMISSIONS VALUE MODIFICATIONS AND MONITORING FOR PHYSICAL EMISSIONS SOURCES UTILIZING MACHINE-LEARNING MODELS
Methods, systems, and non-transitory computer readable storage media are disclosed for generating action recommendations for generating action recommendations for modifying physical emissions sources of an entity based on forecasting and monitoring emissions production for the entity utilizing machine-learning models. Specifically, the disclosed system forecasts emissions produced by an entity by utilizing a plurality of different forecasting machine-learning models corresponding to different physical emissions sources to generate forecasted source attributes. Additionally, the disclosed system combines the forecasted source attributes to generate a plurality of forecasted emissions value modifications for a future time period. The disclosed system generates action recommendations for modifying the physical emissions sources based on the forecasted emissions value modifications. In additional embodiments, the disclosed system tracks emissions of the entity during the future time period and generate additional action recommendations in response to detecting deviations from forecasted emissions production.
G06Q 10/04 - Prévision ou optimisation spécialement adaptées à des fins administratives ou de gestion, p. ex. programmation linéaire ou "problème d’optimisation des stocks"
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
49.
DATA PROCESSING SYSTEMS FOR VALIDATING AUTHORIZATION FOR PERSONAL DATA COLLECTION, STORAGE, AND PROCESSING
In particular embodiments, a data processing consent management system may be configured to utilize one or more age verification techniques to at least partially authenticate the data subject's ability to provide valid consent (e.g., under one or more prevailing legal requirements) in order to collect, store, and or process the subject's personal data. For example, according to one or more particular legal or industry requirements, an individual (e.g., data subject) may need to be at least a particular age (e.g., an age of majority, an adult, over 18, over 21, over 13, or any other suitable age) in order to provide valid consent. Data processing systems may generate and store one or more consent records memorializing valid consent for data processing from data subjects in response to confirming that the data subject is old enough to provide such consent.
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for auto-blocking of software development kit functionality for mobile software applications based on consent (or lack thereof) provided by users who are interacting with the mobile software applications.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating customized user interfaces. In accordance with various aspects, a method is provided that comprises: providing a content generation interface that includes control elements for selecting interactive content; receiving, via the control elements, a selection of a set of webpages comprising the interactive content; configuring, based on the selection, the interactive content to be displayed via browser tabs by: including a set of object identifiers, wherein each object identifier represents a corresponding webpage that is to be displayed via a browser tab; and transmitting an instruction to a browser application executing on a target device causing the browser application to launch browser tabs to display the interactive content by displaying the corresponding webpage via a browser tab of the browser tabs.
G06F 3/0482 - Interaction avec des listes d’éléments sélectionnables, p.ex. des menus
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
The present disclosure provides methods, apparatus, systems, computing devices, computing entities, and/or the like for providing persistent representations in graph data structures of relationships that exist among data objects found across different data-related processes to enable efficient querying of data from the different data-related processes.
Methods, systems, and non-transitory computer readable storage media are disclosed for determining clusters of similar digital documents using unique document signatures. Specifically, the disclosed system processes digital text in a digital document to tokenize character strings (e.g., words) in the digital document by combining a subset of character values and string lengths in the character strings. Additionally, the disclosed system generates a document signature for the digital document by combining subsets of tokens generated for the digital document into a token sequence indicative of the digital text in the digital document. The disclosed system determines a cluster of similar digital documents including the digital document by comparing the document signature of the digital document to document signatures corresponding to a plurality of digital documents.
Embodiments of the present invention provide methods, systems, and/or the like for versioning a graph representation in a graph data structure. In accordance with one embodiment, a method is provided comprising: conducting a plurality of iterations involving: validating a first data source comprising a new version of data based on a schema from a plurality of schemas in which each schema corresponds to a graph representation found in a graph data structure; and identifying errors in the first source based on the validating of the source; identifying an applicable schema as a schema producing fewer errors than at least one other schema; comparing the first source with a second source comprising a previous version of the data to identify a difference; generating a query for the difference based on the applicable schema; and providing the query for execution to migrate the difference into the graph representation.
In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for addressing a modified risk rating identifying a risk to an entity of having computer-implemented functionality provided by a vendor integrated with a computing system of the entity. In accordance various aspects, a method is provided that comprises: receiving a first assessment dataset for computer-implemented functionality; detecting an inconsistency between a value of an attribute for the computer-implemented functionality specified in the first assessment dataset and a corresponding value of the attribute specified in a second assessment dataset for the computer-implemented functionality; modifying a risk rating that identifies a risk to the entity of having the computer-implemented functionality integrated with the computing system to generate a modified risk rating based on the inconsistency; and in response, performing an action with respect to the computing system to address the modified risk rating.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
57.
COMPUTING PLATFORM FOR FACILITATING DATA EXCHANGE AMONG COMPUTING ENVIRONMENTS
Various aspects of the disclosure provide methods, apparatus, systems, computing devices, computing entities, and/or the like for facilitating the exchange of data among a diverse group of first and third party computing environments. Accordingly, various aspects of the disclosure provide a data exchange computing platform that facilitates data exchange among a diverse group of first and third party computing environments. In some aspects, the data exchange computing platform provides a data exchange service available to various first and third parties who wish to exchange data.
09 - Appareils et instruments scientifiques et électriques
35 - Publicité; Affaires commerciales
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (esg) and esg program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations (1) Software as a service (saas) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (esg) and esg program management; saas services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and esg; saas services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and esg; data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (saas) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations
(2) Advisory services relating to data privacy, data security and mapping, data governance, risk, ethics, privacy impact assessments, creation and documentation of data protection officer roles; environmental sustainability, carbon accounting, and environmental, social, and corporate governance (esg); legal advisory services in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and esg; provision of legal information in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and esg
09 - Appareils et instruments scientifiques et électriques
35 - Publicité; Affaires commerciales
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (esg) and esg program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations (1) Software as a service (saas) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (esg) and esg program management; saas services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and esg; saas services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and esg; data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (saas) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations
(2) Advisory services relating to data privacy, data security and mapping, data governance, risk, ethics, privacy impact assessments, creation and documentation of data protection officer roles; environmental sustainability, carbon accounting, and environmental, social, and corporate governance (esg); legal advisory services in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and esg; provision of legal information in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and esg
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and transparent, ethical and diverse governance (esg) and esg program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations (1) Software as a service (saas) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and transparent, ethical and diverse governance (esg) and esg program management; saas services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and esg; saas services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and esg; data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (saas) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
(1) Advisory services relating to data privacy, data security and mapping, data governance, risk, ethics, privacy impact assessments, creation and documentation of data protection officer roles; environmental sustainability, carbon accounting, and environmental, social, and transparent, ethical and diverse governance (esg); legal advisory services in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and esg; provision of legal information in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and esg
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (esg) and esg program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations. Software as a service (SAAS) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and transparent, ethical and diverse governance (ESG) and ESG program management; SAAS services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and ESG; data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (SAAS) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations.
The present disclosure provides methods, systems, computing devices, computing entities, and/or the like for identifying and/or retrieving targeted data found in unstructured documents. In accordance with various aspects, a method is provided that comprises: receiving, a targeted data request identifying a data subject; processing a first feature representation of each document of a plurality of documents using a classifier machine-learning model to generate a prediction that the document contains the targeted data; generating a dataset that comprises each document having a prediction that satisfy a threshold; processing a second feature representation of each document of the dataset using a clustering machine-learning model to identify a document cluster for the document; and providing the document clusters so that an analysis can be performed on each document cluster to eliminate the document cluster as having targeted data and/or identify the targeted data associated with the data subject found in the document cluster.
G06V 30/414 - Extraction de la structure géométrique, p.ex. arborescence; Découpage en blocs, p.ex. boîtes englobantes pour les éléments graphiques ou textuels
A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
65.
Systems and methods for automatically blocking the use of tracking tools
Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.
A chat robot may be used to facilitate interaction with a user in the determination of whether to initiate and process a data subject access request (DSAR). At a DSAR submission webpage, the chatbot may interact with a user to determine the information the user is in need of and/or the actions that the user may take. The chatbot may provide the information, avoiding the processing overhead of submission and fulfillment of a DSAR. In addition, data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset.
Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.
In particular embodiments, a consent conversion optimization system is configured to test two or more test consent interfaces against one another to determine which of the two or more consent interfaces results in a higher conversion percentage (e.g., to determine which of the two or more interfaces lead to a higher number of end users and/or data subjects providing a requested level of consent for the creation, storage and use or cookies by a particular website). The system may, for example, analyze end user interaction with each particular test consent interface to determine which of the two or more user interfaces: (1) result in a higher incidence of a desired level of provided consent; (2) are easier to use by the end users and/or data subjects (e.g., take less time to complete, require a fewer number of clicks, etc.); (3) etc.
Data processing systems and methods, according to various embodiments, are adapted for performing a process of procuring a vendor and sub-processes associated therewith, such as performing vendor risk assessments and providing training specific to the procurement of that particular vendor. Training requirements for the user procuring the vendor and/or for the vendor itself are determined and any deficiencies in current, valid training requirements are identified. Training to address any identified deficiencies is provided as part of the vendor procurement process. Training may be customized based on trainee and/or organization attributes to improve the effectiveness of such training.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
70.
Data processing systems and methods for preventing execution of an action documenting a consent rejection
Various aspects involve forgoing updates to consent data for at least one consent rejection generated by an automated consent rejection tool. For instance, a consent management system can be communicatively coupled to a user device. The user device can detect invocations of a consent rejection function, such as when browser states of a browser application indicate requests for web pages or other online content. The consent management system can document a consent rejection for one or more of the invocations. The consent management system can also prevent documentation of consent being rejected for at least one invocation initiated by an automated consent rejection tool.
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
advisory services relating to regulatory compliance matters in the fields of data privacy, data security and mapping, data governance, risk, ethics, privacy impact assessments, and the creation and documentation of data protection officer roles; advice and consultancy on environmental regulatory matters regarding environmental sustainability, carbon accounting, and environmental, social, and transparent, ethical and diverse corporate governance (ESG); legal advisory services in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and environmental, social and transparent, ethical and diverse governance (ESG); provision of legal information in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and environmental, social and transparent, ethical and diverse governance (ESG)
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (ESG) and ESG program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations Software as a service (SAAS) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (ESG) and ESG program management; software as a service (SAAS) services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social and governance (ESG); data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (SAAS) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations advisory services relating to regulatory compliance matters in the fields of data privacy, data security and mapping, data governance, risk, ethics, privacy impact assessments, and the creation and documentation of data protection officer roles;advice and consultancy on environmental regulatory matters regarding environmental sustainability, carbon accounting, and environmental, social, and environmental, social and governance corporate governance (ESG); legal advisory services in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and environmental, social and governance (ESG); provision of legal information in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and environmental, social and governance (ESG)
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and transparent, ethical and diverse governance (ESG) and ESG program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations Software as a service (SAAS) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, transparent, ethical and diverse governance (ESG), and ESG program management; software as a service (SAAS) services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social and governance (ESG); data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (SAAS) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations
09 - Appareils et instruments scientifiques et électriques
42 - Services scientifiques, technologiques et industriels, recherche et conception
45 - Services juridiques; services de sécurité; services personnels pour individus
Produits et services
Downloadable software for monitoring, tracking and auditing compliance with, and providing training in laws, regulations, and standards and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (ESG) and ESG program management; downloadable software featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations Software as a service (SAAS) services featuring software to monitor, track and audit compliance with, and provide training in laws, regulations, and standards, and internal policies in the fields of data privacy, data security, data collection, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social, and corporate governance (ESG) and ESG program management; software as a service (SAAS) services featuring software for data collection and to implement controls, assessments, training, incident reporting and disclosures, and policies, and to monitor, report, and communicate practices to others, all in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability and responsibility, carbon accounting, reduction and offsetting, and environmental, social and governance (ESG); data security and privacy consultancy, namely, providing cyber risk and privacy services in the nature of assessing security and privacy controls and procedures in place to identify and control access to data; assessing the processes and procedures in place to evaluate the cyber and privacy capabilities related to systems, people, assets, data, and capabilities; providing cybersecurity advisory services in the nature of system and data security consultancy related to identification, assessment, remediation of controls, processes, policies, and infrastructure; software as a service (SAAS) services featuring software for managing vulnerabilities, threat modeling, assessing, auditing, managing, monitoring, framework mapping, data protection impact assessments, optimizing privacy compliance workflows and mitigating cybersecurity risk and for ensuring compliance with applicable privacy and security risk management standards and regulations Advisory consulting services relating to regulatory compliance matters in the fields of data privacy, data security and mapping, data governance, risk, ethics, privacy impact assessments, and the creation and documentation of data protection officer roles; Advice and consultancy on environmental regulatory matters regarding environmental sustainability, carbon accounting, and environmental, social, and environmental, social and governance corporate governance (ESG); legal advisory services in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and environmental, social and governance ESG; provision of legal information in the fields of data privacy, data security, data governance, risk, ethics, environmental sustainability, carbon accounting, and environmental, social and governance (ESG)
75.
Data processing systems for identifying whether cookies contain personally identifying information
A system for identifying and determining whether a particular cookie may include personal data, in any embodiment described herein, is configured to analyze collected cookies to determine whether the collected cookies may be used to directly or indirectly identify a particular individual. The system may, for example: (1) generate one or more virtual profiles; (2) use the one or more virtual profiles to access a plurality of websites; (3) collect cookie data for the plurality of websites for the one or more virtual profiles; and (4) analyze the cookie data to determine whether a particular website of the plurality of websites utilizes one or more cookies which may potentially include personal data. The system may then generate a report of the analysis, and display the report to an administrator or other individual associated with the particular website.
In various embodiments, a data processing consent capture system may be configured to prompt the data subject to consent to one or more types of data processing (e.g., to provide a desired consent) in response to identifying particular cookies (e.g., or types of data processing) that a data subject has not consented to. The system may, for example, substantially automatically prompt the data subject to consent for one or more particular types of data processing in response to determining that the user (e.g., data subject) has requested that a website or other system perform one or more functions that are not possible without a particular type of consent from the data subject. The system may, for example, prompt the user to consent in time for a certain interaction with the website, application, etc.
A system and method for determining consent user interface validity for a provided consent user interface of a web form presenting consent information, comprising: accessing a consent user interface presented on a web form; determining one or more configuration attributes of the consent user interface; accessing one or more privacy regulations associated with presenting consent information; comparing the one or more configuration attributes of the consent user interface to each of the one or more privacy regulations; determining whether the consent user interface is compliant with each of the one or more privacy regulations; and in response to determining that the consent user interface is not compliant with one or more privacy regulations, flagging the consent user interface.
In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for addressing a modified risk rating identifying a risk to an entity of having computer-implemented functionality provided by a vendor integrated with a computing system of the entity. In accordance various aspects, a method is provided that comprises: receiving a first assessment dataset for computer-implemented functionality; detecting an inconsistency between a value of an attribute for the computer-implemented functionality specified in the first assessment dataset and a corresponding value of the attribute specified in a second assessment dataset for the computer-implemented functionality; modifying a risk rating that identifies a risk to the entity of having the computer-implemented functionality integrated with the computing system to generate a modified risk rating based on the inconsistency; and in response, performing an action with respect to the computing system to address the modified risk rating.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
79.
Data processing systems and communication systems and methods for the efficient generation of risk assessments
Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.
A Data Subject Access Request (DSAR) Prioritization System, according to various embodiments, is adapted for (1) executing the steps of receiving a data subject access request (DSAR); (2) at least partially in response to receiving the DSAR, obtaining metadata associated with at least one of the DSAR or a data subject associated with the DSAR; (3) using the metadata to determine whether a priority of the DSAR should be adjusted based at least in part on the obtained metadata; and (4) in response to determining that the priority of the DSAR should be adjusted based at least in part on the obtained metadata, adjusting the priority of the DSAR.
Computer-readable media, according to various embodiments, store computer-executable instructions for: (1) analyzing computer code for a mobile application to identify a tracking technology being used by the mobile application for collecting personal data of a user of the mobile application; (1) identifying a recommendation for managing a design of the mobile application in light of the tracking technology; (3) identifying a task to implement the recommendation; (4) generating output comprising a report documenting the task; and (5) providing the report for display to an individual on a display screen.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
82.
Systems and methods for identifying data processing activities based on data discovery results
Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
In particular embodiments, a Personal Data Deletion System is configured to: (1) at least partially automatically identify and delete personal data that an entity is required to erase under one or more of the conditions discussed above; and (2) perform one or more data tests after the deletion to confirm that the system has, in fact, deleted any personal data associated with the data subject. The system may, for example, be configured to test to ensure the data has been deleted by: (1) submitting a unique token of data through a form to a system; (2) in response to passage of an expected data retention time, test the system by calling into the system after the passage of the data retention time to search for the unique token.
A method for managing a consent receipt under an electronic transaction, comprising: receiving a request to initiate a transaction between the entity and the data subject; providing a privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; accessing the privacy policy associated with the entity; storing one or more provisions of the privacy policy associated with the entity; providing a user interface for consenting to the privacy policy associated with the entity; receiving a selection to consent to the privacy policy associated with the entity and based at least in part on the request to initiate the transaction between the entity and the data subject; generating, by a third-party consent receipt management system, a consent receipt to the data subject; and storing the generated consent receipt.
In various aspects, a data transfer discovery and analysis system may query an entity computing system to identify access credentials for third-party computing systems and scan each access credential to determine associated permissions provided by each access credential on the entity computing system. The data transfer discovery and analysis system may further inspect access logs to identify actual data transfers between the entity computing system and third-party computing systems as well as other access activity associated with each of the credentials. The system can generate and store a mapping of all actual data transfers (e.g., based on the access log data) and potential data transfers (e.g., based on particular access permissions) between/among the entity computing system and the third-party computing systems. By analyzing access logs to determine actual data transfers executed under each particular access credential, the data transfer discovery and analysis system can identify unused and/or underutilized access permissions.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A privacy-related consent extension and data processing system may be configured to automatically extend one or more privacy-related consents for a user of a first computing device to a second computing device. In various embodiments, the system is configured to provide a computer-readable indicium(indicia) on a previously unknown computing device upon initiation of a transaction between a user and an entity collecting and processing privacy data. In response to a user using a known computing device to scan the computer-readable indicium, in various embodiments, the system may provide the ability to share user consent data provided by the first known device to the second unknown device, allowing the user to provide consent without manually re-entering privacy and consent preferences.
In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
88.
Data transfer discovery and analysis systems and related methods
In various aspects, a data transfer discovery and analysis system may query an entity computing system to identify access credentials for third-party computing systems and scan each access credential to determine associated permissions provided by each access credential on the entity computing system. The data transfer discovery and analysis system may further inspect access logs to identify actual data transfers between the entity computing system and third-party computing systems as well as other access activity associated with each of the credentials. The system can generate and store a mapping of all actual data transfers (e.g., based on the access log data) and potential data transfers (e.g., based on particular access permissions) between/among the entity computing system and the third-party computing systems. By analyzing access logs to determine actual data transfers executed under each particular access credential, the data transfer discovery and analysis system can identify unused and/or underutilized access permissions.
In particular embodiments, computer-implemented data processing, systems, and method configured to: receive a request to initiate a transaction between an entity and a data subject, generate (i) a consent receipt for the transaction comprising at least a unique subject identifier and a unique consent receipt key and (ii) a unique cookie to identify the data subject's transaction initiated by the data subject, store the consent receipt for the transaction and the unique cookie, receive a data subject access request from the data subject, verify an identity of the data subject based at least in part on the unique cookie process the request, process the request by identifying one or more pieces of personal data associated with the data subject, and taking one or more actions based at least in part on the data subject access request.
An application privacy analysis system is described, where the system obtains an application and analyzes it for privacy related data use. The system may determine privacy related activities of the application from established sources of such data and/or may decompile the application and analyze the resulting code to determine the privacy related activities of the application. The system may execute the application and monitor the communications traffic exchanged by the application to determine privacy related activities of the application. The system may store the results of such analyses for future reference.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
G06F 16/904 - Navigation; Visualisation à cet effet
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
91.
MANAGING CUSTOM WORKFLOWS FOR DOMAIN OBJECTS DEFINED WITHIN MICROSERVICES
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating and managing custom workflows for domain objects defined within microservices. In accordance with various aspects, a method is that comprises: receiving an attribute value for a custom workflow to include in a microservice that corresponds to an attribute defined for a workflow component; accessing mapping data for an attribute; identifying, based on the mapping data, a corresponding field of a workflows table mapped to the attribute; storing a record in the workflows table for the custom workflow with the attribute value stored in the corresponding field for the record to persist the custom workflow in the microservice.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying and documenting certain subject matter found in media content, as well as selectively redacting the subject matter found in media content. In accordance with various aspects, a method is provided that comprises: obtaining first metadata for media content, the metadata identifying a context and a portion of content for an individual; identifying, based on the context, a certain subject matter for the media content; determining that a particular item associated with the subject matter is present in the portion of content associated with the individual; generating second metadata to document the particular item present in the portion of content; and using the second metadata to selectively redacting the item from the portion of content associated with the individual upon request to do so with respect to the individual.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating and managing custom workflows for domain objects defined within microservices. In accordance with various aspects, a method is that comprises: receiving an attribute value for a custom workflow to include in a microservice that corresponds to an attribute defined for a workflow component; accessing mapping data for an attribute; identifying, based on the mapping data, a corresponding field of a workflows table mapped to the attribute; storing a record in the workflows table for the custom workflow with the attribute value stored in the corresponding field for the record to persist the custom workflow in the microservice.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems. The risk management and mitigation computing system can generate a recommended control when integrating the third party computing system functionality.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying and documenting certain subject matter found in media content, as well as selectively redacting the subject matter found in media content. In accordance with various aspects, a method is provided that comprises: obtaining first metadata for media content, the metadata identifying a context and a portion of content for an individual; identifying, based on the context, a certain subject matter for the media content; determining that a particular item associated with the subject matter is present in the portion of content associated with the individual; generating second metadata to document the particular item present in the portion of content; and using the second metadata to selectively redacting the item from the portion of content associated with the individual upon request to do so with respect to the individual.
Data processing systems and methods, according to various embodiments, are adapted for mapping various questions regarding a data breach from a master questionnaire to a plurality of territory-specific data breach disclosure questionnaires. The answers to the questions in the master questionnaire are used to populate the territory-specific data breach disclosure questionnaires and determine whether disclosure is required in territory. The system can automatically notify the appropriate regulatory bodies for each territory where it is determined that data breach disclosure is required.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 15/76 - Architectures de calculateurs universels à programmes enregistrés
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
97.
Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems. The risk management and mitigation computing system can generate a recommended control when integrating the third party computing system functionality.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for generating and managing custom attributes and corresponding values for domain objects defined within microservices. In accordance with various aspects, a method is provided that comprises: receiving a custom attribute request for a domain object defined in a microservice that comprises a domain object identifier, a custom attribute to add to the domain object, and a value type for the custom attribute; identifying, based on the domain object identifier and the value type, a custom value table for the domain object that comprises placeholder fields; identifying a placeholder field that is available in the custom value table; and storing a record in the attribute schema table for the domain object and the custom attribute comprising mapping data that maps the custom attribute to the placeholder field for the custom value table.
G06F 9/448 - Paradigmes d’exécution, p.ex. implémentation de paradigmes de programmation
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
99.
DATA PROCESSING SYSTEMS AND METHODS FOR ANONYMIZING DATA SAMPLES IN CLASSIFICATION ANALYSIS
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.
In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
