Patent Issued for Data processing systems and methods for providing training in a vendor procurement process (USPTO 11100444)
2021 SEP 09 (NewsRx) -- By a
Patent number 11100444 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).
“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in
“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.
“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly. There is also a need for improved systems and methods for estimating the timing of vendor risk analysis and procurement and providing effective training to ensure that employees and/or vendors are compliant with applicable privacy and security regulations and standards.”
In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “A computer-implemented data processing method for monitoring one or more system inputs as input of information related to a privacy campaign, according to various embodiments, comprises: (A) actively monitoring, by one or more processors, one or more system inputs from a user as the user provides information related to a privacy campaign, the one or more system inputs comprising one or more submitted inputs and one or more unsubmitted inputs, wherein actively monitoring the one or more system inputs comprises: (1) recording a first keyboard entry provided within a graphical user interface that occurs prior to submission of the one or more system inputs by the user, and (2) recording a second keyboard entry provided within the graphical user interface that occurs after the user inputs the first keyboard entry and before the user submits the one or more system inputs; (B) storing, in computer memory, by one or more processors, an electronic record of the one or more system inputs; (C) analyzing, by one or more processors, the one or more submitted inputs and one or more unsubmitted inputs to determine one or more changes to the one or more system inputs prior to submission, by the user, of the one or more system inputs, wherein analyzing the one or more submitted inputs and the one or more unsubmitted inputs to determine the one or more changes to the one or more system inputs comprises comparing the first keyboard entry with the second keyboard entry to determine one or more differences between the one or more submitted inputs and the one or more unsubmitted inputs, wherein the first keyboard entry is an unsubmitted input and the second keyboard entry is a submitted input; (D) determining, by one or more processors, based at least in part on the one or more system inputs and the one or more changes to the one or more system inputs, whether the user has provided one or more system inputs comprising one or more abnormal inputs; and (E) at least partially in response to determining that the user has provided one or more abnormal inputs, automatically flagging the one or more system inputs that comprise the one or more abnormal inputs in memory.
“A computer-implemented data processing method for monitoring a user as the user provides one or more system inputs as input of information related to a privacy campaign, in various embodiments, comprises: (A) actively monitoring, by one or more processors, (i) a user context of the user as the user provides the one or more system inputs as information related to the privacy campaign and (ii) one or more system inputs from the user, the one or more system inputs comprising one or more submitted inputs and one or more unsubmitted inputs, wherein actively monitoring the user context and the one or more system inputs comprises recording a first user input provided within a graphical user interface that occurs prior to submission of the one or more system inputs by the user, and recording a second user input provided within the graphical user interface that occurs after the user inputs the first user input and before the user submits the one or more system input; (B) storing, in computer memory, by one or more processors, an electronic record of user context of the user and the one or more system inputs from the user; (C) analyzing, by one or more processors, at least one item of information selected from a group consisting of (i) the user context and (ii) the one or more system inputs from the user to determine whether abnormal user behavior occurred in providing the one or more system inputs, wherein determining whether the abnormal user behavior occurred in providing the one or more system inputs comprises comparing the first user input with the second user input to determine one or more differences between the one or more submitted inputs and the one or more unsubmitted inputs, wherein the first user input is an unsubmitted input and the second user input is a submitted input; and (D) at least partially in response to determining that abnormal user behavior occurred in providing the one or more system inputs, automatically flagging, in memory, at least a portion of the provided one or more system inputs in which the abnormal user behavior occurred.
“A computer-implemented data processing method for monitoring a user as the user provides one or more system inputs as input of information related to a privacy campaign, in various embodiments, comprises: (A) actively monitoring, by one or more processors, a user context of the user as the user provides the one or more system inputs, the one or more system inputs comprising one or more submitted inputs and one or more unsubmitted inputs, wherein actively monitoring the user context of the user as the user provides the one more system inputs comprises recording a first user input provided within a graphical user interface that occurs prior to submission of the one or more system inputs by the user, and recording a second user input provided within the graphical user interface that occurs after the user provides the first user input and before the user submits the one or more system inputs, wherein the user context comprises at least one user factor selected from a group consisting of: (i) an amount of time the user takes to provide the one or more system inputs, (ii) a deadline associated with providing the one or more system inputs, (iii) a location of the user as the user provides the one or more system inputs; and (iv) one or more electronic activities associated with an electronic device on which the user is providing the one or more system inputs; (B) storing, in computer memory, by one or more processors, an electronic record of the user context of the user; (C) analyzing, by one or more processors, the user context, based at least in part on the at least one user factor, to determine whether abnormal user behavior occurred in providing the one or more system inputs, wherein determining whether the abnormal user behavior occurred in providing the one or more system inputs comprises comparing the first user input with the second user input to determine one or more differences between the first user input and the second user input, wherein the first user input is an unsubmitted input and the second user input is a submitted input; and (D) at least partially in response to determining that abnormal user behavior occurred in providing the one or more system inputs, automatically flagging, in memory, at least a portion of the provided one or more system inputs in which the abnormal user behavior occurred.
“A computer-implemented data processing method for scanning one or more webpages to determine vendor risk, in various embodiments, comprises: (A) scanning, by one or more processors, one or more webpages associated with a vendor; (B) identifying, by one or more processors, one or more vendor attributes based on the scan; (C) calculating a vendor risk score based at least in part on the one or more vendor attributes; and (D) taking one or more automated actions based on the vendor risk rating.
“A computer-implemented data processing method for generating an incident notification for a vendor, according to particular embodiments, comprises: receiving, by one or more processors, an indication of a particular incident; determining, by one or more processors based on the indication of the particular incident, one or more attributes of the particular incident; determining, by one or more processors based on the one or more attributes of the particular incident, a vendor associated with the particular incident; determining, by one or more processors based on the vendor associated with the particular incident, a notification obligation for the vendor associated with the particular incident; generating, by one or more processors in response to determining the notification obligation, a task associated with satisfying the notification obligation; presenting, by one or more processors on a graphical user interface, an indication of the task associated with satisfying the notification obligation; detecting, by one or more processors on a graphical user interface, a selection of the indication of the task associated with satisfying the notification obligation; and presenting, by one or more processors on a graphical user interface, detailed information associated with the task associated with satisfying the notification obligation.”
The claims supplied by the inventors are:
“1. A computer-implemented data processing method for determining privacy training requirements in a vendor procurement system, the method comprising: receiving, by one or more computer processors, from a user via a graphical user interface, a request to procure a particular vendor for an entity; at least partially in response to receiving the request, determining, by one or more computer processors, one or more vendor criteria associated with the particular vendor; at least partially in response to determining the one or more vendor criteria, determining, by one or more computer processors, one or more training requirements associated with procurement of the particular vendor; retrieving, by one or more computer processors from a learning management system, training data associated with the user; determining, by one or more computer processors, based at least in part on the training data associated with the user, whether the user has satisfied each of the one or more training requirements associated with the procurement of the particular vendor; at least partially in response to determining that the user has not satisfied each of the one or more training requirements associated with the procurement of the particular vendor, providing, by the one or more computer processors to the user, one or more training programs, wherein each of the one or more training programs is associated with one or more of the one or more training requirements associated with the procurement of the particular vendor that the user has not satisfied; and at least partially in response to determining that the user has satisfied each of the one or more training requirements associated with the procurement of the particular vendor, fulfilling, by the one or more computer processors to the user, the request to procure the particular vendor for the entity, wherein determining, based at least in part on the training data associated with the user, whether the user has satisfied each of the one or more training requirements associated with the procurement of the particular vendor comprises: determining, by one or more computer processors, that the user has previously satisfied one of the one or more training requirements; determining, by one or more computer processors, whether one or more regulations associated with the one of the one or more training requirements previously satisfied by the user has changed since the user previously satisfied the one of the one or more training requirements; and determining, by one or more computer processors, based at least in part on whether the one or more regulations associated with the one of the one or more training requirements previously satisfied by the user has changed since the user previously satisfied the one of the one or more training requirements, whether the user has satisfied each of the one or more training requirements.
“2. The computer-implemented data processing method of claim 1, further comprising: determining, by one or more computer processors, that the one or more regulations associated with the one of the one or more training requirements has changed since the user satisfied the one of the one or more training requirements; and at least partially in response to determining that the one or more regulations associated with the one of the one or more training requirements has changed since the user satisfied the one of the one or more training requirements, determining, by one or more computer processors, that the user has not satisfied each of the one or more training requirements.
“3. The computer-implemented data processing method of claim 1, wherein the one or more vendor criteria comprise one or more criteria selected form a group consisting of: (a) a type of data processed by the particular vendor; (b) a volume of data processed by the particular vendor; © a classification of the particular vendor; (d) a certification held by the particular vendor; and (e) a jurisdiction associated with the particular vendor.
“4. The computer-implemented data processing method of claim 1, wherein determining, based at least in part on the training data associated with the user, whether the user has satisfied each of the one or more training requirements associated with the procurement of the particular vendor comprises: determining, by one or more computer processors, that at least one of the one or more training requirements associated with the procurement of the particular vendor comprises a particular certification; and determining, by one or more computer processors, whether the user holds the particular certification.
“5. The computer-implemented data processing method of claim 4, wherein determining whether the user holds the particular certification comprises determining, by one or more computer processors, whether the particular certification is currently valid.
“6. The computer-implemented data processing method of claim 1, wherein providing the one or more training programs comprises presenting, by one or more computer processors, to the user, a link to the one or more training programs.
“7. A vendor procurement training system comprising: one or more computer processors; and computer memory storing computer-executable instructions that, when executed by the one or more computer processors, cause the one or more computer processors to perform one or more operations comprising: detecting the initiation, by a user, of a vendor procurement process for procuring a particular vendor for an entity; at least partially in response to detecting the initiation of the vendor procurement process, determining one or more vendor criteria associated with the particular vendor; at least partially in response to determining the one or more vendor criteria, determining one or more vendor training requirements associated with procurement of the particular vendor; retrieving, from a learning management system, training data associated with the particular vendor; identifying, based at least in part on the training data associated with the particular vendor, one or more completed vendor training requirements from among the one or more vendor training requirements associated with the procurement of the particular vendor, wherein the particular vendor has completed each of the one or more completed vendor training requirements; determining, based at least in part on the training data associated with the particular vendor, whether each of the one or more completed vendor training requirements is currently valid, wherein determining whether each of the one or more completed vendor training requirements is currently valid comprises: determining whether one or more regulations associated with each of the one or more completed vendor training requirements has changed since the particular vendor completed each of the one or more vendor training requirements; and determining, based at least in part on whether the one or more regulations associated with each of the one or more completed vendor training requirements has changed since the particular vendor completed each of the one or more vendor training requirements, whether each of the one or more completed vendor training requirements is currently valid; at least partially in response to determining that at least one of the one or more completed vendor training requirements is not currently valid, providing, to the vendor, one or more training programs, wherein each of the one or more training programs is associated with at least one of the one or more completed vendor training requirements; and at least partially in response to determining that each of the one or more completed vendor training requirements is currently valid, completing the vendor procurement process.
“8. The vendor procurement training system of claim 7, wherein determining, based at least in part on the training data associated with the particular vendor, whether each of the one or more completed vendor training requirements is currently valid comprises: determining, based at least in part on the training data associated with the particular vendor, a date on which the particular vendor completed each of the one or more completed vendor training requirements; determining, based on the date on which the particular vendor completed each of the one or more completed vendor training requirements, an amount of time in the past since the particular vendor completed each of the one or more completed vendor training requirements; and determining whether the amount of time in the past since the particular vendor completed each of the one or more completed vendor training requirements is greater than a predefined threshold amount of time.
“9. The vendor procurement training system of claim 8, wherein determining that the at least one of the one or more completed vendor training requirements is not currently valid comprises determining that the amount of time in the past since the particular vendor completed the at least one of the one or more completed vendor training requirements is greater than the predefined threshold amount of time.
“10. The vendor procurement training system of claim 8, wherein determining that each of the one or more completed vendor training requirements is currently valid comprises determining that the amount of time in the past since the particular vendor completed each of the one or more completed vendor training requirements is less than the predefined threshold amount of time.”
There are additional claims. Please visit full patent to read further.
URL and more information on this patent, see: Barday, Kabir A. Data processing systems and methods for providing training in a vendor procurement process.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Former Police Chief James Craig to launch campaign for governor on Belle Isle Tuesday
Biden, Dems push Civilian Climate Corps in echo of New Deal
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News