“Data Processing Systems And Methods For Efficiently Assessing The Risk Of Privacy Campaigns” in Patent Application Approval Process (USPTO 20220171864): OneTrust LLC

2022 JUN 17 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US), filed on February 11, 2022, was made available online on June 2, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to OneTrust LLC (Atlanta, Georgia, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “A method, in various aspects, comprises: (1) receiving, by computing hardware, a completed template from a vendor, the completed template including question/answer pairings regarding a particular product or service provided by the vendor; (2) determining, by the computing hardware based on the completed template, to request an updated version of the completed template from the vendor; (3) requesting, by the computing hardware, the updated version of the completed template from the vendor; (4) receiving, by the computing hardware, the updated version of the completed template that includes updated question/answer pairings regarding the particular product or service; (5) in response to receiving the updated completed template, automatically coordinating, by the computing hardware, an audit of the updated completed template for compliance with standards; (6) receiving, by the computing hardware, an audited updated completed template; (7) calculating, by the computing hardware, a risk rating for the particular product or service based on the audited updated completed template; and (8) facilitating, by the computing hardware, the electronic transfer of the audited updated completed template and the risk rating for the particular product or service to computer systems, each of the computer systems being associated with a different entity, for use in the different entities’ respective computerized assessment of at least one respective activity, to be executed by the respective entity, that includes the use of the particular product or service.

“In some aspects, calculating the risk rating for the particular product or service is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities. In various aspects, the method further comprises analyzing, by the computing hardware, one or more pieces of publicly available data associated with the vendor, and calculating the risk rating for the particular product or service is further based on the one or more pieces of publicly available data. In some aspects, the method comprises generating, by the computing hardware, one or more tasks based on the completed template. In some aspects, determining to request the updated version of the completed template from the vendor occurs in response to receiving, by the computing hardware, an indication that at least one of the one or more tasks has been completed. In other aspects, determining to request the updated version of the completed template from the vendor is further based on determining that particular product or service has been revised. In a particular aspect, the electronic transfer of the audited updated completed template to the computer systems is carried out through on online portal integrated with an instance of each computer system of the computer systems.

“A system, in accordance with some aspects, comprises a non-transitory computer-readable medium storing instructions, and a processing device communicatively coupled to the non-transitory computer-readable medium. In various aspects, the processing device is configured to execute the instructions and thereby perform operations comprising: (1) receiving a completed template from a vendor, the completed template including question/answer pairings regarding a particular product or service provided by the vendor; (2) determining to request an updated version of the completed template from the vendor; (3) requesting the updated version of the completed template from the vendor; (4) receiving the updated version of the completed template that includes updated question/answer pairings regarding the particular product or service; (5) in response to receiving the updated completed template, automatically coordinating an audit of the updated completed template for compliance with standards; (6) receiving an audited updated completed template; (7) calculating a risk rating for the particular product or service based on the audited updated completed template; and (8) facilitating the electronic transfer of the audited updated completed template and the risk rating for the particular product or service to a computer system, the computer system being accessible by different entities, for use in a respective computerized assessment of at least one respective activity, to be executed by each of the respective entities, that includes the use of the particular product or service.

“In some aspects, the operations further comprise analyzing publicly available data associated with the vendor, and calculating the risk rating for the particular product or service based on the publicly available data. In a particular aspect, the publicly available data comprises at least one of employee titles at the vendor, employee roles at the vendor, or available job postings for the vendor. In various aspects, the operations further comprise scanning a webpage associated with the vendor to identify a vendor attribute, and calculating the risk rating for the particular product or service based on the vendor attribute. In some aspects, the vendor attribute indicates satisfaction, by the vendor, of a particular standard. In a particular aspect, the particular product comprises at least one of a component or a raw material.

“A method, in some aspects comprises: (1) receiving, by computing hardware, a computerized assessment from a vendor, the computerized assessment including question/answer pairings regarding a particular product or service provided by the vendor; (2) determining, by the computing hardware based on the computerized assessment, to request an updated version of the computerized assessment from the vendor; (3) requesting, by the computing hardware, the updated version of the computerized assessment from the vendor; (4) receiving, by the computing hardware, the updated version of the computerized assessment that includes updated question/answer pairings regarding the particular product or service; (5) calculating, by the computing hardware, a risk rating for the particular product or service based on the updated version of the computerized assessment; and (6) facilitating, by the computing hardware, the electronic transfer of the updated version of the computerized assessment and the risk rating for the particular product or service to a computer system, the computer system being accessible by different entity computing systems, for use in respective computerized assessments, by each of the different entity computing systems, of a respective activity, to be executed by respective entities associated with each of the different entity computing systems, that includes the use of the particular product or service.

“In some aspects, determining to request the updated version of the computerized assessment from the vendor is further based on determining that particular product or service has been revised. In various aspects, the method comprises scanning, by the computing hardware, a webpage associated with the vendor to identify a vendor attribute; and calculating, by the computing hardware, the risk rating for the particular product or service based on the vendor attribute. In one aspect, the vendor attribute indicates satisfaction, by the vendor, of a particular standard. In particular aspects, calculating the risk rating for the particular product or service is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities. In some aspects, the method comprises analyzing, by the computing hardware, publicly available data associated with the vendor, and calculating, by the computing hardware, the risk rating for the particular product or service based on the publicly available data, wherein the publicly available data includes at least one of employee titles at the vendor, employee roles at the vendor, available job postings for the vendor, or one or more certifications held by the vendor. In a particular aspects, the particular product comprises at least one of a component or a raw material.

“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”

The claims supplied by the inventors are:

“1. A method comprising: receiving, by computing hardware, a completed template from a vendor, the completed template including question/answer pairings regarding a particular product or service provided by the vendor; determining, by the computing hardware based on the completed template, to request an updated version of the completed template from the vendor; requesting, by the computing hardware, the updated version of the completed template from the vendor; receiving, by the computing hardware, the updated version of the completed template that includes updated question/answer pairings regarding the particular product or service; in response to receiving the updated completed template, automatically coordinating, by the computing hardware, an audit of the updated completed template for compliance with standards; receiving, by the computing hardware, an audited updated completed template; calculating, by the computing hardware, a risk rating for the particular product or service based on the audited updated completed template; and facilitating, by the computing hardware, the electronic transfer of the audited updated completed template and the risk rating for the particular product or service to computer systems, each of the computer systems being associated with a different entity, for use in the different entities’ respective computerized assessment of at least one respective activity, to be executed by the respective entity, that includes the use of the particular product or service.

“2. The method of claim 1, wherein calculating the risk rating for the particular product or service is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities.

“3. The method of claim 1, wherein: the method further comprises analyzing, by the computing hardware, one or more pieces of publicly available data associated with the vendor; and calculating the risk rating for the particular product or service is further based on the one or more pieces of publicly available data.

“4. The method of claim 1, further comprising generating, by the computing hardware, one or more tasks based on the completed template.

“5. The method of claim 4, wherein determining to request the updated version of the completed template from the vendor occurs in response to receiving, by the computing hardware, an indication that at least one of the one or more tasks has been completed.

“6. The method of claim 1, wherein determining to request the updated version of the completed template from the vendor is further based on determining that particular product or service has been revised.

“7. The method of claim 1, wherein the electronic transfer of the audited updated completed template to the computer systems is carried out through on online portal integrated with an instance of each computer system of the computer systems.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein the processing device is configured to execute the instructions and thereby perform operations comprising: receiving a completed template from a vendor, the completed template including question/answer pairings regarding a particular product or service provided by the vendor; determining to request an updated version of the completed template from the vendor; requesting the updated version of the completed template from the vendor; receiving the updated version of the completed template that includes updated question/answer pairings regarding the particular product or service; in response to receiving the updated completed template, automatically coordinating an audit of the updated completed template for compliance with standards; receiving an audited updated completed template; calculating a risk rating for the particular product or service based on the audited updated completed template; and facilitating the electronic transfer of the audited updated completed template and the risk rating for the particular product or service to a computer system, the computer system being accessible by different entities, for use in a respective computerized assessment of at least one respective activity, to be executed by each of the respective entities, that includes the use of the particular product or service.

“9. The system of claim 8, wherein the operations further comprise: analyzing publicly available data associated with the vendor; and calculating the risk rating for the particular product or service based on the publicly available data.

“10. The system of claim 9, wherein the publicly available data comprises at least one of employee titles at the vendor, employee roles at the vendor, or available job postings for the vendor.

“11. The system of claim 9, wherein the operations further comprise: scanning a webpage associated with the vendor to identify a vendor attribute; and calculating the risk rating for the particular product or service based on the vendor attribute.

“12. The system of claim 11, wherein the vendor attribute indicates satisfaction, by the vendor, of a particular standard.

“13. The method of claim 11, wherein the particular product comprises at least one of a component or a raw material.

“14. A method comprising: receiving, by computing hardware, a computerized assessment from a vendor, the computerized assessment including question/answer pairings regarding a particular product or service provided by the vendor; determining, by the computing hardware based on the computerized assessment, to request an updated version of the computerized assessment from the vendor; requesting, by the computing hardware, the updated version of the computerized assessment from the vendor; receiving, by the computing hardware, the updated version of the computerized assessment that includes updated question/answer pairings regarding the particular product or service; calculating, by the computing hardware, a risk rating for the particular product or service based on the updated version of the computerized assessment; and facilitating, by the computing hardware, the electronic transfer of the updated version of the computerized assessment and the risk rating for the particular product or service to a computer system, the computer system being accessible by different entity computing systems, for use in respective computerized assessments, by each of the different entity computing systems, of a respective activity, to be executed by respective entities associated with each of the different entity computing systems, that includes the use of the particular product or service.

“15. The method of claim 14, wherein determining to request the updated version of the computerized assessment from the vendor is further based on determining that the particular product or service has been revised.

“16. The method of claim 15, further comprising: scanning, by the computing hardware, a webpage associated with the vendor to identify a vendor attribute; and calculating, by the computing hardware, the risk rating for the particular product or service based on the vendor attribute.

“17. The method of claim 14, wherein the vendor attribute indicates satisfaction, by the vendor, of a particular standard.

“18. The method of claim 14, wherein calculating the risk rating for the particular product or service is further based on an indication that the vendor has passed one or more vetting requirements imposed by one or more government entities.

“19. The method of claim 14, further comprising: analyzing, by the computing hardware, publicly available data associated with the vendor; and calculating, by the computing hardware, the risk rating for the particular product or service based on the publicly available data, wherein the publicly available data includes at least one of employee titles at the vendor, employee roles at the vendor, available job postings for the vendor, or one or more certifications held by the vendor.

“20. The method of claim 14, wherein the particular product comprises at least one of a component or a raw material.”

URL and more information on this patent application, see: Barday, Kabir A.; Brannon, Jonathan Blake. Data Processing Systems And Methods For Efficiently Assessing The Risk Of Privacy Campaigns. Filed February 11, 2022 and posted June 2, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220171864%22.PGNR.&OS=DN/20220171864&RS=DN/20220171864

(Our reports deliver fact-based news of research and discoveries from around the world.)