Patent Issued for Data processing systems and methods for customizing privacy training (USPTO 11301796): OneTrust LLC

2022 MAY 02 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Barday, Kabir A. (Atlanta, GA, US), Brannon, Jonathan Blake (Smyrna, GA, US), Clearwater, Andrew (Brunswick, ME, US), Walk, Hannah Rose (Atlanta, GA, US), filed on August 9, 2021, was published online on April 12, 2022.

The assignee for this patent, patent number 11301796, is OneTrust LLC (Atlanta, Georgia, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.

“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly. There is also a need for improved systems and methods for estimating the timing of vendor risk analysis and procurement and providing effective training to ensure that employees and/or vendors are compliant with applicable privacy and security regulations and standards.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “A system, according to various embodiments, may include: a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: detecting a request to generate customized privacy training content, the request comprising a topic parameter indicating a privacy topic; in response to detecting the request, generating the customized privacy training content by: determining contextual information based on the request; determining privacy training content associated with the privacy topic based on the topic parameter; generating supplemental training content based on the contextual information and the privacy training content; generating the customized privacy training content by supplementing the privacy training content with the supplemental training content; and generating a graphical user interface by configuring a presentation element configured for presenting the customized privacy training content on the graphical user interface; and transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized privacy training content and present the graphical user interface on the user device.

“In particular embodiments, the request further comprises a trainee parameter; and determining the contextual information based on the request comprises determining the contextual information based on the trainee parameter. In particular embodiments, determining the contextual information based on the trainee parameter comprises: determining a data map associated with the trainee based on the trainee parameter; and determining the contextual information using the data map. In particular embodiments, the operations further comprise determining a data asset based on the trainee parameter; and determining the contextual information based on the trainee parameter comprises determining the contextual information based on the data asset. In particular embodiments, the contextual information comprises one or more of a geographical location of the data asset, a jurisdiction associated with the data asset, a type of data processed by the data asset, or a type of the data asset. In particular embodiments, the operations further comprise determining a portion of the privacy training content for removal based on the contextual information and the privacy training content; and generating the customized privacy training content comprises removing the portion of the privacy training content from the privacy training content. In particular embodiments, detecting the request comprises detecting browser state information in the browser application; determining the contextual information based on the request comprises determining a geographical location based on the browser state information; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content based on the geographical location.

“A method, according to various embodiments, may include: receiving, by computing hardware, a request to generate customized privacy training content, the request comprising a privacy topic parameter and a context parameter; in response to receiving the request, generating, by the computing hardware, the customized privacy training content by: determining contextual information based on the context parameter; determining privacy training content based on the privacy topic parameter; generating supplemental training content based on the contextual information and the privacy training content; generating the customized privacy training content by supplementing the privacy training content with the supplemental training content; and generating a graphical user interface by configuring a presentation element configured for presenting the customized privacy training content on the graphical user interface; and transmitting, by the computing hardware, an instruction to a user device to retrieve the customized privacy training content and present the graphical user interface on the user device.

“In particular embodiments, the context parameter comprises an indication of a set of privacy requirements; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content comprising training material associated with the set of privacy requirements. In particular embodiments, the supplemental training content comprises one or more of video content or audio content. In particular embodiments, the context parameter comprises an indication of a trainee; and generating the supplemental training content based on the contextual information and the privacy training content comprises: determining a supervisor of the trainee and generating the supplemental training content using one or more of an image of the supervisor, video content comprising an image of the supervisor, or audio content comprising audio of the supervisor. In particular embodiments, the context parameter comprises an indication of a vendor; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content using an image associated with the vendor. In particular embodiments, the operations further comprise: determining a data map for a data asset based on the context parameter, and determining a jurisdiction associated with the data asset using the data map; determining the contextual information based on the context parameter comprises determining the contextual information based on the jurisdiction; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content based on the jurisdiction. In particular embodiments, the operations further comprise: determining a data map for a data asset based on the context parameter, and determining a type of data associated with the data asset using the data map; determining the contextual information based on the context parameter comprises determining the contextual information based on the type of data; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content based on the type of data.

“A non-transitory computer-readable medium, according to various embodiments, may store computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: detecting a request to generate customized privacy training content, the request comprising a topic parameter indicating a privacy topic; in response to detecting the request, generating the customized privacy training content by: determining contextual information based on the request; determining a data map based on the contextual information; determining privacy training content associated with the privacy topic based on the topic parameter; retrieving supplemental training content based on the contextual information and the privacy training content using the data map; generating the customized privacy training content by supplementing the privacy training content with the supplemental training content; and generating a graphical user interface by configuring a presentation element configured for presenting the customized privacy training content on the graphical user interface; and transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized privacy training content and present the graphical user interface on the user device.”

The claims supplied by the inventors are:

“1. A system comprising: a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: detecting a request to generate customized privacy training content, the request comprising a topic parameter indicating a privacy topic; in response to detecting the request, generating the customized privacy training content by: determining contextual information based on the request; determining privacy training content associated with the privacy topic based on the topic parameter; generating supplemental training content based on the contextual information and the privacy training content; generating the customized privacy training content by supplementing the privacy training content with the supplemental training content; and generating a graphical user interface by configuring a presentation element configured for presenting the customized privacy training content on the graphical user interface; and transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized privacy training content and present the graphical user interface on the user device, wherein: the operations further comprise determining a portion of the privacy training content for removal based on the contextual information and the privacy training content; generating the customized privacy training content comprises removing the portion of the privacy training content from the privacy training content; detecting the request comprises detecting browser state information in the browser application; determining the contextual information based on the request comprises determining a geographical location based on the browser state information; and retrieving the supplemental training content based on the contextual information comprises retrieving the supplemental training content based on the geographical location.

“2. The system of claim 1, wherein: the request further comprises a trainee parameter; and determining the contextual information based on the request comprises determining the contextual information based on the trainee parameter.

“3. The system of claim 2, wherein determining the contextual information based on the trainee parameter comprises: determining a data map associated with the trainee based on the trainee parameter; and determining the contextual information using the data map.

“4. The system of claim 2, wherein: the operations further comprise determining a data asset based on the trainee parameter; and determining the contextual information based on the trainee parameter comprises determining the contextual information based on the data asset.

“5. The system of claim 4, wherein the contextual information comprises one or more of a geographical location of the data asset, a jurisdiction associated with the data asset, a type of data processed by the data asset, or a type of the data asset.

“6. The system of claim 1, wherein: generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content based on the geographical location.

“7. A method comprising: detecting, by computing hardware, a request to generate customized privacy training content, the request comprising a privacy topic parameter; in response to detecting the request, generating, by the computing hardware, the customized privacy training content by: determining contextual information based on the request; determining privacy training content based on the privacy topic parameter; generating supplemental training content based on the contextual information and the privacy training content; generating the customized privacy training content by supplementing the privacy training content with the supplemental training content; and generating a graphical user interface by configuring a presentation element configured for presenting the customized privacy training content on the graphical user interface; and transmitting, by the computing hardware, an instruction to a user device to retrieve the customized privacy training content and present the graphical user interface on the user device, wherein: the method further comprises determining, by the computing hardware, a portion of the privacy training content for removal based on the contextual information and the privacy training content; generating the customized privacy training content comprises removing the portion of the privacy training content from the privacy training content; detecting the request comprises detecting browser state information of a browser application; determining the contextual information based on the request comprises determining a geographical location based on the browser state information; and retrieving the supplemental training content based on the contextual information comprises retrieving the supplemental training content based on the geographical location.

“8. The method of claim 7, wherein: the request further comprises a context parameter; the context parameter comprises an indication of a set of privacy requirements; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content comprising training material associated with the set of privacy requirements.

“9. The method of claim 7, wherein the supplemental training content comprises one or more of video content or audio content.

“10. The method of claim 7, wherein: the request further comprises a context parameter; the context parameter comprises an indication of a trainee; and generating the supplemental training content based on the contextual information and the privacy training content comprises: determining a supervisor of the trainee, and generating the supplemental training content using one or more of an image of the supervisor, video content comprising an image of the supervisor, or audio content comprising audio of the supervisor.

“11. The method of claim 7, wherein: the request further comprises a context parameter; the context parameter comprises an indication of a vendor; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content using an image associated with the vendor.

“12. The method of claim 7, wherein: the request further comprises a context parameter; the operations further comprise: determining a data map for a data asset based on the context parameter, and determining a jurisdiction associated with the data asset using the data map; determining the contextual information based on the context parameter comprises determining the contextual information based on the jurisdiction; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content based on the jurisdiction.

“13. The method of claim 7, wherein: the request further comprises a context parameter; the operations further comprise: determining a data map for a data asset based on the context parameter, and determining a type of data associated with the data asset using the data map; determining the contextual information based on the context parameter comprises determining the contextual information based on the type of data; and generating the supplemental training content based on the contextual information and the privacy training content comprises generating the supplemental training content based on the type of data.

“14. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: detecting a request to generate customized privacy training content, the request comprising a topic parameter indicating a privacy topic; in response to detecting the request, generating the customized privacy training content by: determining contextual information based on the request; determining privacy training content associated with the privacy topic based on the topic parameter; retrieving supplemental training content based on the contextual information and the privacy training content; generating the customized privacy training content by supplementing the privacy training content with the supplemental training content; and generating a graphical user interface by configuring a presentation element configured for presenting the customized privacy training content on the graphical user interface; and transmitting an instruction to a browser application executed on a user device causing the browser application to retrieve the customized privacy training content and present the graphical user interface on the user device, wherein: the operations further comprise determining a portion of the privacy training content for removal based on the contextual information and the privacy training content; generating the customized privacy training content comprises removing the portion of the privacy training content from the privacy training content; detecting the request comprises detecting browser state information in the browser application; determining the contextual information based on the request comprises determining a geographical location based on the browser state information; and retrieving the supplemental training content based on the contextual information comprises retrieving the supplemental training content based on the geographical location.”

There are additional claims. Please visit full patent to read further.

For more information, see this patent: Barday, Kabir A. Data processing systems and methods for customizing privacy training. U.S. Patent Number 11301796, filed August 9, 2021, and published online on April 12, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11301796.PN.&OS=PN/11301796RS=PN/11301796

(Our reports deliver fact-based news of research and discoveries from around the world.)