EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Steven Nugent, registration no. 68982 on 7/16/2021.
The application has been amended as follows: 
In Claims
Cancel claim 2
Cancel claim 11
Cancel claim 12
Cancel claim 15
Cancel claim 16
Cancel claim 18
Cancel claim 19

1.	(Currently amended)  A computer-implemented data processing method for generating relative readiness assessment data for an entity, the method comprising:
determining, by one or more computer processors, a business sector associated with a particular entity;

	obtaining, by one or more computer processors, a personal data management questionnaire for the particular entity, the personal data management questionnaire for the particular entity comprising a plurality of personal data management questions;
	determining, by one or more computer processors, a similarly situated entity, wherein the similarly situated entity is associated with the business sector associated with the particular entity and with the jurisdiction associated with the particular entity;
	obtaining, by one or more computer processors, a personal data management questionnaire for the similarly situated entity, the personal data management questionnaire for the similarly situated entity comprising a plurality of personal data management questions;
	generating, by one or more computer processors, an ontology mapping a first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity to a first question of the plurality of personal data management questions of the personal data management questionnaire for the similarly situated entity;
	performing, by one or more computer processors using the ontology, a comparison of the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity to the first question of the plurality of personal data management questions of the personal data management questionnaire for the similarly situated entity by:
determining that the particular entity does not implement a first privacy control based at least in part on the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity; and
determining that the similarly situated entity implements the first privacy control based at least in part on the first question of the plurality of personal data management questions of the personal data management questionnaire for the similarly situated entity;
 	generating, by one or more computer processors, a relative readiness grade based at least in part on the comparison of the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity to the first question of the plurality of personal data management questions of the personal data management questionnaire for the similarly situated entity; and
presenting, by one or more computer processors in a user interface, an indication of the relative readiness grade, the indication of the relative readiness grade comprising an indication that the similarly situated entity implements the first privacy control and the particular entity does not implement the first privacy control.

3.	(Currently amended) The computer-implemented data processing method of claim 1, wherein the first privacy control is selected from a group consisting of:
(a) a location at which collected personal data is stored; 
(b) a length of time for which the collected personal data is stored;

(d) a type of data subject from which personal data is collected; and
(e) a multifactor user authentication requirement.

8.	(Currently amended)  A non-transitory computer-readable medium storing computer-executable instructions for: 
receiving, by one or more computer processors via a user interface, a request to generate a relative readiness assessment for a particular entity;
at least partially in response to receiving the request to generate a relative readiness assessment for the particular entity, determining, by one or more computer processors, a business sector associated with the particular entity and a jurisdiction associated with the particular entity;
	determining, by one or more computer processors, one or more similarly situated entities, wherein each of the one or more similarly situated entities is associated with the business sector associated with the particular entity and with the jurisdiction associated with the particular entity;
	obtaining, by one or more computer processors, a personal data management questionnaire for the particular entity, the personal data management questionnaire for the particular entity comprising a plurality of personal data management questions;
determining, by one or more computer processors, personal data management information for the particular entity based on the personal data management questionnaire for the particular entity, the personal data management information comprising privacy controls implemented by the particular entity;
obtaining, by one or more computer processors, a personal data management questionnaires for each of the one or more similarly situated entities, the personal data management questionnaire for each of the one or more similarly situated entities comprising a plurality of personal data management questions;
	determining, by one or more computer processors, respective personal data management information for each of the one or more similarly situated entities based on the respective personal data management questionnaires for each of the one or more similarly situated entities, the respective personal data management information comprising respective privacy controls implemented by a respective similarly situated entity of the one or more similarly situated entities;
generating, by one or more computer processors, an ontology mapping a first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity to a first question of the plurality of personal data management questions of a personal data management questionnaire for a particular similarly situated entity of the one or more similarly situated entities;
	comparing, by one or more computer processors, the privacy controls implemented by the particular entity to the respective privacy controls implemented by the particular similarly situated entity of the one or more similarly situated entities by:
determining that the particular entity does not implement a first privacy control based at least in part on the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity; and
determining that the particular similarly situated entity implements the first privacy control based at least in part on the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular similarly situated entity;
	determining, by one or more computer processors based at least in part on comparing the privacy controls implemented by the particular entity to the respective privacy controls implemented by the particular similarly situated entity of the one or more similarly situated entities, a relative readiness grade for the particular entity;
 	generating, by one or more computer processors, a relative readiness report comprising the relative readiness grade for the particular entity, the relative readiness grade for the particular entity comprising an indication that the particular similarly situated entity of the one or more similarly situated entities implements the first privacy control and the particular entity does not implement the first privacy control; and
presenting, by one or more computer processors in a user interface, the relative readiness report. 

9.	(Currently amended)  The non-transitory computer-readable medium of claim 8, wherein comparing the privacy controls implemented by the particular entity to the respective privacy controls implemented by the particular similarly situated entity of the one or more similarly situated entities comprises determining, for each privacy control of the respective privacy controls implemented by the particular similarly situated entity of the one or more similarly situated entities 

10.	(Currently amended)  The non-transitory computer-readable medium of claim 9, wherein determining the relative readiness grade for the particular entity comprises determining a percentage of the privacy controls implemented by the particular entity that correspond to one or more respective privacy controls implemented by the particular similarly situated entity of the one or more similarly situated entities.

13.	(Currently amended)  The non-transitory computer-readable medium of claim 8, wherein:
the relative readiness report comprises a subset of the respective personal data management information for the particular similarly situated entity of the one or more similarly situated entities; and
generating the relative readiness report comprises anonymizing the subset of the respective personal data management information for the particular similarly situated entity of the one or more similarly situated entities.

14.	(Currently amended)  A relative readiness assessment data processing system comprising:
	one or more computer processors;
	computer memory; and

receiving, by the one or more computer processors, an indication of a business sector associated with a particular entity;
determining, by the one or more computer processors, an indication of a jurisdiction associated with the particular entity;
generating, by the one or more computer processors based at least in part on the business sector associated with the particular entity and the jurisdiction associated with the particular entity, a personal data management questionnaire for the particular entity, the personal data management questionnaire for the particular entity comprising a plurality of questions related to privacy data controls;
receiving, by the one or more computer processors, a completed personal data management questionnaire for the particular entity, the completed personal data management questionnaire for the particular entity comprising the plurality of questions related to privacy data controls and respective answers to each question of the plurality of questions related to privacy data controls;
obtaining, by the one or more computer processors, an aggregated personal data management questionnaire associated with a plurality of similarly situated entities, the aggregated personal data management questionnaire comprising a plurality of aggregated questions related to privacy data controls and respective answers to each question of the plurality of aggregated questions 
generating an ontology mapping, by the one or more computer processors, a first answer to a first question of the plurality of questions related to privacy data controls to a first answer to a first question of the plurality of aggregated questions related to privacy data controls;
 comparing, by the one or more computer processors, the mapped first answer to the first question of the plurality of questions related to privacy data controls to the  first answer to the first question of the plurality of aggregated questions related to privacy data controls by:
determining that the particular entity does not implement a first privacy control based at least in part on the first answer to the first question of the plurality of questions related to privacy data controls; and
determining that one or more of the plurality of similarly situated entities implements the first privacy control based at least in part on the first answer to the first question of the plurality of aggregated questions related to privacy data controls;
based at least in part on the comparing of the mapped first answer to the first question of the plurality of  first answer to the first question of the plurality of aggregated questions related to privacy data controls, determining, by the one or more computer processors, a relative readiness score for the particular entity; and
presenting, by the one or more computer processors in a user interface, an indication of the relative readiness score, the indication of the relative readiness grade comprising an indication that the one or more of the plurality of similarly situated entities implements the first privacy control and the particular entity does not implement the first privacy control.

17.	(Currently amended)  The relative readiness assessment data processing system of claim 14, wherein the indication that the one or more of the plurality of similarly situated entities implements the first privacy control and the particular entity does not implement the first privacy control does not identify the one or more of the plurality of similarly situated entities.

20.	(Currently amended)  A data processing system for assessing the relative readiness of an entity, the system comprising:
user interface means for receiving a request to generate a relative readiness assessment for a particular entity;
first determination means for, at least partially in response to receiving the request to generate a relative readiness assessment for the particular entity, 
	second determination means for, at least partially in response to receiving the request to generate a relative readiness assessment for the particular entity, determining one or more similarly situated entities, wherein each of the one or more similarly situated entities is associated with the business sector associated with the particular entity and with the jurisdiction associated with the particular entity;	
	first personal data management information determination means for:
obtaining a personal data management questionnaire for the particular entity, the personal data management questionnaire for the particular entity comprising a plurality of personal data management questions; and 
determining personal data management information for the particular entity based on the personal data management questionnaire for the particular entity, the personal data management information comprising privacy controls implemented by the particular entity;
	second personal data management information determination means for: 
obtaining a personal data management questionnaires for each of the one or more similarly situated entities, the personal data management questionnaire for each of the one or more similarly situated entities comprising a plurality of personal data management questions; and
determining respective personal data management information for each of the one or more similarly situated entities based on the respective personal data management questionnaires for each of the one or more similarly situated entities, the respective personal data management information comprising respective privacy controls implemented by a respective similarly situated entity of the one or more similarly situated entities;
	ontology generation means for generating an ontology mapping a first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity to a first question of the plurality of personal data management questions of a personal data management questionnaire for a particular similarly situated entity of the one or more similarly situated entities;
privacy control comparison means for comparing the privacy controls implemented by the particular entity to the respective privacy controls implemented by the particular similarly situated entity of the one or more similarly situated entities by:
determining that the particular entity does not implement a first privacy control based at least in part on the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity; and
determining that the particular similarly situated entity implements the first privacy control based at least in part on the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular similarly situated entity;
the particular similarly situated entity of the one or more similarly situated entities; and
 	relative readiness report generation means for generating a relative readiness report comprising the relative readiness grade for the particular entity, the relative readiness grade for the particular entity comprising an indication that the particular similarly situated entity of the one or more similarly situated entities implements the first privacy control and the particular entity does not implement the first privacy control. 

Allowable Subject Matter

Claims 1, 3-10, 13-14, 17 and 20 (renumbered 1-13) are allowed.
The following is an examiner’s statement of reasons for allowance: 
The cited are taken alone or in combination doesn’t teach the claimed invention of generating an indicia for each of the one or more data assets that indicates the respective particular physical location of the plurality of physical locations for each of the one or more data assets and performing, by one or more computer processors using the ontology, a comparison of the first question of the plurality of personal data management questions of the personal data management questionnaire for the particular entity to the first question of the plurality of personal data management questions of the personal data management questionnaire for the similarly situated .
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Anil Khatri whose telephone number is (571)272-3725.  The examiner can normally be reached on M-F 8:30-5:00.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, W Zhen can be reached on 571-272-3708.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 

/ANIL KHATRI/Primary Examiner, Art Unit 2191