Patent Application Titled “Data Processing And Communications Systems And Methods For The Efficient Implementation Of Privacy By Design” Published Online (USPTO 20220309416): OneTrust LLC
2022 OCT 14 (NewsRx) -- By a
The assignee for this patent application is
Reporters obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).
“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in
“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.
“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly.”
In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventor’s summary information for this patent application: “A non-transitory computer-readable medium, according to various aspects, has program code that is stored thereon. In some aspects, the program code is executable by one or more processing devices for performing operations comprising: (1) monitoring a storage location of a mobile application; (2) determining that a new version of the mobile application has been stored in the storage location based on a detection of a change to the mobile application; and (3) responsive to determining the new version of the mobile application is available: (A) uploading the mobile application from the storage location; (B) analyzing computer code for the mobile application to identify at least one of a tracking technology being used by the mobile application or functionality of the mobile application related to a software development kit for collecting personal data of a user of the mobile application; (C) identifying a recommendation for managing a design of the mobile application in light of the at least one of the tracking technology or the functionality; (D) generating a task to implement the recommendation; (E) generating output comprising a report documenting the task; and (F) providing the report for display to an individual on a display screen.
“In particular aspects, the recommendation comprises at least one of (1) limiting a time period that the personal data is stored, (2) requiring the personal data to be encrypted; (3) anonymizing the personal data; or (4) restricting access to the personal data. In some aspects, the at least one of the tracking technology or the functionality is configured for detecting a location of a mobile device of the user of the mobile application. In a particular aspect, the task comprises performing a revision of the computer code of the mobile application with respect to the at least one of the tracking technology or the functionality to facilitate a compliance of the mobile application with a standard. In various aspects, the storage location comprises an online mobile application marketplace.
“In some aspects, the operations further comprise: (1) receiving a notification that the task has been completed; (2) generating an assessment for the mobile application that reflects the task has been completed; (3) generating output comprising updating the report to document the assessment; and (4) providing the updated report for display to the individual on the display screen.
“A system, in various aspects, comprises: (1) a non-transitory computer-readable medium storing instructions; and (2) a processing device communicatively coupled to the non-transitory computer-readable medium. In some aspects, processing device is configured to execute the instructions and thereby perform operations comprising: (1) analyzing computer code for a mobile application to identify a tracking technology being used by the mobile application for collecting personal data of a user of the mobile application; (2) identifying a recommendation for managing a design of the mobile application in light of the tracking technology; (3) identifying a task to implement the recommendation; (4) generating output comprising a report documenting the task; and (5) providing the report for display to an individual on a display screen.
“In some aspects, the tracking technology comprises a fingerprinting technology. In various aspects, the recommendation comprises at least one of (1) limiting a time period that the personal data is stored, (2) requiring the personal data to be encrypted; (3) anonymizing the personal data; or (4) restricting access to the personal data. In some aspects, the tracking technology is configured for detecting a location of a mobile device of the user of the mobile application. In other aspects, the task comprises performing a revision of the computer code of the mobile application with respect to the tracking technology to facilitate a compliance of the mobile application with a standard. In particular aspects, the operations further comprise: (1) receiving an indication of a storage location where the mobile application is available for upload from the individual; and (2) uploading the mobile application from the storage location. In still other aspects, the operations further comprise: (1) monitoring an online mobile application marketplace where the mobile application is available; (2) while monitoring the online mobile application marketplace, determining a change to the mobile application has occurred; and (3) responsive to determining the change to the mobile application has occurred, uploading the mobile application from the online mobile application marketplace.
“A method, according to some aspects, comprise: (1) analyzing, by computing hardware, computer code for a mobile application to identify a privacy-related attribute comprising functionality of the mobile application related to a software development kit; (2) identifying, by the computing hardware, a recommendation for managing a design of the mobile application in light of the functionality; (3) identifying, by the computing hardware, a task to implement the recommendation; (4) generating, by the computing hardware, output comprising a report documenting the task; and (5) providing, by the computing hardware, the report to display to an individual on a display screen. In some aspects, the functionality involves at least one of collecting or accessing personal data of a user of the mobile application.
“In various aspects, the recommendation comprises at least one of (1) limiting a time period that the personal data is stored, (2) requiring the personal data to be encrypted; (3) anonymizing the personal data; or (4) restricting access to the personal data. In a particular aspect, the functionality comprises a location service provided via the software development kit that is configured for detecting a location of a mobile device of a user of the mobile application. In various aspects, the task comprises performing a revision of the computer code of the mobile application with respect to the functionality to facilitate a compliance of the mobile application with a regulation or standard.
“In certain aspects, the method further comprises: (1) receiving, by the computing hardware, an indication of a storage location where the mobile application is available for upload from the individual; and (2) uploading, by the computing hardware, the mobile application from the storage location. In other aspects, the method comprises: (1) monitoring an online mobile application marketplace where the mobile application is available; (2) while monitoring the online mobile application marketplace, determining a change to the mobile application has occurred; and (3) responsive to determining the change to the mobile application has occurred, uploading the mobile application from the online mobile application marketplace.
“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”
The claims supplied by the inventors are:
“1. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: monitoring a storage location of a mobile application; determining that a new version of the mobile application has been stored in the storage location based on a detection of a change to the mobile application; and responsive to determining the new version of the mobile application is available: uploading the mobile application from the storage location; analyzing computer code for the mobile application to identify at least one of a tracking technology being used by the mobile application or functionality of the mobile application related to a software development kit for collecting personal data of a user of the mobile application; identifying a recommendation for managing a design of the mobile application in light of the at least one of the tracking technology or the functionality; generating a task to implement the recommendation; generating output comprising a report documenting the task; and providing the report for display to an individual on a display screen.
“2. The non-transitory computer-readable medium of claim 1, wherein the recommendation comprises at least one of (1) limiting a time period that the personal data is stored, (2) requiring the personal data to be encrypted; (3) anonymizing the personal data; or (4) restricting access to the personal data.
“3. The non-transitory computer-readable medium of claim 1, wherein the at least one of the tracking technology or the functionality is configured for detecting a location of a mobile device of the user of the mobile application.
“4. The non-transitory computer-readable medium of claim 1, wherein the task comprises performing a revision of the computer code of the mobile application with respect to the at least one of the tracking technology or the functionality to facilitate a compliance of the mobile application with a standard.
“5. The non-transitory computer-readable medium of claim 1, wherein the storage location comprises an online mobile application marketplace.
“6. The non-transitory computer-readable medium of claim 1, wherein the operations further comprise: receiving a notification that the task has been completed; generating an assessment for the mobile application that reflects the task has been completed; generating output comprising updating the report to document the assessment; and providing the updated report for display to the individual on the display screen.
“7. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: analyzing computer code for a mobile application to identify a tracking technology being used by the mobile application for collecting personal data of a user of the mobile application; identifying a recommendation for managing a design of the mobile application in light of the tracking technology; identifying a task to implement the recommendation; generating output comprising a report documenting the task; and providing the report for display to an individual on a display screen.
“8. The system of claim 7, wherein the tracking technology comprises a fingerprinting technology.
“9. The system of claim 7, wherein the recommendation comprises at least one of (1) limiting a time period that the personal data is stored, (2) requiring the personal data to be encrypted; (3) anonymizing the personal data; or (4) restricting access to the personal data.
“10. The system of claim 7, wherein the tracking technology is configured for detecting a location of a mobile device of the user of the mobile application.
“11. The system of claim 7, wherein the task comprises performing a revision of the computer code of the mobile application with respect to the tracking technology to facilitate a compliance of the mobile application with a standard.
“12. The system of claim 7, wherein the operations further comprise: receiving an indication of a storage location where the mobile application is available for upload from the individual; and uploading the mobile application from the storage location.
“13. The system of claim 7, wherein the operations further comprise: monitoring an online mobile application marketplace where the mobile application is available; while monitoring the online mobile application marketplace, determining a change to the mobile application has occurred; and responsive to determining the change to the mobile application has occurred, uploading the mobile application from the online mobile application marketplace.
“14. A method comprising: analyzing, by computing hardware, computer code for a mobile application to identify a privacy-related attribute comprising functionality of the mobile application related to a software development kit; identifying, by the computing hardware, a recommendation for managing a design of the mobile application in light of the functionality; identifying, by the computing hardware, a task to implement the recommendation; generating, by the computing hardware, output comprising a report documenting the task; and providing, by the computing hardware, the report to display to an individual on a display screen.
“15. The method of claim 14, wherein the functionality involves at least one of collecting or accessing personal data of a user of the mobile application.
“16. The method of claim 15, wherein the recommendation comprises at least one of (1) limiting a time period that the personal data is stored, (2) requiring the personal data to be encrypted; (3) anonymizing the personal data; or (4) restricting access to the personal data.
“17. The method of claim 14, wherein the functionality comprises a location service provided via the software development kit that is configured for detecting a location of a mobile device of a user of the mobile application.
“18. The method of claim 14, wherein the task comprises performing a revision of the computer code of the mobile application with respect to the functionality to facilitate a compliance of the mobile application with a regulation or standard.
“19. The method of claim 14 further comprising: receiving, by the computing hardware, an indication of a storage location where the mobile application is available for upload from the individual; and uploading, by the computing hardware, the mobile application from the storage location.
“20. The method of claim 14 further comprising: monitoring an online mobile application marketplace where the mobile application is available; while monitoring the online mobile application marketplace, determining a change to the mobile application has occurred; and responsive to determining the change to the mobile application has occurred, uploading the mobile application from the online mobile application marketplace.”
For more information, see this patent application: Barday, Kabir A. Data Processing And Communications Systems And Methods For The Efficient Implementation Of Privacy By Design. Filed
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for System and method for enabling real-time iterative collaborative decision support (USPTO 11455689): Nationwide Mutual Insurance Company
Researchers Submit Patent Application, “System And Method Of Determining And Providing Bindable Insurance Quotes”, for Approval (USPTO 20220309591): Frontline Insurance Managers Inc.
Advisor News
- Retirement regrets spark financial resolutions for the new year
- Wealth management: why some insurance companies are opting out of a lucrative opportunity
- Middle-income households exceeding retirement savings expectations
- How SECURE impacts inherited IRA beneficiaries
- 62% of workers face serious financial anxieties
More Advisor NewsAnnuity News
Health/Employee Benefits News
- UHC murder suspect railed about U.S. health care. Here's what he missed
- Studies from Columbia University Provide New Data on Managed Care (When the Bough Breaks: the Financial Burden of Childbirth and Postpartum Care By Insurance Type): Managed Care
- Back trouble and brain fog bothered suspect in UnitedHealthcare CEO killing, his posts show
- Dan Haar: Reaction to CEO's murder proves health coverage is broken. Here's a way to fix it
- Healthcare, insurance giants scrub leadership from web after CEO killing
More Health/Employee Benefits NewsLife Insurance News