Researchers Submit Patent Application, “Data Processing And Scanning Systems For Assessing Vendor Risk”, for Approval (USPTO 20210342454): OneTrust LLC - Insurance News | InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Newswires
Topics
    • Advisor News
    • Annuity Index
    • Annuity News
    • Companies
    • Earnings
    • Fiduciary
    • From the Field: Expert Insights
    • Health/Employee Benefits
    • Insurance & Financial Fraud
    • INN Magazine
    • Insiders Only
    • Life Insurance News
    • Newswires
    • Property and Casualty
    • Regulation News
    • Sponsored Articles
    • Washington Wire
    • Videos
    • ———
    • About
    • Meet our Editorial Staff
    • Advertise
    • Contact
    • Newsletters
  • Exclusives
  • NewsWires
  • Magazine
  • Newsletters
Sign in or register to be an INNsider.
  • AdvisorNews
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Exclusives
  • INN Magazine
  • Insurtech
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Video
  • Washington Wire
  • Life Insurance
  • Annuities
  • Advisor
  • Health/Benefits
  • Property & Casualty
  • Insurtech
  • About
  • Advertise
  • Contact
  • Editorial Staff

Get Social

  • Facebook
  • X
  • LinkedIn
Newswires
Newswires RSS Get our newsletter
Order Prints
November 18, 2021 Newswires
Share
Share
Post
Email

Researchers Submit Patent Application, “Data Processing And Scanning Systems For Assessing Vendor Risk”, for Approval (USPTO 20210342454): OneTrust LLC

Insurance Daily News

2021 NOV 18 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventor Brannon, Jonathan Blake (Smyrna, GA, US), filed on June 8, 2021, was made available online on November 4, 2021.

The patent’s assignee is OneTrust LLC (Atlanta, Georgia, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“Many organizations have also begun to track the compliance of their vendors with privacy laws, regulations, and/or standards. This can be expensive and time consuming using traditional methods. Accordingly, there is a need for improved systems and methods for efficiently tracking the compliance of vendors with privacy laws, regulations, and/or standards, and for assessing the risk associated with doing business with a particular vendor.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventor’s summary information for this patent application: “A method according to various embodiments, may include: executing, by computing hardware, a download of a software application from a computer system associated with a vendor; identifying, by the computing hardware and based on the download of the software application, a plurality of vendor attributes, wherein the plurality of vendor attributes comprises a privacy disclaimer associated with the software application; determining, by the computing hardware, factors for the plurality of vendor attributes, wherein determining the factors for the plurality of vendor attributes comprises determining a privacy disclaimer factor for the privacy disclaimer by: analyzing the privacy disclaimer to determine whether the privacy disclaimer comprises language associated with at least one of a legal requirement or an industry requirement; and determining the privacy disclaimer factor based on whether the privacy disclaimer comprises the language associated with the at least one of the legal requirement or the industry requirement; determining, by the computing hardware, a vendor risk rating based on the factors for the plurality of vendor attributes; generating, by the computing hardware and based on the vendor risk rating, a graphical user interface by configuring a navigation element on the graphical user interface and excluding a display element from the graphical user interface, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; transmitting, by the computing hardware, an instruction to a user device to present the graphical user interface on the user device; detecting, by the computing hardware, selection of the navigation element; and responsive to detecting the selection of the navigation element, initiating, by the computing hardware, the responsive action.

“In particular embodiments, the responsive action comprises: generating a second graphical user interface comprising an indication of the vendor risk rating and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device. In particular embodiments, the second graphical user interface further comprises an indication of the software application. In particular embodiments, the responsive action comprises: generating an electronic communication comprising an indication of the vendor risk rating and transmitting the electronic communication to a third-party computing device. In particular embodiments, the factors for the plurality of vendor attributes comprise a security certification factor; and the method further comprises: analyzing computer code associated with the vendor to identify an indication of a security certification associated with the vendor; and determining the security certification factor based on the security certification. In particular embodiments, the factors for the plurality of vendor attributes comprise a security certification factor; and the method further comprises: scanning a website associated with the vendor to identify an image associated with a security certification associated with the vendor; and determining the security certification factor based on the security certification. In particular embodiments, determining the security certification factor based on the security certification comprises: accessing a database of security certifications to determine whether the vendor holds the security certification; and determining the security certification factor based on whether the vendor holds the security certification.

“A system, according to various embodiments, may include: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein the processing device is configured to execute the instructions and thereby perform operations comprising: downloading a software application from a computer system associated with a vendor; identifying a privacy disclaimer associated with the software application; determining a privacy disclaimer factor for the privacy disclaimer based on whether the privacy disclaimer comprises language associated with at least one of a legal requirement or an industry requirement; determining a vendor risk rating based on the privacy disclaimer factor; determining that the vendor risk rating meets a threshold risk rating; generating a graphical user interface based on determining that the vendor risk rating meets the threshold risk rating by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface, wherein: the first navigation element is configured for initiating a responsive action based on the vendor risk rating meeting the threshold risk rating, and the second navigation element is configured for navigating to a display element that presents an indication that the vendor risk rating does not meet the threshold risk rating; transmitting an instruction to a user device to present the graphical user interface on the user device; detecting a selection of the first navigation element; and responsive to detecting the selection of the first navigation element, initiating the responsive action.

“In particular embodiments, identifying the privacy disclaimer associated with the software application comprises identifying the privacy disclaimer on a webpage provided by the vendor for downloading the software application. In particular embodiments, the vendor risk rating is further based on a public information factor; and the method further comprises determining the public information factor based on public information associated with the vendor. In particular embodiments, the public information comprises social networking website content. In particular embodiments, the public information comprises at least one of an employee title, an employee role, or an available job post. In particular embodiments, the public information comprises an indication of a contract between the vendor and a government entity. In particular embodiments, the vendor risk rating is further based on a third-party processor factor; and the method further comprises determining the third-party processor factor based on a webpage provided by the vendor for downloading the software application.

“A non-transitory computer-readable medium according to various embodiments, may store computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations comprising: downloading a software application from a computer system associated with a vendor; identifying a privacy disclaimer associated with the software application; determining a privacy disclaimer factor for the privacy disclaimer based on whether the privacy disclaimer comprises language associated with at least one of a legal requirement or an industry requirement; determining a vendor risk rating based on the privacy disclaimer factor; generating a graphical user interface based on determining that the vendor risk rating does not meet a threshold risk rating by configuring a first navigation element on the graphical user interface and excluding a second navigation element from the graphical user interface, wherein: the first navigation element is configured for initiating a responsive action based on the vendor risk rating not meeting the threshold risk rating, and the second navigation element is configured for initiating a second responsive action based on the vendor risk rating meeting the threshold risk rating; transmitting an instruction to a user device to present the graphical user interface on the user device; detecting a selection of the first navigation element; and responsive to detecting the selection of the first navigation element, initiating the first responsive action.

“In particular embodiments, determining the vendor risk rating based on the privacy disclaimer factor comprises a step for determining the vendor risk rating based on a plurality of vendor factors, wherein the plurality of vendor factors comprises the privacy disclaimer factor. In particular embodiments, determining the vendor risk rating based on the plurality of vendor factors comprises a step for applying a respective weighting factor to a respective vendor attribute to determine each of the plurality of vendor factors. In particular embodiments, the first responsive action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor. In particular embodiments, identifying the privacy disclaimer associated with the software application comprises downloading the privacy disclaimer with the software application. In particular embodiments, identifying the privacy disclaimer associated with the software application comprises identifying the privacy disclaimer on a webpage generated by the vendor in response to downloading the software application.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1.-20. (canceled)

“21. A method comprising: scanning, by computing hardware, a webpage associated with a vendor to identify a security certification, wherein the security certification is associated with a certifying authority and indicates that the vendor is in compliance with security certification requirements of the certifying authority; calculating, by the computing hardware, a vendor risk rating based on the security certification; generating, by the computing hardware and based on the vendor risk rating, a menu for managing a computerized workflow related to the vendor, the menu comprising a navigation element and a display element from the graphical user interface, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; transmitting, by the computing hardware, an instruction to a user computing device to present the graphical user interface on the user computing device; detecting, by the computing hardware, selection of the navigation element; and responsive to detecting the selection of the navigation element, initiating, by the computing hardware, the responsive action.

“22. The method of claim 21, wherein scanning the webpage comprises scanning the webpage for content indicating receipt of the security certification by the vendor.

“23. The method of claim 21, wherein scanning the webpage comprises scanning the webpage for an image indicating receipt of the security certification by the vendor.

“24. The method of claim 21, wherein scanning the webpage comprises scanning computer code associated with the webpage to identify an indication of the security certification.

“25. The method of claim 21, wherein the responsive action comprises: generating a second graphical user interface comprising an indication of the vendor risk rating, and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“26. The method of claim 21, wherein the responsive action comprises: generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device.

“27. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein the processing device is configured to execute the instructions and thereby perform operations comprising: scanning a webpage associated with a vendor to identify a security certification, wherein the security certification is associated with a certifying authority and indicates that the vendor is in compliance with security certification requirements of the certifying authority; determining a vendor risk rating based on the security certification; determining that the vendor risk rating meets a threshold risk rating; generating, by the computing hardware and based on the vendor risk rating, a menu for managing a computerized workflow related to the vendor, the menu comprising a navigation element and a display element from the graphical user interface, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; transmitting an instruction to a user computing device to present the graphical user interface on the user device; detecting a selection of the first navigation element; and responsive to detecting the selection of the first navigation element, initiating the responsive action.

“28. The system of claim 27, wherein scanning the webpage comprises at least one of scanning the webpage for content indicating receipt of the security certification by the vendor, scanning the webpage for an image indicating receipt of the security certification by the vendor, or scanning computer code associated with the webpage to identify an indication of the security certification.

“29. The system of claim 27, wherein the responsive action comprises: generating a second graphical user interface comprising an indication of the vendor risk rating, and transmitting a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“30. The system of claim 27, wherein the responsive action comprises: generating an electronic communication comprising an indication of the vendor risk rating, and transmitting the electronic communication to a third-party computing device.

“31. The system of claim 27, wherein the operations further comprise: determining a public information factor based on public information associated with the vendor and the vendor risk rating is further based on the public information factor.

“32. The system of claim 27, wherein the operations further comprise: determining a presence of a suitable privacy notice on the website, and the vendor risk rating is further based on the presence of the suitable privacy notice.

“33. The system of claim 27, wherein the operations further comprise: determining a presence of a control center on the website that enables a visitor to the website to allow collection of certain data, and the vendor risk rating is further based on the presence of the control center.

“34. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, causes the processing hardware to perform operations comprising: scanning a webpage associated with a vendor to identify a security certification, wherein the security certification is associated with a certifying authority and indicates that the vendor is in compliance with security certification requirements of the certifying authority; accessing a database of security certifications to determine that the vendor actually holds the security certification; determining a vendor risk rating based on the security certification; generating, by the computing hardware and based on the vendor risk rating, a menu for managing a computerized workflow related to the vendor, the menu comprising a navigation element and a display element from the graphical user interface, wherein: the navigation element is configured for initiating a responsive action based on the vendor risk rating, and the display element is configured for presenting the vendor risk rating; detecting a selection of the first navigation element; and responsive to detecting the selection of the first navigation element, initiating the first responsive action.

“35. The non-transitory computer-readable medium of claim 34, wherein the first responsive action comprises transferring the vendor risk rating to a current or potential customer of the vendor for use in assessing a risk of doing business with the vendor.

“36. The non-transitory computer-readable medium of claim 34, wherein the second responsive action comprises navigating to a display element that presents an indication that the vendor risk rating does meet the threshold risk rating.

“37. The non-transitory computer-readable medium of claim 34, wherein the second responsive action comprises: generating an electronic communication comprising an indication of the vendor risk rating does meet the threshold risk rating, and transmitting the electronic communication to a third-party computing device.

“38. The non-transitory computer-readable medium of claim 34, wherein scanning the webpage comprises at least one of scanning the webpage for content indicating receipt of the security certification by the vendor, scanning the webpage for an image indicating receipt of the security certification by the vendor, or scanning computer code associated with the webpage to identify an indication of the security certification.

“39. The non-transitory computer-readable medium of claim 34, wherein the operations further comprise: determining a presence of a suitable privacy notice on the website, and the vendor risk rating is further based on the presence of the suitable privacy notice.

“40. The non-transitory computer-readable medium of claim 34, wherein the operations further comprise: determining a presence of a control center on the website that enables a visitor to the website to allow collection of certain data, and the vendor risk rating is further based on the presence of the control center.”

For additional information on this patent application, see: Brannon, Jonathan Blake. Data Processing And Scanning Systems For Assessing Vendor Risk. Filed June 8, 2021 and posted November 4, 2021. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220210342454%22.PGNR.&OS=DN/20210342454&RS=DN/20210342454

(Our reports deliver fact-based news of research and discoveries from around the world.)

Older

Patent Issued for Systems and methods for environmental analysis based upon vehicle sensor data (USPTO 11164262): State Farm Mutual Automobile Insurance Company

Newer

e2Value, Inc. and Duck Creek Technologies Announce Partnership to Provide Valuations for Residential Properties

Advisor News

  • The overlooked retirement security risk that must be addressed
  • What advisors should know about hedge funds in retirement planning
  • Retirement control is top success measure for middle class, ACLI says
  • Industry groups applaud House passage of Financial Exploitation Prevention Act
  • Younger workers more likely to be eligible for a retirement plan after changing jobs
More Advisor News

Annuity News

  • Jackson Named InvestmentNews 2026 Annuities Provider of the Year
  • State Farm’s agency overhaul: What distribution can learn
  • IRI, ACLI express support for CLEAR Forms Act
  • A new era at the Federal Reserve
  • Globe Life Inc. (NYSE: GL) Making Surprising Moves in Tuesday Session
More Annuity News

Health/Employee Benefits News

  • Pa., N.J. and Del. join multistate lawsuit against Trump administration over Medicaid work requirements
  • Study Results from UNC Gillings School of Global Public Health Broaden Understanding of Managed Care (Days at Home among Children by Medical Complexity, Public/Private Insurance, and Urban/Rural Residence): Managed Care
  • Reports from New York University (NYU) Add New Data to Findings in Managed Care (HealthySteps Comprehensive Services and Preventive Care: A Medicaid Claims Analysis): Managed Care
  • 15 Maryland laws taking effect July 1 that you should know
  • States take Trump administration to court over Medicaid rule
More Health/Employee Benefits News

Life Insurance News

  • Never stop learning: A lesson for the next generation of advisors
  • Jackson Named InvestmentNews 2026 Annuities Provider of the Year
  • Corebridge adds index strategies, growth potential to Max Accumulator+ III
  • Estate planning 2.0: How ILITs can create liquidity
  • AM Best Affirms Credit Ratings of Misr Insurance Company
More Life Insurance News

NEWS INSIDE

  • Companies
  • Earnings
  • Economic News
  • INN Magazine
  • Insurtech News
  • Newswires Feed
  • Regulation News
  • Washington Wire
  • Videos

FEATURED OFFERS

Life moves fast. Your BGA should, too.
Stay ahead with Modern Life's AI-powered tech and expert support.

A MYGA for Clients Hesitant to Commit to One Long-Term Rate
First-year certainty. Annual rate updates. Get the CurrentRate® MYGA Sales Kit.

Elite Networking & Insights Await at the Event of the Year
The industry's premier conference for leaders driving what’s next in financial services.

Press Releases

  • Prosperity Life GroupSM Launches Prosperity PathWaySM Series, Bringing Greater Choice and Flexibility to Retirement Income Planning
  • Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
  • RFP #T01625
  • Rockwood Programs Appoints Kerry Ladouceur as Vice President, Financial Lines
  • JP Insurance Group Launches Commercial Property & Casualty Division; Appoints Joe Webster as Managing Director
More Press Releases > Add Your Press Release >

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

Topics

  • Advisor News
  • Annuity Index
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • From the Field: Expert Insights
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Magazine
  • Insiders Only
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Washington Wire
  • Videos
  • ———
  • About
  • Meet our Editorial Staff
  • Advertise
  • Contact
  • Newsletters

Top Sections

  • AdvisorNews
  • Annuity News
  • Health/Employee Benefits News
  • InsuranceNewsNet Magazine
  • Life Insurance News
  • Property and Casualty News
  • Washington Wire

Our Company

  • About
  • Advertise
  • Contact
  • Meet our Editorial Staff
  • Magazine Subscription
  • Write for INN

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2026 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • InsuranceNewsNet Magazine

Sign in with your Insider Pro Account

Not registered? Become an Insider Pro.
Insurance News | InsuranceNewsNet