“Data Processing Systems And Methods For Efficiently Assessing The Risk Of Campaigns” in Patent Application Approval Process (USPTO 20220318402): OneTrust LLC

2022 OCT 25 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US), filed on June 13, 2022, was made available online on October 6, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to OneTrust LLC (Atlanta, Georgia, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“Many organizations have also begun to track the compliance of their vendors with privacy laws, regulations, and/or standards. This can be expensive and time consuming using traditional methods. Accordingly, there is a need for improved systems and methods for efficiently tracking the compliance of vendors with privacy laws, regulations, and/or standards, and for assessing the risk associated with doing business with a particular vendor.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like. In accordance with various aspects, a method is provided. Accordingly, the method comprises: (1) receiving, by computing hardware, a completed assessment template regarding a standard from a vendor, the completed assessment template comprising a plurality of question/answer pairings comprising an identification of attributes of the vendor associated with meeting with the standard; (2) identifying, by the computing hardware, a weighting factor for each of the plurality of question/answer pairings; (3) determining, by the computing hardware, a relative risk rating for each of the plurality of question/answer pairings; (4) generating, by the computing hardware, a risk rating for the vendor meeting the standard based on the relative risk rating and the weighting factor for each of the plurality of question/answer pairings; and (5) facilitating, by the computing hardware, an electronic transfer of the risk rating and the completed assessment template to a plurality of computer systems, wherein each computer system of the plurality of computer systems is associated with a respective entity of a plurality of entities and each respective entity uses the risk rating and the completed assessment template in conducting a respective computerized assessment of a respective campaign that is associated with the respective entity meeting the standard.

“In some aspects, generating the risk rating for the vendor is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities. In various aspects, the electronic transfer of the completed assessment template to the plurality of computer systems is carried out through on online portal integrated with an instance of each computer system of the plurality of computer systems.

“In some aspects, the method includes: (1) generating, by the computing hardware and based on the risk rating, a graphical user interface by configuring a navigation element on the graphical user interface, wherein the navigation element is configured for initiating a responsive action based on the risk rating; (2) transmitting, by the computing hardware, an instruction to a user device to present the graphical user interface on the user device; (3) receiving, by the computing hardware, an indication of a selection of the navigation element; and (4) responsive to receiving the indication, initiating, by the computing hardware, the responsive action. In some aspects, the responsive action comprises: (1) generating, by the computing hardware, a second graphical user interface comprising an indication of the risk rating; and (3) transmitting, by the computing hardware, a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“In some aspects, the method comprises: (1) analyzing, by computing hardware, publicly available data associated with the vendor; and (2) generating, by the computing hardware, an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating. In any aspect described herein, analyzing the publicly available data may comprise determining at least one of employee titles, employee roles, or available job posts with the vendor based on analyzing at least one of a social networking website or a business related job website. In other aspects, analyzing the publicly available data comprises determining the vendor has a plurality of contracts with a plurality of government entities.

“In accordance with various aspects, a system is provided comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium. The processing device is configured to execute the instructions and thereby perform operations similar to the steps recited above for the method.

“In addition, in accordance with various aspects, a non-transitory computer-readable medium having program code that is stored thereon. The program code executable by one or more processing devices performs operations similar to the steps recited above for the method.

“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”

The claims supplied by the inventors are:

“1. A method comprising: receiving, by computing hardware, a completed assessment template regarding a standard from a vendor, the completed assessment template comprising a plurality of question/answer pairings comprising an identification of attributes of the vendor associated with meeting with the standard; identifying, by the computing hardware, a weighting factor for each of the plurality of question/answer pairings; determining, by the computing hardware, a relative risk rating for each of the plurality of question/answer pairings; generating, by the computing hardware, a risk rating for the vendor meeting the standard based on the relative risk rating and the weighting factor for each of the plurality of question/answer pairings; and facilitating, by the computing hardware, an electronic transfer of the risk rating and the completed assessment template to a plurality of computer systems, wherein each computer system of the plurality of computer systems is associated with a respective entity of a plurality of entities and each respective entity uses the risk rating and the completed assessment template in conducting a respective computerized assessment of a respective campaign that is associated with the respective entity meeting the standard.

“2. The method of claim 1, wherein generating the risk rating for the vendor is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities.

“3. The method of claim 1, wherein the electronic transfer of the completed assessment template to the plurality of computer systems is carried out through on online portal integrated with an instance of each computer system of the plurality of computer systems.

“4. The method of claim 1 further comprising: generating, by the computing hardware and based on the risk rating, a graphical user interface by configuring a navigation element on the graphical user interface, wherein the navigation element is configured for initiating a responsive action based on the risk rating; transmitting, by the computing hardware, an instruction to a user device to present the graphical user interface on the user device; receiving, by the computing hardware, an indication of a selection of the navigation element; and responsive to receiving the indication, initiating, by the computing hardware, the responsive action.

“5. The method of claim 4, wherein the responsive action comprises: generating, by the computing hardware, a second graphical user interface comprising an indication of the risk rating; and transmitting, by the computing hardware, a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“6. The method of claim 1 further comprising: analyzing, by computing hardware, publicly available data associated with the vendor; and generating, by the computing hardware, an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating.

“7. The method of claim 6, wherein analyzing the publicly available data comprises: determining at least one of employee titles, employee roles, or available job posts with the vendor based on analyzing at least one of a social networking website or a business related job website.

“8. The method of claim 6, wherein analyzing the publicly available data comprises: determining the vendor has a plurality of contracts with a plurality of government entities.

“9. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: accessing a completed assessment template regarding a standard from a vendor, the completed assessment template comprising a plurality of question/answer pairings comprising an identification of attributes of the vendor associated with meeting with the standard; generating a risk rating for the vendor meeting the standard based on a weighting factor for each of the plurality of question/answer pairings and a relative risk rating for each of the plurality of question/answer pairings; and facilitating an electronic transfer the risk rating and the completed assessment template to a plurality of computer systems, wherein each computer system of the plurality of computer systems is associated with a respective entity of a plurality of entities and each respective entity uses the risk rating and the completed assessment template in conducting a respective computerized assessment of a respective campaign that is associated with the respective entity meeting the standard.

“10. The system of claim 9, wherein the respective campaign involves an initiative being conducted by the respective entity to meet the standard and the respective computerized assessment is configured to measure a maturity of the respective entity in meeting the standard.

“11. The system of claim 9, wherein the electronic transfer of the completed assessment template to the plurality of computer systems is carried out through on online portal integrated with an instance of each computer system of the plurality of computer systems.

“12. The system of claim 9, wherein generating the risk rating for the vendor is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities.

“13. The system of claim 9, wherein the operations further comprise: analyzing publicly available data associated with the vendor; and generating an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating.

“14. The system of claim 13, wherein analyzing the publicly available data comprises: determining at least one of employee titles, employee roles, or available job posts with the vendor based on analyzing at least one of a social networking website or a business related job website.

“15. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: accessing a completed assessment template regarding a standard from a vendor, the completed assessment template comprising a plurality of question/answer pairings comprising an identification of attributes of the vendor associated with meeting with the standard; generating a risk rating for the vendor meeting the standard based on a weighting factor for each of the plurality of question/answer pairings and a relative risk rating for each of the plurality of question/answer pairings; and facilitating an electronic transfer of at least one of the risk rating or the completed assessment template to a plurality of computer systems, wherein each computer system of the plurality of computer systems is associated with a respective entity of a plurality of entities and each respective entity uses at least one of the risk rating or the completed assessment template in conducting a respective computerized assessment of a respective campaign that is associated with the respective entity meeting the standard.

“16. The non-transitory computer-readable medium of claim 15, wherein the respective campaign involves an initiative being conducted by the respective entity to meet the standard and the respective computerized assessment is configured to measure a maturity of the respective entity in meeting the standard.

“17. The non-transitory computer-readable medium of claim 15, wherein the electronic transfer of the completed assessment template to the plurality of computer systems is carried out through on online portal integrated with an instance of each computer system of the plurality of computer systems.

“18. The non-transitory computer-readable medium of claim 15, wherein the operations further comprise: generating, based on the risk rating, a graphical user interface by configuring a navigation element on the graphical user interface, wherein the navigation element is configured for initiating a responsive action based on the risk rating; transmitting an instruction to a user device to present the graphical user interface on the user device; receiving an indication of a selection of the navigation element; and responsive to receiving the indication, initiating the responsive action comprising: generating a second graphical user interface comprising an indication of the risk rating; and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“19. The system of non-transitory computer-readable medium of claim 15, wherein the operations further comprise: analyzing publicly available data associated with the vendor; and generating an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating.

“20. The non-transitory computer-readable medium of claim 19 wherein analyzing the publicly available data comprises: determining the vendor has a plurality of contracts with a plurality of government entities.”

URL and more information on this patent application, see: Barday, Kabir A.; Brannon, Jonathan Blake. Data Processing Systems And Methods For Efficiently Assessing The Risk Of Campaigns. Filed June 13, 2022 and posted October 6, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220318402%22.PGNR.&OS=DN/20220318402&RS=DN/20220318402

(Our reports deliver fact-based news of research and discoveries from around the world.)