Researchers Submit Patent Application, “Data Processing Systems And Methods For Efficiently Assessing The Risk Of Campaigns”, for Approval (USPTO 20220318401): OneTrust LLC

2022 OCT 21 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US), filed on June 9, 2022, was made available online on October 6, 2022.

The patent’s assignee is OneTrust LLC (Atlanta, Georgia, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “In general, various aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like. In accordance with various aspects, a method is provided. Accordingly, the method comprises: receiving, by computing hardware, a completed assessment template from a vendor, wherein the completed assessment template comprises question/answer pairings regarding a product or service provided by the vendor; conducting, by the computing hardware, an analysis of publicly available data associated with the vendor; coordinating, by the computing hardware, an audit of the completed assessment template, wherein coordinating the audit includes calculating, based on the completed assessment template and the analysis of the publicly available data associated with the vendor, a risk rating for the product or service provided by the vendor by: identifying a weighting factor for each of the question/answer pairings; determining a relative risk rating for each of the question/answer pairings; and calculating the risk rating based upon the relative risk rating and the weighting factor for each of the question/answer pairings; and after completing the audit, facilitating, by the computing hardware, an electronic transfer of the completed assessment template to a plurality of computer systems, wherein each computer system of the plurality of computer systems is associated with a respective entity of a plurality of entities and each respective entity uses the completed assessment template in conducting a computerized assessment of a respective processing activity, to be executed by the respective entity, that includes the use of the product or service provided by the vendor.

“In some aspects, the audit of the completed assessment template is an audit for compliance with a policy or a standard. In some aspects, the computerized assessment of the respective processing activity is configured to measure a maturity of the product or service in meeting a policy or standard.

“In some aspects, the method further comprises: generating, by the computing hardware and based on the risk rating, a graphical user interface by configuring a navigation element on the graphical user interface, wherein the navigation element is configured for initiating a responsive action based on the risk rating; transmitting, by the computing hardware, an instruction to a user device to present the graphical user interface on the user device; receiving, by the computing hardware, an indication of a selection of the navigation element; and responsive to receiving the indication, initiating, by the computing hardware, the responsive action. For example, the responsive action can comprise: generating, by the computing hardware, a second graphical user interface comprising an indication of the risk rating; and transmitting, by the computing hardware, a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“In some aspects, the method further comprises generating, by the computing hardware, an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating. In some aspects, analyzing the publicly available data comprises determining at least one of employee titles, employee roles, or available job posts associated with the vendor based on analyzing at least one of a social networking website or a business related job website. In some aspects, analyzing the publicly available data comprises determining the vendor has a plurality of contracts with a plurality of government entities.

“In accordance with various aspects, a system is provided comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium. The processing device is configured to execute the instructions and thereby perform operations comprising: receiving a completed template from a centralized repository of completed templates, wherein the completed template comprises question/answer pairings regarding at least one of a vendor, a product, or a service to be used as part of a set of operations performed by an entity; receiving an analysis of data records associated with at least one of the vendor, the product, or the service; after receiving the completed template, receiving, from the entity, a particular weighting factor that is to be applied to a particular question/answer pairing of the question/answer pairings in processing data to calculate a risk rating for the set of operations; after receiving the particular weighting factor, using the particular weighting factor, content of the particular question/answer pairing, and the analysis of the data records to calculate an overall risk rating for the set of operations by: identifying a respective weighting factor for each of the question/answer pairings; determining a relative risk rating for each of the question/answer pairings; and calculating, based on the relative risk rating and the weighting factor for each of the question/answer pairings and the analysis of the data records, the overall risk rating; determining the overall risk rating for the set of operations does not satisfy certain pre-determined criteria; and responsive to determining that the risk rating for the set of operations does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the set of operations does not satisfy the pre-determined criteria.

“In some aspects, the analysis of data records associated with at least one of the vendor, the product, or the service comprises of analysis of at least one of the vendor, the product, or the service for compliance with a policy or a standard. In some aspects, the data records are related to a government body that is associated with at least one of the vendor, the product, or the service and calculating the overall risk rating is also based on the government body.

“In some aspects, the operations further comprise: analyzing a public record database associated with at least one of the vendor, the product, or the service; identifying a certification associated with at least one of the vendor, the product, or the service from the public record database, and calculating the overall risk rating is also based on the certification. In some aspects, the operations further comprise generating an awareness rating for at least one of the vendor, the product, or the service based on the analysis of the data records, and the overall risk rating is further based on the awareness rating. In some aspects, the analysis of the data records comprises determining at least one of employee titles, employee roles, or available job posts associated with at least one of the vendor, the product, or the service based on analyzing at least one of a social networking website or a business related job website.

“In addition, in accordance with various aspects, a non-transitory computer-readable medium having program code that is stored thereon. The program code executable by one or more processing devices performs operations comprising: conducting an analysis of publicly available data associated with a vendor; coordinating an audit of a completed assessment template from the vendor, wherein: the completed assessment template comprises question/answer pairings regarding a product or service provided by the vendor, and coordinating the audit includes calculating, based on the completed assessment template and the analysis of the publicly available data associated with the vendor, a risk rating for the product or service provided by the vendor by: identifying a weighting factor for each of the question/answer pairings; determining a relative risk rating for each of the question/answer pairings; and calculating the risk rating based upon the relative risk rating and the weighting factor for each of the question/answer pairings; and after completing the audit, facilitating an electronic transfer of the completed assessment template to a computer system, wherein the computer system is associated with an entity that uses the completed assessment template in conducting a computerized assessment of a processing activity, to be executed by the entity, that includes the use of the product or service provided by the vendor.

“In some aspects, the audit of the completed assessment template is an audit for compliance with a policy or a standard. In some aspects, the electronic transfer of the completed assessment template to the computer system is carried out through on online portal integrated with an instance of the computer system. In some aspects, the product comprises a raw material.

“In some aspects, the operations further comprise generating an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating. In some aspects, analyzing the publicly available data comprises determining at least one of employee titles, employee roles, or available job posts associated with the vendor based on analyzing at least one of a social networking website or a business related job web site.

“The details of one or more embodiments of the subject matter described in this specification are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the subject matter may become apparent from the description, the drawings, and the claims.”

The claims supplied by the inventors are:

“1. A method comprising: receiving, by computing hardware, a completed assessment template from a vendor, wherein the completed assessment template comprises question/answer pairings regarding a product or service provided by the vendor; conducting, by the computing hardware, an analysis of publicly available data associated with the vendor; coordinating, by the computing hardware, an audit of the completed assessment template, wherein coordinating the audit includes calculating, based on the completed assessment template and the analysis of the publicly available data associated with the vendor, a risk rating for the product or service provided by the vendor by: identifying a weighting factor for each of the question/answer pairings; determining a relative risk rating for each of the question/answer pairings; and calculating the risk rating based upon the relative risk rating and the weighting factor for each of the question/answer pairings; and after completing the audit, facilitating, by the computing hardware, an electronic transfer of the completed assessment template to a plurality of computer systems, wherein each computer system of the plurality of computer systems is associated with a respective entity of a plurality of entities and each respective entity uses the completed assessment template in conducting a computerized assessment of a respective processing activity, to be executed by the respective entity, that includes the use of the product or service provided by the vendor.

“2. The method of claim 1, wherein the audit of the completed assessment template is an audit for compliance with a policy or a standard.

“3. The method of claim 1, wherein the computerized assessment of the respective processing activity is configured to measure a maturity of the product or service in meeting a policy or standard.

“4. The method of claim 1 further comprising: generating, by the computing hardware and based on the risk rating, a graphical user interface by configuring a navigation element on the graphical user interface, wherein the navigation element is configured for initiating a responsive action based on the risk rating; transmitting, by the computing hardware, an instruction to a user device to present the graphical user interface on the user device; receiving, by the computing hardware, an indication of a selection of the navigation element; and responsive to receiving the indication, initiating, by the computing hardware, the responsive action.

“5. The method of claim 4, wherein the responsive action comprises: generating, by the computing hardware, a second graphical user interface comprising an indication of the risk rating; and transmitting, by the computing hardware, a second instruction to a third-party computing device to present the second graphical user interface on the third-party computing device.

“6. The method of claim 1 further comprising: generating, by the computing hardware, an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating.

“7. The method of claim 6, wherein analyzing the publicly available data comprises: determining at least one of employee titles, employee roles, or available job posts associated with the vendor based on analyzing at least one of a social networking website or a business related job website.

“8. The method of claim 6, wherein analyzing the publicly available data comprises: determining the vendor has a plurality of contracts with a plurality of government entities.

“9. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: receiving a completed template from a centralized repository of completed templates, wherein the completed template comprises question/answer pairings regarding at least one of a vendor, a product, or a service to be used as part of a set of operations performed by an entity; receiving an analysis of data records associated with at least one of the vendor, the product, or the service; after receiving the completed template, receiving, from the entity, a particular weighting factor that is to be applied to a particular question/answer pairing of the question/answer pairings in processing data to calculate a risk rating for the set of operations; after receiving the particular weighting factor, using the particular weighting factor, content of the particular question/answer pairing, and the analysis of the data records to calculate an overall risk rating for the set of operations by: identifying a respective weighting factor for each of the question/answer pairings; determining a relative risk rating for each of the question/answer pairings; and calculating, based on the relative risk rating and the weighting factor for each of the question/answer pairings and the analysis of the data records, the overall risk rating; determining the overall risk rating for the set of operations does not satisfy certain pre-determined criteria; and responsive to determining that the risk rating for the set of operations does not satisfy the pre-determined criteria, generating an alert to a user indicating that the risk rating for the set of operations does not satisfy the pre-determined criteria.

“10. The system of claim 9, wherein the analysis of data records associated with at least one of the vendor, the product, or the service comprises of analysis of at least one of the vendor, the product, or the service for compliance with a policy or a standard.

“11. The system of claim 9, wherein: the data records are related to a government body that is associated with at least one of the vendor, the product, or the service; and calculating the overall risk rating is also based on the government body.

“12. The system of claim 9, wherein the operations further comprise: analyzing a public record database associated with at least one of the vendor, the product, or the service; identifying a certification associated with at least one of the vendor, the product, or the service from the public record database, and calculating the overall risk rating is also based on the certification.

“13. The system of claim 9, wherein the operations further comprise: generating an awareness rating for at least one of the vendor, the product, or the service based on the analysis of the data records, and the overall risk rating is further based on the awareness rating.

“14. The system of claim 13, wherein the analysis of the data records comprises determining at least one of employee titles, employee roles, or available job posts associated with at least one of the vendor, the product, or the service based on analyzing at least one of a social networking website or a business related job website.

“15. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: conducting an analysis of publicly available data associated with a vendor; coordinating an audit of a completed assessment template from the vendor, wherein: the completed assessment template comprises question/answer pairings regarding a product or service provided by the vendor, and coordinating the audit includes calculating, based on the completed assessment template and the analysis of the publicly available data associated with the vendor, a risk rating for the product or service provided by the vendor by: identifying a weighting factor for each of the question/answer pairings; determining a relative risk rating for each of the question/answer pairings; and calculating the risk rating based upon the relative risk rating and the weighting factor for each of the question/answer pairings; and after completing the audit, facilitating an electronic transfer of the completed assessment template to a computer system, wherein the computer system is associated with an entity that uses the completed assessment template in conducting a computerized assessment of a processing activity, to be executed by the entity, that includes the use of the product or service provided by the vendor.

“16. The non-transitory computer-readable medium of claim 15, wherein the audit of the completed assessment template is an audit for compliance with a policy or a standard.

“17. The non-transitory computer-readable medium of claim 15, wherein the electronic transfer of the completed assessment template to the computer system is carried out through on online portal integrated with an instance of the computer system.

“18. The non-transitory computer-readable medium of claim 15, wherein the product comprises a raw material.

“19. The non-transitory computer-readable medium of claim 15, wherein the operations further comprise: generating an awareness rating for the vendor based on the analyzed publicly available data, wherein the risk rating is further based on the awareness rating.

“20. The non-transitory computer-readable medium of claim 19, wherein analyzing the publicly available data comprises: determining at least one of employee titles, employee roles, or available job posts associated with the vendor based on analyzing at least one of a social networking website or a business related job website.”

For additional information on this patent application, see: Barday, Kabir A.; Brannon, Jonathan Blake. Data Processing Systems And Methods For Efficiently Assessing The Risk Of Campaigns. Filed June 9, 2022 and posted October 6, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220318401%22.PGNR.&OS=DN/20220318401&RS=DN/20220318401

(Our reports deliver fact-based news of research and discoveries from around the world.)