“Data Processing Systems And Methods For Bundled Privacy Policies” in Patent Application Approval Process (USPTO 20230047653): OneTrust LLC
2023 MAR 06 (NewsRx) -- By a
This patent application is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).
“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in
“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.
“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly.
“Many organizations offer multiple services to customers and other users. Because each such service may use personal data (e.g., collect personal data, store personal data, retain personal data, etc.) in a different way than another such service, different privacy policies may apply to different services offered by an organization. Moreover, the geographical location of users of such services may vary, which may also affect the privacy policies that may apply to each such service. Therefore, there is currently a need for improved systems and methods of determining the applicable set of privacy policies for a particular combination of a user and a service.”
In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In accordance with various aspects, a method is provided that comprises: analyzing, by computing hardware, browser data associated with a browser application displaying a website to determine a user parameter identifying a geographical location of a user device executing the browser application; receiving, by the computing hardware, product or service information provided via a product or service parameter input displayed on the website; determining, by the computing hardware and based on the product or service information, a product or service parameter, wherein the product or service parameter comprises at least one of a particular product or service being provided or offered via the website, an entity offering or providing the particular product or service, a geographical location of the entity offering or providing the particular product or service, a type of the particular product or service, a subgroup of the entity offering or providing the particular product or service, or a geographical location of a computing system configured for at least one of hosting, providing, or facilitating access to the website; identifying, by the computing hardware and based on the website, a plurality of privacy policy rules; analyzing, by the computing hardware, the plurality of privacy policy rules using the user parameter and the product or service parameter to identify an applicable privacy policy rule from the plurality of privacy policy rules; identifying, by the computing hardware and based on the applicable privacy policy rule, an applicable privacy policy; configuring, by the computing hardware, a navigation element displayed on the website to navigate to a display element that presents the applicable privacy policy; receiving, by the computing hardware, an indication of a selection of the navigation element; and responsive to receiving the indication, transmitting, by the computing hardware, an instruction to the browser application causing the browser application to retrieve and present the display element.
“In some aspects, analyzing the plurality of privacy policy rules using the user parameter and the product or service parameter to identify the applicable privacy policy rule from the plurality of privacy policy rules is based on the applicable privacy policy rule having a priority higher than a second privacy policy rule of the plurality of privacy policy rules that is also applicable based on the user parameter and the product or service parameter. In some aspects, analyzing the plurality of privacy policy rules is based on the applicable privacy policy rule having the priority higher than the second privacy policy rule is performed due to a conflict between the applicable privacy policy rule and the second privacy policy rule.
“In some aspects, the method further comprises assigning, by the computing hardware based on the user parameter, a first numeric value to the applicable privacy policy and a second numeric value to the second privacy policy rule, wherein the applicable privacy policy rule has the priority higher than the second privacy policy rule due to the first numeric value being higher than the second numeric value. In some aspects, receiving the product or service information comprises receiving a request sent by computing code included in a web page of the website and executing on the user device. In some aspects, the user parameter further comprises at least one of a language of a user of the user device, a territory of residence of the user, or a citizenship of the user. In some aspects, the user parameter further comprises a language of a user of the user device and the applicable privacy policy is provided in the language.
“In accordance with various aspects, a system comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium is provided. Accordingly, the processing device is configured to execute the instructions and thereby perform operations comprising: receiving a user parameter identifying a geographical location of a user device executing a user interface; determining product or service information based on user activity on the user interface; determining, based on the product or service information, a product or service parameter, wherein the product or service parameter comprises at least one of a particular product or service being provided or offered via the user interface, an entity offering or providing the particular product or service, a geographical location of the entity offering or providing the particular product or service, a type of the particular product or service, a subgroup of the entity offering or providing the particular product or service, or a geographical location of a computing system configured for at least one of hosting, providing, or facilitating access to the user interface; identifying a plurality of privacy policy rules; analyzing the plurality of privacy policy rules using the user parameter and the product or service parameter to identify an applicable privacy policy rule from the plurality of privacy policy rules; identifying, based on the applicable privacy policy rule, an applicable privacy policy; configuring a navigation element displayed on the user interface to navigate to a display element that presents the applicable privacy policy; receiving an indication of a selection of the navigation element; and responsive to receiving the indication, causing the user interface to present the display element.
“In some aspects, the user interface comprises at least one of a web page associated with a website or a display interface provided in a software application. In some aspects, identifying the plurality of privacy policy rules is based on at least one of the user parameter, the product or service parameter, the user interface, or the entity. In some aspects, the user parameter further comprises a language of a user of the user device and the applicable privacy policy is provided in the language.
“In some aspects, analyzing the plurality of privacy policy rules using the user parameter and the product or service parameter to identify the applicable privacy policy rule from the plurality of privacy policy rules is based on the applicable privacy policy rule having a priority higher than a second privacy policy rule of the plurality of privacy policy rules that is also applicable based on the user parameter and the product or service parameter. In some aspects, analyzing the plurality of privacy policy rules is based on the applicable privacy policy rule having the priority higher than the second privacy policy rule is performed due to a conflict between the applicable privacy policy rule and the second privacy policy rule. In some aspects, the operations further comprise assigning, based on the user parameter, a first numeric value to the applicable privacy policy and a second numeric value to the second privacy policy rule, wherein the applicable privacy policy rule has the priority higher than the second privacy policy rule due to the first numeric value being higher than the second numeric value.
“In accordance with various aspects, a non-transitory computer-readable medium storing computer-executable instructions is provided. Accordingly, the computer-executable instructions, when executed by one or more processing devices, configure the one or more processing devices to perform operations that comprise: receiving a user parameter identifying a geographical location of a user device executing a user interface; determining product or service information based on user activity on the user interface; determining, based on the product or service information, a product or service parameter, wherein the product or service parameter comprises at least one of a particular product or service being provided or offered via the user interface, an entity offering or providing the particular product or service, a geographical location of the entity offering or providing the particular product or service, a type of the particular product or service, a subgroup of the entity offering or providing the particular product or service, or a geographical location of a computing system configured for at least one of hosting, providing, or facilitating access to the user interface; identifying a plurality of policy rules; analyzing the plurality of policy rules using the user parameter and the product or service parameter to identify an applicable policy rule from the plurality of policy rules; identifying, based on the applicable policy rule, an applicable policy; configuring a navigation element displayed on the user interface to navigate to a display element that presents the applicable policy; receiving an indication of a selection of the navigation element; and responsive to receiving the indication, causing the user interface to present the display element.
“In some aspects, the user interface comprises at least one of a web page associated with a website or a display interface provided in a software application. In some aspects, identifying the plurality of policy rules is based on at least one of the user parameter, the product or service parameter, the user interface, or the entity. In some aspects, the operations further comprise assigning, based on the user parameter, a first numeric value to the applicable policy and a second numeric value to the second policy rule, wherein the applicable policy rule has the priority higher than the second policy rule due to the first numeric value being higher than the second numeric value.”
There is additional summary information. Please visit full patent to read further.”
The claims supplied by the inventors are:
“1. A method comprising: analyzing, by computing hardware, browser data associated with a browser application displaying a website to determine a user parameter identifying a geographical location of a user device executing the browser application; receiving, by the computing hardware, product or service information provided via a product or service parameter input displayed on the website; determining, by the computing hardware and based on the product or service information, a product or service parameter, wherein the product or service parameter comprises at least one of a particular product or service being provided or offered via the website, an entity offering or providing the particular product or service, a geographical location of the entity offering or providing the particular product or service, a type of the particular product or service, a subgroup of the entity offering or providing the particular product or service, or a geographical location of a computing system configured for at least one of hosting, providing, or facilitating access to the website; identifying, by the computing hardware and based on the website, a plurality of privacy policy rules; analyzing, by the computing hardware, the plurality of privacy policy rules using the user parameter and the product or service parameter to identify an applicable privacy policy rule from the plurality of privacy policy rules; identifying, by the computing hardware and based on the applicable privacy policy rule, an applicable privacy policy; configuring, by the computing hardware, a navigation element displayed on the website to navigate to a display element that presents the applicable privacy policy; receiving, by the computing hardware, an indication of a selection of the navigation element; and responsive to receiving the indication, transmitting, by the computing hardware, an instruction to the browser application causing the browser application to retrieve and present the display element.
“2. The method of claim 1, wherein analyzing the plurality of privacy policy rules using the user parameter and the product or service parameter to identify the applicable privacy policy rule from the plurality of privacy policy rules is based on the applicable privacy policy rule having a priority higher than a second privacy policy rule of the plurality of privacy policy rules that is also applicable based on the user parameter and the product or service parameter.
“3. The method of claim 2 further comprising assigning, by the computing hardware based on the user parameter, a first numeric value to the applicable privacy policy and a second numeric value to the second privacy policy rule, wherein the applicable privacy policy rule has the priority higher than the second privacy policy rule due to the first numeric value being higher than the second numeric value.
“4. The method of claim 2, wherein analyzing the plurality of privacy policy rules is based on the applicable privacy policy rule having the priority higher than the second privacy policy rule is performed due to a conflict between the applicable privacy policy rule and the second privacy policy rule.
“5. The method of claim 1, wherein receiving the product or service information comprises receiving a request sent by computing code included in a web page of the website and executing on the user device.
“6. The method of claim 1, wherein the user parameter further comprises at least one of a language of a user of the user device, a territory of residence of the user, or a citizenship of the user.
“7. The method of claim 1, wherein the user parameter further comprises a language of a user of the user device and the applicable privacy policy is provided in the language.
“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: receiving a user parameter identifying a geographical location of a user device executing a user interface; determining product or service information based on user activity on the user interface; determining, based on the product or service information, a product or service parameter, wherein the product or service parameter comprises at least one of a particular product or service being provided or offered via the user interface, an entity offering or providing the particular product or service, a geographical location of the entity offering or providing the particular product or service, a type of the particular product or service, a subgroup of the entity offering or providing the particular product or service, or a geographical location of a computing system configured for at least one of hosting, providing, or facilitating access to the user interface; identifying a plurality of privacy policy rules; analyzing the plurality of privacy policy rules using the user parameter and the product or service parameter to identify an applicable privacy policy rule from the plurality of privacy policy rules; identifying, based on the applicable privacy policy rule, an applicable privacy policy; configuring a navigation element displayed on the user interface to navigate to a display element that presents the applicable privacy policy; receiving an indication of a selection of the navigation element; and responsive to receiving the indication, causing the user interface to present the display element.
“9. The system of claim 8, wherein the user interface comprises at least one of a web page associated with a website or a display interface provided in a software application.
“10. The system of claim 8, wherein identifying the plurality of privacy policy rules is based on at least one of the user parameter, the product or service parameter, the user interface, or the entity.
“11. The system of claim 8, wherein analyzing the plurality of privacy policy rules using the user parameter and the product or service parameter to identify the applicable privacy policy rule from the plurality of privacy policy rules is based on the applicable privacy policy rule having a priority higher than a second privacy policy rule of the plurality of privacy policy rules that is also applicable based on the user parameter and the product or service parameter.
“12. The system of claim 11, wherein the operations further comprise assigning, based on the user parameter, a first numeric value to the applicable privacy policy and a second numeric value to the second privacy policy rule, wherein the applicable privacy policy rule has the priority higher than the second privacy policy rule due to the first numeric value being higher than the second numeric value.
“13. The system of claim 11, wherein analyzing the plurality of privacy policy rules is based on the applicable privacy policy rule having the priority higher than the second privacy policy rule is performed due to a conflict between the applicable privacy policy rule and the second privacy policy rule.
“14. The system of claim 8, wherein the user parameter further comprises a language of a user of the user device and the applicable privacy policy is provided in the language.
“15. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by one or more processing devices, configure the one or more processing devices to perform operations comprising: receiving a user parameter identifying a geographical location of a user device executing a user interface; determining product or service information based on user activity on the user interface; determining, based on the product or service information, a product or service parameter, wherein the product or service parameter comprises at least one of a particular product or service being provided or offered via the user interface, an entity offering or providing the particular product or service, a geographical location of the entity offering or providing the particular product or service, a type of the particular product or service, a subgroup of the entity offering or providing the particular product or service, or a geographical location of a computing system configured for at least one of hosting, providing, or facilitating access to the user interface; identifying a plurality of policy rules; analyzing the plurality of policy rules using the user parameter and the product or service parameter to identify an applicable policy rule from the plurality of policy rules; identifying, based on the applicable policy rule, an applicable policy; configuring a navigation element displayed on the user interface to navigate to a display element that presents the applicable policy; receiving an indication of a selection of the navigation element; and responsive to receiving the indication, causing the user interface to present the display element.
“16. The non-transitory computer-readable medium of claim 15, wherein the user interface comprises at least one of a web page associated with a website or a display interface provided in a software application.
“17. The non-transitory computer-readable medium of claim 15, wherein identifying the plurality of policy rules is based on at least one of the user parameter, the product or service parameter, the user interface, or the entity.
“18. The non-transitory computer-readable medium of claim 15, wherein analyzing the plurality of policy rules using the user parameter and the product or service parameter to identify the applicable policy rule from the plurality of policy rules is based on the applicable policy rule having a priority higher than a second policy rule of the plurality of policy rules that is also applicable based on the user parameter and the product or service parameter.”
There are additional claims. Please visit full patent to read further.
URL and more information on this patent application, see: Beaumont, Richard A.; Brannon,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Integrated digital-analog archiving systems and methods for document preservation (USPTO 11580062): Open Text SA ULC
Patent Issued for Systems and methods for encrypting data and algorithms (USPTO 11582203): TripleBlind Inc.
Advisor News
- Study finds more households move investable assets across firms
- Could workplace benefits help solve America’s long-term care gap?
- The best way to use a tax refund? Create a holistic plan
- CFP Board appoints K. Dane Snowden as CEO
- TIAA unveils ‘policy roadmap’ to boost retirement readiness
More Advisor NewsAnnuity News
- $80k surrender charge at stake as Navy vet, Ameritas do battle in court
- Sammons Institutional Group® Launches Summit LadderedSM
- Protective Expands Life & Annuity Distribution with Alfa Insurance
- Annuities: A key tool in battling inflation
- Pinnacle Financial Services Launches New Agent Website, Elevating the Digital Experience for Independent Agents Nationwide
More Annuity NewsHealth/Employee Benefits News
- SSI in Florida: High Demand, Frequent Denials, and How Legal Help Makes a Difference
- SilverSummit continues investment in rural healthcare
- Could workplace benefits help solve America’s long-term care gap?
- Long-Term Care Insurance: What you need to know
- DEMOCRATS: Iowa’s farm income projected to plummet in 2026, ag-related layoffs expected to continue. Who is here to help?
More Health/Employee Benefits NewsLife Insurance News