“Data Processing Systems And Methods For Providing Training In A Vendor Procurement Process” in Patent Application Approval Process (USPTO 20220358427): OneTrust LLC

2022 NOV 24 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US), filed on July 20, 2022, was made available online on November 10, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to OneTrust LLC (Atlanta, Georgia, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.

“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly. There is also a need for improved systems and methods for estimating the timing of vendor risk analysis and procurement and providing effective training to ensure that employees and/or vendors are compliant with applicable privacy and security regulations and standards.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “According to various aspects, a method is provided that comprises: detecting, by computing hardware, a request to procure a vendor for an entity and a user parameter identifying a user, wherein the vendor is to provide at least one of a service or a product to the entity; determining, by the computing hardware and based on an assessment conducted on the vendor with respect to the vendor handling data for the entity, a training requirement associated with a procurement of the vendor; determining, by the computing hardware and based on the user parameter and training data for the user, a progress of the user completing the training requirement; generating, by the computing hardware and based on the progress of the user, customized training content comprising a portion of a training course associated with the training requirement; and configuring, by the computing hardware, a graphical user interface to display a presentation element configured for presenting the customized training content on the graphical user interface.

“In some aspects, the method further comprises transmitting an instruction to a browser application executed on a user device causing the browser application to present the graphical user interface on the user device. In some aspects, the graphical user interface is further configured with a control element configured to generate an indication of completion of the customized training content and the method further comprises: receiving, by the computing hardware, an indication of a selection of the control element, and responsive to receiving the indication, initiating, by the computing hardware, a process to procure the vendor.

“In some aspects, generating the customized training content comprising the portion of the training course is further based on the training course having been updated since the user previously satisfied the training requirement. In some aspects, the progress of the user indicates the user has completed a certification and generating the customized training content comprising the portion of the training course further comprises removing a second portion of the training course that includes content that one who has completed the certification should know. In some aspects, the progress of the user indicates the user has completed a certification and the portion of the training course comprises content that is considered important to one who has completed the certification. In some aspects, the training requirement is further based on at least one of a jurisdiction of the vendor, a classification of the vendor, a type of data processed by the vendor, or a volume of data processed by the vendor.

“According to various aspects, a system comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium is provided. The processing device is configured to execute the instructions and thereby perform operations comprising: receiving a request to procure a vendor for an entity from a user via a remote computing device, wherein the vendor is to provide at least one of a service or a product to the entity; determining vendor training criteria for the vendor; determining a training requirement associated with a procurement of the vendor by the user based on the vendor training criteria and at least one of an assessment conducted on the vendor with respect to at least one of the product or the service; determining, based on training data for the user, a progress of the user completing the training requirement; generating customized training content comprising a portion of a training course associated with the training requirement based on the progress of the user; and transmitting the customized training content to the remote computing device for presentation to the user.

“In some aspects, the operations further comprise: receiving an indication from the remote computing device that the user has completed the customized training content; and responsive to receiving the indication, facilitating the procurement of the vendor. In some aspects, the operations further comprise: receiving an indication from the remote computing device that the user has completed the training requirement; and responsive to receiving the indication, facilitating the procurement of the vendor.

“In some aspects, the operations further comprise suspending procuring the vendor for the entity based on the progress of the user completing the training requirement. In some aspects, determining the training requirement is further based on at least one of a jurisdiction associated with the user, a role in the entity for the user, or a type of data to which the user will have access.

“In some aspects, the progress of the user indicates a length of time since the user has view certain content of the training course and generating the customized training content comprising the portion of the training course further comprises removing a second portion of the training course that includes the certain content. In some aspects, the progress of the user indicates a past performance on certain content of the training course and generating the customized training content comprising the portion of the training course further comprises removing a second portion of the training course that includes the certain content. In some aspects, the progress of the user indicates a past performance on certain content of the training course and the portion of the training course emphasizes aspects of the certain content.

“According to various aspects, a non-transitory computer-readable medium storing computer-executable instructions is provided. The computer-executable instructions, when executed by computing hardware, configure the computing hardware to perform operations comprising: detecting a modification of training material associated with a procurement of a vendor for an entity, wherein the vendor is to provide at least one of a service or a product to the entity; responsive to detecting the modification of the training material, determining, based on an assessment conducted on the vendor, a training requirement associated with the training material; determining, based on training data for a user, a progress of the user completing the training requirement; generating, based on the progress of the user, customized training content comprising a portion of training material associated with the training requirement; and transmitting the customized training content and a request to satisfy the training requirement to the user.

“In some aspects, the training material is stored in a learning management system; and detecting the modification of the training material comprises monitoring the learning management system for the modification of the training material. In some aspects, monitoring the learning management system comprises periodically monitoring the learning management system.

“In some aspects, detecting the modification of the training material comprises: receiving a user request to update the training material; and updating the training material in response to the user request. In some aspects, the request to satisfy the training requirement comprises a plurality of questions associated with the training material.

“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”

The claims supplied by the inventors are:

“1. A method comprising: detecting, by computing hardware, a request to procure a vendor for an entity and a user parameter identifying a user, wherein the vendor is to provide at least one of a service or a product to the entity; determining, by the computing hardware and based on an assessment conducted on the vendor with respect to the vendor handling data for the entity, a training requirement associated with a procurement of the vendor; determining, by the computing hardware and based on the user parameter and training data for the user, a progress of the user completing the training requirement; generating, by the computing hardware and based on the progress of the user, customized training content comprising a portion of a training course associated with the training requirement; and configuring, by the computing hardware, a graphical user interface to display a presentation element configured for presenting the customized training content on the graphical user interface.

“2. The method of claim 1 further comprising transmitting an instruction to a browser application executed on a user device causing the browser application to present the graphical user interface on the user device.

“3. The method of claim 2, wherein the graphical user interface is further configured with a control element configured to generate an indication of completion of the customized training content and the method further comprises: receiving, by the computing hardware, an indication of a selection of the control element, and responsive to receiving the indication, initiating, by the computing hardware, a process to procure the vendor.

“4. The method of claim 1, wherein generating the customized training content comprising the portion of the training course is further based on the training course having been updated since the user previously satisfied the training requirement.

“5. The method of claim 1, wherein the progress of the user indicates the user has completed a certification and generating the customized training content comprising the portion of the training course further comprises removing a second portion of the training course that includes content that one who has completed the certification should know.

“6. The method of claim 1, wherein the progress of the user indicates the user has completed a certification and the portion of the training course comprises content that is considered important to one who has completed the certification.

“7. The method of claim 1, wherein the training requirement is further based on at least one of a jurisdiction of the vendor, a classification of the vendor, a type of data processed by the vendor, or a volume of data processed by the vendor.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: receiving a request to procure a vendor for an entity from a user via a remote computing device, wherein the vendor is to provide at least one of a service or a product to the entity; determining vendor training criteria for the vendor; determining a training requirement associated with a procurement of the vendor by the user based on the vendor training criteria and at least one of an assessment conducted on the vendor with respect to at least one of the product or the service; determining, based on training data for the user, a progress of the user completing the training requirement; generating customized training content comprising a portion of a training course associated with the training requirement based on the progress of the user; and transmitting the customized training content to the remote computing device for presentation to the user.

“9. The system of claim 8, wherein the operations further comprise: receiving an indication from the remote computing device that the user has completed the customized training content; and responsive to receiving the indication, facilitating the procurement of the vendor.

“10. The system of claim 8, wherein the operations further comprise: receiving an indication from the remote computing device that the user has completed the training requirement; and responsive to receiving the indication, facilitating the procurement of the vendor.

“11. The system of claim 8, wherein the operations further comprise suspending procuring the vendor for the entity based on the progress of the user completing the training requirement.

“12. The system of claim 8, wherein determining the training requirement is further based on at least one of a jurisdiction associated with the user, a role in the entity for the user, or a type of data to which the user will have access.

“13. The system of claim 8, wherein the progress of the user indicates a length of time since the user has view certain content of the training course and generating the customized training content comprising the portion of the training course further comprises removing a second portion of the training course that includes the certain content.

“14. The system of claim 8, wherein the progress of the user indicates a past performance on certain content of the training course and generating the customized training content comprising the portion of the training course further comprises removing a second portion of the training course that includes the certain content.

“15. The system of claim 8, wherein the progress of the user indicates a past performance on certain content of the training course and the portion of the training course emphasizes aspects of the certain content.

“16. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by computing hardware, configure the computing hardware to perform operations comprising: detecting a modification of training material associated with a procurement of a vendor for an entity, wherein the vendor is to provide at least one of a service or a product to the entity; responsive to detecting the modification of the training material, determining, based on an assessment conducted on the vendor, a training requirement associated with the training material; determining, based on training data for a user, a progress of the user completing the training requirement; generating, based on the progress of the user, customized training content comprising a portion of training material associated with the training requirement; and transmitting the customized training content and a request to satisfy the training requirement to the user.

“17. The non-transitory computer-readable medium of claim 16, wherein: the training material is stored in a learning management system; and detecting the modification of the training material comprises monitoring the learning management system for the modification of the training material.

“18. The non-transitory computer-readable medium of claim 17, wherein monitoring the learning management system comprises periodically monitoring the learning management system.

“19. The non-transitory computer-readable medium of claim 16, wherein detecting the modification of the training material comprises: receiving a user request to update the training material; and updating the training material in response to the user request.

“20. The non-transitory computer-readable medium of claim 16, wherein the request to satisfy the training requirement comprises a plurality of questions associated with the training material.”

URL and more information on this patent application, see: Barday, Kabir A.; Brannon, Jonathan Blake. Data Processing Systems And Methods For Providing Training In A Vendor Procurement Process. Filed July 20, 2022 and posted November 10, 2022.

(Our reports deliver fact-based news of research and discoveries from around the world.)