Patents by Inventor Jason L. Sabourin
Jason L. Sabourin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11416634Abstract: A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.Type: GrantFiled: December 13, 2021Date of Patent: August 16, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin, Mihir S. Karanjkar, Kevin Jones, Richard A. Beaumont
-
Patent number: 11416590Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.Type: GrantFiled: October 18, 2021Date of Patent: August 16, 2022Assignee: OneTrust, LLCInventors: Jonathan Blake Brannon, Kabir A. Barday, Jason L. Sabourin, Kevin Jones, Subramanian Viswanathan, Milap Shah
-
Patent number: 11409908Abstract: A centralized data repository system, in various embodiments, is configured to provide a central data-storage repository (e.g., one or more servers, databases, etc.) for the centralized storage of personally identifiable information (PII) and/or personal data for one or more particular data subjects. In particular embodiments, the centralized data repository may enable the system to populate one or more data models (e.g., using one or more suitable techniques described above) substantially on-the-fly (e.g., as the system collects, processes, stores, etc. personal data regarding a particular data subject). In this way, in particular embodiments, the system is configured to maintain a substantially up-to-date data model for a plurality of data subjects (e.g., each particular data subject for whom the system collects, processes, stores, etc. personal data).Type: GrantFiled: April 19, 2021Date of Patent: August 9, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin, Mihir S. Karanjkar, Kevin Jones, Richard A. Beaumont
-
Publication number: 20220237538Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.Type: ApplicationFiled: April 18, 2022Publication date: July 28, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
-
Publication number: 20220229856Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.Type: ApplicationFiled: April 1, 2022Publication date: July 21, 2022Applicant: OneTrust, LLCInventors: Priya Malhotra, Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
-
Patent number: 11366786Abstract: In various embodiments, an organization may be required to comply with one or more legal or industry requirements related to the storage of personal data (e.g., which may, for example, include personally identifiable information) even when responding to and fulfilling Data Subject Access Requests. In particular, when responding to a DSAR, the system may compile one or more pieces of personal data for provision to a data subject. The system may store this compilation of personal data at least temporarily in order to provide access to the data to the data subject. As such, the system may be configured to implement one or more data retention rules in order to ensure compliance with any legal or industry requirements related to the temporary storage of the collected data while still fulfilling any requirements related to providing the data to data subjects that request it, deleting the data upon request, etc.Type: GrantFiled: June 14, 2021Date of Patent: June 21, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin
-
Patent number: 11347889Abstract: A computer-implemented method for populating a privacy-related data model by: (1) providing a data model that comprises one or more respective populated or unpopulated fields; (2) determining that at least a particular one of the fields for a particular data asset is an unpopulated field; (3) at least partially in response to determining that the at least one particular field is unpopulated, automatically generating a privacy questionnaire comprising at least one question that, if properly answered, would result in a response that may be used to populate the at least one particular unpopulated field; (4) transmitting the privacy questionnaire to at least one individual; (5) receiving a response to the questionnaire, the response comprising a respective answer to the at least one question; and (6) in response to receiving the response, populating the at least one particular unpopulated field with information from the received response.Type: GrantFiled: October 1, 2021Date of Patent: May 31, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
-
Publication number: 20220164475Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.Type: ApplicationFiled: February 7, 2022Publication date: May 26, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
-
Publication number: 20220164476Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, determining whether a data subject engagement rating does or does not satisfy a criteria (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the data subject engagement rating does or does not satisfy a criteria, at least substantially automatically populating and/or submitting a data subject access request to an entity computing system via a public data network (e.g., to delete all personal information being processed by the entity).Type: ApplicationFiled: February 7, 2022Publication date: May 26, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
-
Patent number: 11343284Abstract: In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.Type: GrantFiled: May 31, 2021Date of Patent: May 24, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
-
Publication number: 20220159041Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). The system may be configured to identify particular data assets and/or personal data in data repositories using any suitable intelligent identity scanning technique.Type: ApplicationFiled: January 31, 2022Publication date: May 19, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
-
Data processing systems for processing and managing data subject access in a distributed environment
Patent number: 11328092Abstract: In particular embodiments, a data subject request processing system may be configured to utilize one or more local storage nodes in order to process a data subject access request on behalf of a data subject. In particular embodiments, the one or more local storage nodes may be local to the data subject making the request (e.g., in the same country as the data subject, in the same jurisdiction, in the same geographic area, etc.). The system may, for example, be configured to: (1) receive a data subject access request from a data subject (e.g., via a web form); (2) identify a suitable local storage node based at least in part on the request and/or the data subject; (3) route the data subject access request to the identified local storage node; and (4) process the data subject access request at the identified local storage node.Type: GrantFiled: June 15, 2021Date of Patent: May 10, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin -
Publication number: 20220129837Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.Type: ApplicationFiled: January 10, 2022Publication date: April 28, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
-
Patent number: 11308435Abstract: In various embodiments, a system may be configured to substantially automatically determine whether to take one or more actions in response to one or more identified risk triggers (e.g., data breaches, regulation change, etc.). The system may, for example: (1) compare the potential risk trigger to one or more previous risks triggers experienced by the particular entity at a previous time; (2) identify a similar previous risk trigger (e.g., one or more previous risk triggers related to a similar change in regulation, breach of data, type of issue identified, etc.); (3) determine the relevance of the current risk trigger based at least in part on a determined relevance of the previous risk trigger; and (4) determine whether to take one or more actions to the current risk trigger based at least in part on one or more determined actions to take in response to the previous, similar risk trigger.Type: GrantFiled: June 22, 2020Date of Patent: April 19, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
-
Patent number: 11294939Abstract: Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.Type: GrantFiled: October 1, 2021Date of Patent: April 5, 2022Assignee: OneTrust, LLCInventors: Priya Malhotra, Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Jonathan Blake Brannon
-
Publication number: 20220100898Abstract: A consent receipt management system may, for example, be configured to track data on behalf of an entity that collects and/or processes persona data related to: (1) who consented to the processing or collection of personal data; (2) when the consent was given (e.g., a date and time); (3) what information was provided to the consenter at the time of consent (e.g., a privacy policy, what personal data would be collected following the provision of the consent, for what purpose that personal data would be collected, etc.); (4) how consent was received (e.g., one or more copies of a data capture form, webform, etc. via which consent was provided by the consenter); (5) when consent was withdrawn (e.g., a date and time of consent withdrawal if the consenter withdraws consent); and/or (6) any other suitable data related to receipt or withdrawal of consent.Type: ApplicationFiled: December 13, 2021Publication date: March 31, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Jonathan Blake Brannon, Jason L. Sabourin, Mihir S. Karanjkar, Kevin Jones, Richard A. Beaumont
-
Publication number: 20220075896Abstract: Responding to a data subject access request includes receiving the request and identifying the requestor and source. In response to identifying the requestor and source, a computer processor determines whether the data subject access request is subject to fulfillment constraints, including whether the requestor or source is malicious. If so, then the computer processor denies the request or requests a processing fee prior to fulfillment. If not, then the computer processor fulfills the request.Type: ApplicationFiled: November 18, 2021Publication date: March 10, 2022Applicant: OneTrust, LLCInventors: Kabir A. Barday, Jason L. Sabourin, Jonathan Blake Brannon, Mihir S. Karanjkar, Kevin Jones
-
Publication number: 20220043894Abstract: Data processing systems and methods, according to various embodiments, are adapted for automatically assessing the level of security and/or privacy risk associated with doing business with a particular vendor or other entity and for generating training material for such vendors. In various embodiments, the systems may automatically obtain and use any suitable information to assess such risk levels including, for example: (1) any security and/or privacy certifications held by the vendor; (2) the terms of one or more contracts between a particular entity and the vendor; (3) the results of one or more privacy impact assessments for the vendor; and/or (4) any other suitable data. The system may be configured to automatically approve or reject a particular vendor based on the assessed risk level associated with the vendor and this information may be automatically communicated to an entity considering doing business with the vendor and/or the vendor itself.Type: ApplicationFiled: October 25, 2021Publication date: February 10, 2022Applicant: OneTrust, LLCInventors: Jonathan Blake Brannon, Kabir A. Barday, Jason L. Sabourin, Kevin Jones, Subramanian Viswanathan, Milap Shah
-
Patent number: 11244071Abstract: Computer systems and methods for: (1) analyzing electronic correspondence associated with a data subject (e.g., the emails within one or more email in-boxes associated with the data subject); (2) based on the analysis, identifying at least one entity that that the data subject does not actively do business with (e.g., as evidenced by the fact that the data subject no longer opens emails from the entity, and/or has set up a rule to automatically delete emails received from the entity); and (3) in response to identifying the entity as an entity that the data subject no longer does business with, at least substantially automatically populating and/or submitting a data subject access request to the entity (e.g., to delete all personal information being processed by the entity).Type: GrantFiled: October 12, 2020Date of Patent: February 8, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon
-
Patent number: 11244072Abstract: In various embodiments, a Data Model Adaptive Execution System may be configured to take one or more suitable actions to remediate an identified risk in view of one or more regulations (e.g., one or more legal regulations, one or more binding corporate rules, etc.). For example, in order to ensure compliance with one or more standards related to the collection and/or storage of personal data, an entity may be required to modify one or more aspects of a way in which the entity collects, stores, and/or otherwise processes personal data (e.g., in response to a change in a legal or other requirement). In order to identify whether a particular change or other risk trigger requires remediation, the system may be configured to assess a relevance of the risk posed by the risk and identify one or more processing activities or data assets that may be affected by the risk.Type: GrantFiled: May 31, 2021Date of Patent: February 8, 2022Assignee: OneTrust, LLCInventors: Kabir A. Barday, Mihir S. Karanjkar, Steven W. Finch, Ken A. Browne, Nathan W. Heard, Aakash H. Patel, Jason L. Sabourin, Richard L. Daniel, Dylan D. Patton-Kuhl, Kevin Jones, Jonathan Blake Brannon