“Data Processing Systems And Methods For Performing Assessments And Monitoring Of New Versions Of Computer Code For Compliance” in Patent Application Approval Process (USPTO 20220286482): OneTrust LLC

2022 SEP 26 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US); Browne, Ken A. (Johns Creek, GA, US); Daniel, Richard L. (Atlanta, GA, US); Finch, Steven W. (Kennesaw, GA, US); Heard, Nathan W. (Marietta, GA, US); Karanjkar, Mihir S. (Marietta, GA, US); Patel, Aakash H. (Norcross, GA, US); Patton-Kuhl, Dylan D. (Atlanta, GA, US); Sabourin, Jason L. (Brookhaven, GA, US), filed on May 20, 2022, was made available online on September 8, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to OneTrust LLC (Atlanta, Georgia, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, policies, regulations, and standards related to privacy and security concerns and concerns of using AI in a manner that is considered unfair and/or unethical, and related operations have become increasingly important. For example, breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (i.e., likes and dislikes, as provided or obtained through social media). While not all personal data may be sensitive, in the wrong hands, this kind of information may have a negative impact on the individuals or entities whose sensitive personal data is collected, including identity theft and embarrassment. Not only would a breach have the potential of exposing individuals to malicious wrongdoing, fallout from the breach may also result in damage to reputation, potential liability, and costly remedial action for the organizations who collected the information and were under an obligation to maintain its confidentiality and security.

“As another example, many organizations have incorporated AI (e.g., AI functionality) to interface with customers or other users in a variety of ways. As a specific example, an organization may provide AI on its website in the form of a chatbot to conduct online chat sessions with customers visiting the website to purchase a product. However, introduction of AI for certain applications can be considered unfair and/or unethical. For example, introduction of AI that performs biometric identification in public areas is considered by many as an unethical use of such technology. In addition, introduction of bias into AI can lead to the AI producing inaccurate results and/or causing computing systems, devices, or other systems that rely on AI outputs to function incorrect and/or operate in a manner that is unsuitable for their intended purpose. Accordingly, fallout of operating AI under such circumstances can result in mistrust of its use, damage to reputation, potential liability, and costly remedial action for the organizations.

“As a result, many organizations have begun to address these issues. For example, to manage personal data, many organizations have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. For many companies handling personal data, privacy audits, whether performed according to AICPA Generally Accepted Privacy Principles or ISACA’s IT Standards, Guidelines, and Tools and Techniques for Audit Assurance and Control Professionals, are not just a best practice but are a requirement. The same can be said with many organizations’ use of AI that can leave many organizations’ systems vulnerable to unacceptable, undesired, unfair, and/or unethical use of such functionality.

“However, lack of transparency or clarity into where personal data comes from and/or where it is stored or transferred, who is developing AI (e.g., AI functionality) and how, who is using personal data and/or AI, and for what purpose is personal data and/or AI being used, can oftentimes bog down many conventional audit (e.g., compliance and/or adequacy audit) practices, processes, and the like and can leave many organizations’ systems vulnerable to privacy-related data incidents such as data breaches, as well as vulnerable to unintended, undesired, unfair, unethical, and/or misuse of AI. Accordingly, many of these vulnerabilities can be rooted in vulnerabilities found in software code utilized by these organizations for privacy and/or AI related purposes.

“In light of the above, there is currently a need for improved systems and methods for assessing computer code such as, for example, mobile applications, websites, and other computer code for features and conditions that may have an impact on a company’s compliance with various policies, regulations, and/or standards related to privacy and responsible AI use, as well as an impact on creating vulnerabilities to privacy-related incidents and/or use of AI in an unintended, undesired, unfair, and/or unethical manner.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for gathering information for new functionality introduced into a new instance of computer code. In accordance with various aspects, a method is provided that comprises: monitoring, by computing hardware, a location where computer code is located; identifying, by the computing hardware, a new instance of the computer code at the location; comparing, by the computing hardware, the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing, by the computing hardware, the new instance of the computer code to determine an attribute of the new instance of the computer code, wherein the attribute identifies new functionality that the new instance of the computer code performs over the previous instance of the computer code; providing, by the computing hardware, a graphical user interface for display, wherein the graphical user interface is configured to prompt for information regarding the new functionality; and communicating, by the computing hardware, the information regarding the new functionality for use in conducting an assessment of the computer code.

“In some aspects, the new functionality is configured to perform at least one of (i) collecting or accessing personal data or (ii) artificial intelligence. In some aspects, analyzing the new instance of the computer code to determine the attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior. In some aspects, analyzing the new instance of the computer code to determine the attribute comprises detecting performance by the computer code of at least one of an image analysis, speech recognition, use of a machine-learning algorithm, pattern recognition, or voice-to-text conversion.

“In some aspects, the information identifies at least one of a reason or purpose for the new functionality, data that is used in training the new functionality, a procedure used in maintaining the new functionality, or a procedure used in monitoring a performance of the new functionality. In some aspects, the method further comprises: determining, by the computing hardware and based on the information, at least one of a type of the personal data or a type of the artificial intelligence; and determining, by the computing hardware and based on at least one of the type of the personal data or the type of the artificial intelligence, a risk rating associated with the computer code performing the new functionality, wherein the risk rating is communicated along with the information. In some aspects, the risk rating provides a measure of the computer code performing the new functionality in at least one of an unintended manner, an undesired manner, or an inappropriate manner as defined by an entity associated with the computer code.

“In accordance with various aspects, a system is provided comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium. In particular aspects, the processing device is configured to execute the instructions and thereby perform operations that, upon a new instance of a computer code being identified at a location being monitored where the computer code is located, comprise: comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing the new instance of the computer code to determine an attribute of the new instance of the computer code, wherein the attribute identifies new functionality that the new instance of the computer code performs over the previous instance of the computer code; providing a graphical user interface for display, wherein the graphical user interface is configured to prompt for information regarding the new functionality; and communicating the information regarding the new functionality for use in conducting an assessment of the computer code.

“In some aspects, the new functionality is configured to perform at least one of (i) collecting or accessing personal data or (ii) artificial intelligence. In some aspects, analyzing the new instance of the computer code to determine the attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior. In some aspects, analyzing the new instance of the computer code to determine the attribute comprises detecting performance by the computer code of at least one of an image analysis, speech recognition, use of a machine-learning algorithm, pattern recognition, or voice-to-text conversion.

“In some aspects, the information identifies at least one of a reason or purpose for the new functionality, data that is used in training the new functionality, a procedure used in maintaining the new functionality, or a procedure used in monitoring a performance of the new functionality. In some aspects, the operations further comprise: determining, based on the information, at least one of a type of the personal data or a type of the artificial intelligence; and determining, based on at least one of the type of the personal data or the type of the artificial intelligence, a risk rating associated with the computer code performing the new functionality, wherein the risk rating is communicated along with the information. In some aspects, the risk rating provides a measure of the computer code performing the new functionality in at least one of an unintended manner, an undesired manner, or an inappropriate manner as defined by an entity associated with the computer code.

“In addition in accordance with various aspects, a non-transitory computer-readable medium having program code that is stored thereon. In particular aspects, the program code is executable by one or more processing devices and performs operations that, upon a new instance of a computer code being identified at a location being monitored where the computer code is located, comprise: comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing the new instance of the computer code to determine an attribute of the new instance of the computer code, wherein the attribute identifies new functionality that the new instance of the computer code performs over the previous instance of the computer code; providing a graphical user interface for display, wherein the graphical user interface is configured to prompt for information regarding the new functionality; and communicating the information regarding the new functionality for use in conducting an assessment of the computer code.

“In some aspects, the new functionality is configured to perform at least one of (i) collecting or accessing personal data or (ii) artificial intelligence. In some aspects, analyzing the new instance of the computer code to determine the attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior. In some aspects, analyzing the new instance of the computer code to determine the attribute comprises detecting performance by the computer code of at least one of an image analysis, speech recognition, use of a machine-learning algorithm, pattern recognition, or voice-to-text conversion.

“In some aspects, the information identifies at least one of a reason or purpose for the new functionality, data that is used in training the new functionality, a procedure used in maintaining the new functionality, or a procedure used in monitoring a performance of the new functionality. In some aspects, the operations further comprise: determining, based on the information, at least one of a type of the personal data or a type of the artificial intelligence; and determining, based on at least one of the type of the personal data or the type of the artificial intelligence, a risk rating associated with the computer code performing the new functionality, wherein the risk rating is communicated along with the information.”

The claims supplied by the inventors are:

“1. A method comprising: monitoring, by computing hardware, a location where computer code is located; identifying, by the computing hardware, a new instance of the computer code at the location; comparing, by the computing hardware, the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing, by the computing hardware, the new instance of the computer code to determine an attribute of the new instance of the computer code, wherein the attribute identifies new functionality that the new instance of the computer code performs over the previous instance of the computer code; providing, by the computing hardware, a graphical user interface for display, wherein the graphical user interface is configured to prompt for information regarding the new functionality; and communicating, by the computing hardware, the information regarding the new functionality for use in conducting an assessment of the computer code.

“2. The method of claim 1, wherein the new functionality is configured to perform at least one of (i) collecting or accessing personal data or (ii) artificial intelligence.

“3. The method of claim 2, wherein analyzing the new instance of the computer code to determine the attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior.

“4. The method of claim 2, wherein analyzing the new instance of the computer code to determine the attribute comprises detecting performance by the computer code of at least one of an image analysis, speech recognition, use of a machine-learning algorithm, pattern recognition, or voice-to-text conversion.

“5. The method of claim 2, wherein the information identifies at least one of a reason or purpose for the new functionality, data that is used in training the new functionality, a procedure used in maintaining the new functionality, or a procedure used in monitoring a performance of the new functionality.

“6. The method of claim 2 further comprising: determining, by the computing hardware and based on the information, at least one of a type of the personal data or a type of the artificial intelligence; and determining, by the computing hardware and based on at least one of the type of the personal data or the type of the artificial intelligence, a risk rating associated with the computer code performing the new functionality, wherein the risk rating is communicated along with the information.

“7. The method of claim 6, wherein the risk rating provides a measure of the computer code performing the new functionality in at least one of an unintended manner, an undesired manner, or an inappropriate manner as defined by an entity associated with the computer code.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations, upon a new instance of a computer code being identified at a location being monitored where the computer code is located, comprising: comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing the new instance of the computer code to determine an attribute of the new instance of the computer code, wherein the attribute identifies new functionality that the new instance of the computer code performs over the previous instance of the computer code; providing a graphical user interface for display, wherein the graphical user interface is configured to prompt for information regarding the new functionality; and communicating the information regarding the new functionality for use in conducting an assessment of the computer code.

“9. The system of claim 8, wherein the new functionality is configured to perform at least one of (i) collecting or accessing personal data or (ii) artificial intelligence.

“10. The system of claim 9, wherein analyzing the new instance of the computer code to determine the attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior.

“11. The system of claim 9, wherein analyzing the new instance of the computer code to determine the attribute comprises detecting performance by the computer code of at least one of an image analysis, speech recognition, use of a machine-learning algorithm, pattern recognition, or voice-to-text conversion.

“12. The system of claim 9, wherein the information identifies at least one of a reason or purpose for the new functionality, data that is used in training the new functionality, a procedure used in maintaining the new functionality, or a procedure used in monitoring a performance of the new functionality.

“13. The system of claim 9, wherein the operations further comprise: determining, based on the information, at least one of a type of the personal data or a type of the artificial intelligence; and determining, based on at least one of the type of the personal data or the type of the artificial intelligence, a risk rating associated with the computer code performing the new functionality, wherein the risk rating is communicated along with the information.

“14. The system of claim 13, wherein the risk rating provides a measure of the computer code performing the new functionality in at least one of an unintended manner, an undesired manner, or an inappropriate manner as defined by an entity associated with the computer code.

“15. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations, upon a new instance of a computer code being identified at a location being monitored where the computer code is located, comprising: comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing the new instance of the computer code to determine an attribute of the new instance of the computer code, wherein the attribute identifies new functionality that the new instance of the computer code performs over the previous instance of the computer code; providing a graphical user interface for display, wherein the graphical user interface is configured to prompt for information regarding the new functionality; and communicating the information regarding the new functionality for use in conducting an assessment of the computer code.

“16. The non-transitory computer-readable medium of claim 15, wherein the new functionality is configured to perform at least one of (i) collecting or accessing personal data or (ii) artificial intelligence.

“17. The non-transitory computer-readable medium of claim 16, wherein analyzing the new instance of the computer code to determine the attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior.

“18. The non-transitory computer-readable medium of claim 16, wherein analyzing the new instance of the computer code to determine the attribute comprises detecting performance by the computer code of at least one of an image analysis, speech recognition, use of a machine-learning algorithm, pattern recognition, or voice-to-text conversion.

“19. The non-transitory computer-readable medium of claim 16, wherein the information identifies at least one of a reason or purpose for the new functionality, data that is used in training the new functionality, a procedure used in maintaining the new functionality, or a procedure used in monitoring a performance of the new functionality.

“20. The non-transitory computer-readable medium of claim 16, wherein the operations further comprise: determining, based on the information, at least one of a type of the personal data or a type of the artificial intelligence; and determining, based on at least one of the type of the personal data or the type of the artificial intelligence, a risk rating associated with the computer code performing the new functionality, wherein the risk rating is communicated along with the information.”

URL and more information on this patent application, see: Barday, Kabir A.; Brannon, Jonathan Blake; Browne, Ken A.; Daniel, Richard L.; Finch, Steven W.; Heard, Nathan W.; Karanjkar, Mihir S.; Patel, Aakash H.; Patton-Kuhl, Dylan D.; Sabourin, Jason L. Data Processing Systems And Methods For Performing Assessments And Monitoring Of New Versions Of Computer Code For Compliance. Filed May 20, 2022 and posted September 8, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220286482%22.PGNR.&OS=DN/20220286482&RS=DN/20220286482

(Our reports deliver fact-based news of research and discoveries from around the world.)