Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems.

Abstract: Various Data Subject Access Request (DSAR) processing systems are adapted for presenting a first webform on a first web site, the first webform being adapted to receive DSAR's and to route the requests to a first designated individual for processing; presenting a second webform on a second web site, the second webform being adapted to receive DSAR's and to route the requests to a second designated individual for processing; receiving, via the first webform, a first DSAR; at least partially in response to the receiving the first DSAR, automatically routing the first DSAR to the first designated individual for handling; receiving, via the second webform, a second DSAR; at least partially in response to the receiving the second DSAR, automatically routing the second DSAR to the second designated individual for handling; and communicating a status of both the first DSAR and the second DSAR via a single user interface.

Abstract: Aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for protection of system software, or data from destruction, unauthorized modification, and/or unauthorized disclosure securing by, for example, detecting the transfer and/or processing of target data. Accordingly, a method is provided that involves: scanning a software application to identify functionality configured for processing target data; identifying fields associated with the functionality; identifying metadata associated with a field; generating, from the metadata, an identification of a type of data associated with the field; determining a location based on the processing of the target data by the functionality; determining a risk associated with the functionality processing the target data based on the location and the type of data; determining that the risk satisfies a threshold level of risk; and in response, causing an action to be performed to mitigate the risk.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for managing computing systems according to detect and correct configuration gaps with specific system requirements frameworks. Specifically, the disclosed system accesses a digital data repository to determine attribute values of data objects representing functions or infrastructure associated with handling target data for an entity. The disclosed system determines a digital representation of a system requirements framework that indicates controls associated with handling specific data types. Based on the attribute values and a gap rules set associated with the system requirements framework, the disclosed system determines configuration gaps to be addressed via control actions for installing controls in connection with various data assets or data processes.

Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for managing computing systems to classify and modify digital content items to satisfy digital data requirements of data policies. For example, the content classification system validates, enforces, and remediates digital data content corresponding to digital data requirements of a data policy based on data types covered by the data policy. The disclosed systems generate classifications for digital content items by accessing digital content items and generating mappings between the digital content items and a data policy. The disclosed systems utilize the mappings and digital data requirements of the data policy to determine whether the digital content items violate one or more elements of the data policy. The disclosed systems can perform various downstream operations to remediate the data policy violations, such as by causing various computing devices to modify the violating digital content items.

Abstract: This disclosure describes one or more implementations of systems, non-transitory computer-readable media, and methods that utilize a repository of metadata-based recommendations to classify data sources using metadata from the data sources. For example, the disclosed systems can generate a repository of metadata-based recommendations that indicate recommended classifications for objects within data sources through metadata associated with a data source schema. In some instances, the disclosed systems identify metadata from a data source schema associated with the data source. Subsequently, the disclosed systems can match the identified metadata to a metadata-based recommendation via metadata mappings in the metadata-based recommendation repository to select a metadata-based recommendation.

Abstract: Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining an applicable privacy policy based on various criteria associated with a user and the associated product or service. User and product criteria may be obtained automatically and/or based on user input and analyzed by a privacy policy rules engine to determine the applicable policy. Text from the applicable policy can then be presented to the user. A default policy can be used when no particular applicable policy can be identified using by the rules engine. Policies may be ranked or prioritized so that a policy can be selected in the event the rules engine identifies two, conflicting policies based on the criteria.

Abstract: In various embodiments, a data map generation system is configured to receive a request to generate a privacy-related data map for particular computer code, and, at least partially in response to the request, determine a location of the particular computer code, automatically obtain the particular computer code based on the determined location, and analyze the particular computer code to determine privacy-related attributes of the particular computer code, where the privacy-related attributes indicate types of personal information that the particular computer code collects or accesses. The system may be further configured to generate and display a data map of the privacy-related attributes to a user.

Abstract: Various embodiments provide methods, apparatus, systems, computing devices, computing entities, and/or the like for identifying targeted data for a data subject across a plurality of data objects in a data source. In accordance with one embodiment, a method is provided comprising: receiving a request to identify targeted data for a data subject; identifying a first data object using metadata for a data source that identifies the first data object as associated with a first targeted data type for a data portion from the request; identifying a first data field from a graph data structure of the first data object that identifies the first data field as used for storing data having the first targeted data type; and querying the first data object based on the first data field and the data for the first targeted data type to identify a first targeted data portion for the data subject.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for optimizing computer memory usage for lookup lists in computer memory via probabilistic data structures. For example, the disclosed system generates a probabilistic data structure (e.g., a Bloom filter) to represent data in a lookup list including multi-token items by hashing items of the lookup list to sets of bit values in a bit vector. The disclosed system classifies text content in a digital document by utilizing a maximum number of tokens from multi-token items in the lookup list to select and compare sets of sequential tokens in the digital document to the probabilistic data structure. The disclosed system also iteratively reduces the number of tokens in sets of sequential tokens for subsequent comparisons. Furthermore, in some aspects, the disclosed system causes a computing device to modify a digital document and/or database operations based on the classifications.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for correcting entity detection errors with entity correction and resolution in optical character recognition for digitization of physical documents. Specifically, the disclosed system utilizes named entity recognition to extract entities from character strings (e.g., words) in a digital text document. The disclosed system also tokenizes the character strings in the digital text document based on attributes of the character strings. Furthermore, the disclosed system compares the extracted entities and tokenized character strings to determine similarity metrics between the extracted entities and tokenized character strings. The disclosed system also compares extracted entities to character strings including special/numerical characters to determine similarity metrics indicating correlation probabilities between entities and character strings.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for detecting missing data in a digital data repository according to a set of digital data requirements and extracted data attributes for correcting database operations. The disclosed system utilizes a classifier model to classify digital content items via an integration with the digital data repository. The disclosed system generates mappings indicating that the digital content items correspond to digital data requirements of a data policy based on the classifications. The disclosed system utilizes the mappings to determine that one or more types of data are missing from the digital data repository as indicated by the digital data requirements. The disclosed system generate an indication of the data missing from the digital data repository for use in performing additional operations, such as modifying a database operation having access to the digital content items to prevent further errors.

Abstract: In particular embodiments, a consent notice configuration determination system may be configured to: (1) scan a particular website from a plurality of different locations; (2) identify one or more types of technologies available on the particular website for individuals accessing the particular website from each of the plurality of different locations; (3) determine, for each of the plurality of different locations, based on a global set of databases, legal/regulatory guidance, etc. and the one or more types of technologies, particular legal and industry requirements for each of the plurality of different locations; and (4) automatically configure, for each of the plurality of different locations, a consent interface for the particular website for each of the plurality of different locations based at least in part on the one or more types of technologies and the global set of databases.

Abstract: Computer implemented methods, according to various embodiments, comprise: (1) integrating a privacy management system with DLP tools; (2) using the DLP tools to identify sensitive information that is stored in computer memory outside of the context of the privacy management system; and (3) in response to the sensitive data being discovered by the DLP tool, displaying each area of sensitive data to a privacy officer (e.g., similar to pending transactions in a checking account that have not been reconciled). A designated privacy officer may then select a particular entry and either match it up (e.g., reconcile it) with an existing data flow or campaign in the privacy management system, or trigger a new privacy assessment to be done on the data to capture the related privacy attributes and data flow information.

Abstract: Data processing systems and methods, according to various embodiments, are adapted for determining a categorization for each tracking tool that executes on a particular webpage based on a variety of criteria, such as the purpose of the tracking tool and its source script. The system may compare the characteristics of tracking tools on a webpage to a database of known tracking tools to determine the appropriate categorization. When a user visits the webpage, the system analyzes these categories and determines whether the tracking tool should be permitted to run based on the categories and/or other criteria, such as whether the user has consented to the use of that type of tracking tool.

Abstract: Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying data processing activities associated with various data assets based on data discovery results. In accordance various aspects, a method is provided comprising: identifying and scanning data assets to detect a subset of the data assets, wherein each asset of the subset is associated with a particular data element used for target data; generating a prediction for each pair of data assets of the subset on the target data flowing between the pair; identifying a data flow for the target data based on the prediction generated for each pair; and identifying a data processing activity associated with handling the target data based on a correlation identified for the particular data element, the subset, and/or the data flow with a known data element, subset, and/or data flow for the data processing activity.

Abstract: Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for detecting prejudice bias in machine-learning models and/or data sets used in training, testing, and/or validating the models. In accordance various aspects, a method is provided comprising: receiving a data set used for training, testing, and/or validating a model that comprises data instances; generating, using a classification model, a prediction of applicability for each sub-category of a plurality of sub-categories for each bias category of a plurality of bias categories for each data instance; determining that a particular sub-category for a particular bias category is applicable to a proportion of the data set, wherein predictions of applicability for the particular sub-category generated for the proportion of the data set satisfies a threshold; and determining, based on the proportion, that the data set has a prejudice bias with respect to the particular bias category.