Patent Issued for Privacy management systems and methods (USPTO 11341447): OneTrust LLC
2022 JUN 13 (NewsRx) -- By a
The patent’s inventors are Brannon,
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).
“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in
“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.
“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly.
“Many organizations offer multiple services to customers and other users. Because each such service may use personal data (e.g., collect personal data, store personal data, retain personal data, etc.) across many different jurisdictions, the risks posed by a potential data breach related to those services may be great. Moreover, the geographical location of users of such services may vary, which may also affect the response requirements that may apply to a data breach in different jurisdictions. Therefore, there is currently a need for improved systems and methods of for handling intrusions or errors that lead to an exposure of data.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “A method, in various embodiments, comprises: (1) determining, by computing hardware, data breach response requirements for each affected jurisdiction for a data breach; (2) obtaining, by the computing hardware, data breach response prioritization data; (3) generating, by the computing hardware and based on evaluating the data breach response requirements against the data breach response prioritization data, a graphical user interface by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface; (4) transmitting, by the computing hardware, a first instruction to a user device to present the graphical user interface on the user device; (5) detecting, by the computing hardware, a selection of a first navigation element; and (6) in response to detecting the selection of the first navigation element, transmitting, by the computing hardware, a second instruction to the user device causing the user device to retrieve and present a first display element on the user device. In particular embodiments: (1) the first navigation element is configured for navigating to a first display element that presents a first data breach response requirement, and (2) the second navigation element is configured for navigating to a second display element that presents a second data breach response requirement.
“In particular embodiments, a system comprises a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium. In various embodiments, the processing hardware is configured to execute the instructions and thereby perform operations comprising: (1) identifying data breach data and affected jurisdictions for a data breach; (2) determining data breach response requirements for each of the affected jurisdictions based on the data breach data; (3) obtaining data breach response prioritization data; (4) generating a response plan for the data breach by evaluating the data breach response requirements against the data breach response prioritization data; (5) generating, based on the response plan, a graphical user interface by configuring a first set of navigation elements on the graphical user interface and excluding a second set of navigation elements from the graphical user interface, wherein: (A) each respective navigation element of the first set of navigation elements is configured for navigating to a different respective display element that presents a first different respective data breach response requirement, and (B) each respective navigation element of the second set of navigation elements is configured for navigating to a different respective display element that presents a second different respective data breach response requirement, and; (6) transmitting a first instruction to a user device to present the graphical user interface on the user device; (7) detecting a selection of a first navigation element of the first set of navigation elements; and (8) in response to detecting the selection of the first navigation element, transmitting a second instruction to the user device causing the user device to retrieve and present the respective display element for the first navigation element on the user device.
“In still other embodiments, a system comprises a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium. In various embodiments, the processing hardware is configured to execute the instructions and thereby perform operations comprising: (1) identifying data breach data and affected jurisdictions for a data breach; (2) determining data breach response requirements for each of the affected jurisdictions based on the data breach data; (3) obtaining data breach response prioritization data; (4) generating a response plan for the data breach by evaluating the data breach response requirements against the data breach response prioritization data; and (5) causing performance of one of the data breach response requirements according to the response plan.
“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”
The claims supplied by the inventors are:
“1. A system comprising: a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: identifying data breach data and affected jurisdictions for a data breach; determining data breach response requirements for each of the affected jurisdictions based on the data breach data; obtaining data breach response prioritization data; generating a response plan for the data breach by evaluating the data breach response requirements against the data breach response prioritization data; generating, based on the response plan, a graphical user interface by configuring a first set of navigation elements on the graphical user interface and excluding a second set of navigation elements from the graphical user interface, wherein: each respective navigation element of the first set of navigation elements is configured for navigating to a different respective display element that presents a first different respective data breach response requirement, and each respective navigation element of the second set of navigation elements is configured for navigating to a different respective display element that presents a second different respective data breach response requirement; transmitting a first instruction to a user device to present the graphical user interface on the user device; detecting a selection of a first navigation element of the first set of navigation elements; and in response to detecting the selection of the first navigation element, transmitting a second instruction to the user device causing the user device to retrieve and present the respective display element for the first navigation element on the user device.
“2. The system of claim 1, wherein the processing hardware is further configured to perform operations comprising: completing a first data breach response requirement; and responsive to performing the first data breach response requirement, modifying the graphical user interface by excluding a second navigation element from the first set of navigation elements, wherein the second navigation element is configured for navigating to a second display element that presents the first data breach response requirement.
“3. The system of claim 1, wherein: a third navigation element of the first set of navigation elements displays a completion status of a second data breach response requirement; and the method further comprises: causing performance of the second data breach response requirement; and responsive to causing the performance of the second data breach response requirement, modifying, by the computing hardware, the third navigation element to indicate the completion status of the second data breach response requirement to reflect the performance of the second data breach response requirement.
“4. The system of claim 1, wherein: the processing hardware is further configured to perform operations comprising, obtaining data breach requirement enforcement data for each of the affected jurisdictions; and generating the response plan for the data breach is further based on evaluating the data breach response requirements against the data breach requirement enforcement data for each of the affected jurisdictions.
“5. The system of claim 1, wherein the data breach response prioritization data comprises a user-provided prioritization of each of the affected jurisdictions.
“6. The system of claim 1, wherein the response plan comprises an ordered listing of at least one of the data breach response requirements.
“7. The system of claim 1, wherein configuring the first set of navigation elements on the graphical user interface comprises configuring each respective navigation element of the first set of navigation elements according to the response plan.
“8. A system comprising: a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: identifying data breach data and affected jurisdictions for a data breach; determining data breach response requirements for each of the affected jurisdictions based on the data breach data; obtaining data breach response prioritization data; generating a response plan for the data breach by evaluating the data breach response requirements against the data breach response prioritization data; generating, based on the response plan, a graphical user interface by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface, wherein: the first navigation element is configured for navigating to a first display element that presents a first response requirement, and the second navigation element is configured for navigating to a second display element that presents a second response requirement; transmitting a first instruction to a user device to present the graphical user interface on the user device; detecting a selection of the first navigation element; in response to detecting the selection of the first navigation element, transmitting a second instruction to the user device causing the user device to retrieve and present the first display element on the user device; and causing performance of one of the data breach response requirements according to the response plan.
“9. The system of claim 8, wherein the processing hardware is further configured to perform operations comprising performing each of the data breach response requirements according to the response plan.
“10. The system of claim 8, wherein: the first response requirement for a first jurisdiction conflicts with the second response requirement for a second jurisdiction; and generating the response plan comprises evaluating the first response requirement and the second response requirement against the data breach response prioritization data to determine which of the first response requirement and the second response requirement to include in the response plan.
“11. The system of claim 8, wherein: the first navigation element displays a completion status of the first response requirement; and the processing hardware is further configured to perform operations comprising: causing performance of the first response requirement; and responsive to causing the performance of the first response requirement, modifying, by the computing hardware, the first navigation element to indicate the completion status of the first response requirement to reflect the performance of the first response requirement.
“12. The system of claim 8, wherein: the processing hardware is further configured to perform operations comprising determining, by the computing hardware, a respective prioritization score for each of the affected jurisdictions based on at least one of penalty data for each of the affected jurisdictions, deadline data for each of the affected jurisdictions, and a number of data subjects affected by the data breach in each of the affected jurisdictions; and generating the response plan is further based on the respective prioritization score for each of the affected jurisdictions.”
For the URL and additional information on this patent, see: Brannon,
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Issued for Systems and methods for image monitoring of check during mobile deposit (USPTO 11341465): United Services Automobile Association
Power Insurance Market Share, Size, Industry Analysis, Trends, Growth, Opportunities, Key Companies and Forecast 2022-2028: Power Insurance Market Dynamics and SWOT Analysis of Key Players Like The Travelers Companies, Swiss Re, Marsh McLennan, Chubb, AXA XL, Aon
Advisor News
- Ex-employees sue Verizon over pension transfer deal with Prudential, RGA
- Gary Brecka, Cardones file dueling lawsuits in battle of social media stars
- Confidence is key to cold calling success
- Overcoming the indecision of prospects
- What issues top consumers’ list of financial goals for 2025?
More Advisor NewsAnnuity News
- Sapiens wins XCelent award for Customer Base and Support for UnderwritingPro for Life & Annuities
- SB 263 expected to bring chaos to Calif. insurance, annuity sales come Jan. 1
- Lincoln Financial hires industry veteran Tom Morelli as Vice President, Investment Distribution
- Structured settlements protect young injury victims | H. Dennis Beaver
- MetLife Inc. (NYSE: MET) Highlighted for Surprising Price Action
More Annuity NewsHealth/Employee Benefits News
- Janie Slaven: TONI SAYS: Making sense of Medicare's inpatient 'under observation' hospital rule
- Anthem Medicare Advantage patients still without OSU coverage. How they can stay in network
- Insurance assurance:
Health care proposal does little to address Hoosiers' full needs
- Studies from University of Michigan Have Provided New Information about Arthroplasty (Employer-sponsored Medicare Advantage Plans and the 2018 Therapy Cap Repeal
<i>
reduced Overall Spending Does Not Constrain Out
</i>-
<i>
of
</i>-<i>pocket …): Surgery – Arthroplasty
- City of Aurora to open new health clinic for its employees
More Health/Employee Benefits NewsLife Insurance News
- Hidden risk: The impact of financial markets on life insurance
- Registration Statement by Foreign Issuer (Form F-1)
- Confidence is key to cold calling success
- Exemption Application under Investment Company Act (Form 40-APP/A)
- AM Best Assigns Credit Ratings to Min Xin Insurance Company Limited
More Life Insurance News