Researchers Submit Patent Application, “Privacy Management Systems And Methods”, for Approval (USPTO 20220164732): OneTrust LLC

2022 JUN 09 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors Brannon, Jonathan Blake (Smyrna, GA, US); Chennur, Rajanandini (Atlanta, GA, US); Clearwater, Andrew (Brunswick, ME, US); Hecht, Trey (Atlanta, GA, US); Johnson, Wesley (Atlanta, GA, US); Pavlichek, Nicholas Ian (Atlanta, GA, US); Philbrook, Brian (Atlanta, GA, US), filed on February 11, 2022, was made available online on May 26, 2022.

The patent’s assignee is OneTrust LLC (Atlanta, Georgia, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.

“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “A method, in various aspects, comprises: (1) generating, by computing hardware, a master readiness questionnaire; (2) detecting, by the computing hardware on a graphical user interface, a user selection of a first attribute applicable to operations performed by an entity; (3) responsive to detecting the user selection of the first attribute: (A) determining, by the computing hardware, a first set of regulations or standards based on the first attribute; and (B) generating, by the computing hardware, a first readiness questionnaire based on the first set of regulations or standards; (4) detecting, on the graphical user interface by the computing hardware, a user selection of a second attribute applicable to operations performed by the entity; (5) responsive to detecting the user selection of the second attribute: (A) determining, by the computing hardware, a second set of regulations or standards based on the second attribute; and (B) generating, by the computing hardware, a second readiness questionnaire based on the second set of regulations or standards; (6) generating an ontology that: (A) maps a first question of the master readiness questionnaire to a first question of the first readiness questionnaire for the first set of regulations or standards; and (B) maps a first question of the second readiness questionnaire for the second set of regulations or standards to the first question of the first readiness questionnaire for the first set of regulations or standards; (7) receiving, by the computing hardware, a request to determine an extent of adherence to the second set of regulations or standards; (8) responsive to receiving the request to determine the extent of adherence to the second set of regulations, generating, by the computing hardware, a prompt to a user requesting an answer to the first question of the master readiness questionnaire; (9) receiving input from the user indicating the answer to the first question of the master readiness questionnaire; (10) accessing, by the computing hardware, the ontology; (11) populating, by the computing hardware, the first question of the first readiness questionnaire for the first set of regulations or standards with the answer to the first question of the master readiness questionnaire using the ontology; (12) populating, by the computing hardware, the first question of the second readiness questionnaire for the second set of regulations or standards with the answer to the first question of the first readiness questionnaire for the first set of regulations using the ontology; (13) determining, by the computing hardware and based on the answer to the first question of the second readiness questionnaire for the second set of regulations, an extent of adherence to the second set of regulations; and (14) automatically generating, by the computing hardware, a notification of the extent of adherence to the second set of regulations or standards.

“In some aspects, the second set of regulations or standards are related to a set of environmental, social, and governance standards. In other aspects, detecting, on the graphical user interface, the user selection of the first set of regulations or standards comprises: (1) generating a listing comprising an indication for each of a plurality of sets of regulations or standards; and (2) detecting a user selection of the indication associated with the first set of regulations or standards. In particular aspects, the notification of the extent of adherence with the second set of regulations or standards comprises an indication of a percentage of adherence with the second set of regulations or standards. In some aspects, the method further comprises, responsive to detecting the user selection of the first set of regulations or standards, presenting, on the graphical user interface, a summary of the first set of privacy regulations or standards.

“In other aspects, determining, based on the answer to the first question of the second readiness questionnaire for the second set of regulations, the extent of adherence with the second set of regulations or standards comprises applying a weighting factor to the answer to the first question of the second readiness questionnaire for the second set of regulations or standards. In some aspects, the indication of the extent of adherence with the second set of regulations or standards comprises a percentage of readiness to comply with the second set of regulations or standards.

“A system, in accordance with some aspects, comprises a non-transitory computer-readable medium storing instructions, and a processing device communicatively coupled to the non-transitory computer-readable medium. In various aspects, the processing device is configured to execute the instructions and thereby perform operations comprising: (1) generating a graphical user interface based on a master readiness questionnaire for a first set of regulations or standards and a second regulations or standards applicable to operations performed by an entity, wherein generating the graphical user interface comprises: (A) configuring a first prompt for requesting a first answer to a first master question of the master readiness questionnaire, and (B) configuring a second prompt for requesting a second answer to a second master question of the master readiness questionnaire; (2) providing the graphical user interface for display, wherein displaying the graphical user interface involves providing the first prompt requesting the first answer to the first master question and providing the second prompt requesting the second answer to the second master question; (3) receiving the first answer and the second answer; (4) accessing an ontology that maps a data structure to the first set of regulations or standards and the second set of regulations or standards, wherein the data structure is configured to be populated via the master readiness questionnaire; (5) updating a first element of the data structure for the entity with the first answer, wherein the ontology maps the first element to a first regulation or standard of the first set of regulations or standards and a first regulation or standard of the second set of regulations or standards; (6) updating a second element of the data structure for the entity with the second answer, wherein the ontology maps the second element to a second regulation or standard of the first set of regulations or standards and a second regulation or standard of the second set of regulations or standards; (7) determining a first indication of adherence with the first set of regulations or standards based on the first element of the data structure that has been updated with the first answer and the second element of the data structure that has been updated with the second answer; (8) determining a second indication of adherence with the second set of regulations or standards based on the first element of the data structure that has been updated with the first answer, the second element of the data structure that has been updated with the second answer; and (9) updating the graphical user interface to present the first indication of adherence and the second indication of adherence.

“In some aspects, the first indication of adherence comprises a first percentage of adherence. In other aspects, the operations further comprise receiving an indication that a third set of regulations or standards is no longer applicable to the entity, editing, based on the indication, the master readiness questionnaire to remove a third master question associated with a first regulation or standard of the third set of regulations or standards. In some aspects, the first set of regulations or standards are related to a set of environmental, social, and governance standards. In particular aspects, the operations further comprise: (1) receiving supporting data associated with the first answer; and (2) determining a confidence level for the first answer. In various aspects, the supporting data substantiates the first answer, and the confidence level for the first answer represents a confidence that the entity adheres with at least one of the first regulation or standard of the first set of regulations or standards or the first regulation or standard of the second set of regulations or standards. In still other aspects, the operations comprise updating a fourth element of the data structure for the entity with the confidence level for the first answer. In some aspects, the operations further comprise updating the graphical user interface to present the confidence level for the first answer. In still other aspects, the supporting data comprises at least one of unsubstantiated data provided by the entity, substantiated data based on a remote interview with the entity, or substantiated data based on an audit of the entity.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A method comprising: generating, by computing hardware, a master readiness questionnaire; detecting, by the computing hardware on a graphical user interface, a user selection of a first attribute applicable to operations performed by an entity; responsive to detecting the user selection of the first attribute: determining, by the computing hardware, a first set of regulations or standards based on the first attribute; and generating, by the computing hardware, a first readiness questionnaire based on the first set of regulations or standards; detecting, on the graphical user interface by the computing hardware, a user selection of a second attribute applicable to operations performed by the entity; responsive to detecting the user selection of the second attribute: determining, by the computing hardware, a second set of regulations or standards based on the second attribute; and generating, by the computing hardware, a second readiness questionnaire based on the second set of regulations or standards; generating an ontology that: maps a first question of the master readiness questionnaire to a first question of the first readiness questionnaire for the first set of regulations or standards; and maps a first question of the second readiness questionnaire for the second set of regulations or standards to the first question of the first readiness questionnaire for the first set of regulations or standards; receiving, by the computing hardware, a request to determine an extent of adherence to the second set of regulations or standards; responsive to receiving the request to determine the extent of adherence to the second set of regulations, generating, by the computing hardware, a prompt to a user requesting an answer to the first question of the master readiness questionnaire; receiving input from the user indicating the answer to the first question of the master readiness questionnaire; accessing, by the computing hardware, the ontology; populating, by the computing hardware, the first question of the first readiness questionnaire for the first set of regulations or standards with the answer to the first question of the master readiness questionnaire using the ontology; populating, by the computing hardware, the first question of the second readiness questionnaire for the second set of regulations or standards with the answer to the first question of the first readiness questionnaire for the first set of regulations using the ontology; determining, by the computing hardware and based on the answer to the first question of the second readiness questionnaire for the second set of regulations, an extent of adherence to the second set of regulations; and automatically generating, by the computing hardware, a notification of the extent of adherence to the second set of regulations or standards.

“2. The method of claim 1, wherein the second set of regulations or standards are related to a set of environmental, social, and governance standards.

“3. The method of claim 1, wherein detecting, on the graphical user interface, the user selection of the first set of regulations or standards comprises: generating a listing comprising an indication for each of a plurality of sets of regulations or standards; and detecting a user selection of the indication associated with the first set of regulations or standards.

“4. The method of claim 1, wherein the notification of the extent of adherence with the second set of regulations or standards comprises an indication of a percentage of adherence with the second set of regulations or standards.

“5. The method of claim 1 further comprising, responsive to detecting the user selection of the first set of regulations or standards, presenting, on the graphical user interface, a summary of the first set of privacy regulations or standards.

“6. The method of claim 1, wherein determining, based on the answer to the first question of the second readiness questionnaire for the second set of regulations, the extent of adherence with the second set of regulations or standards comprises applying a weighting factor to the answer to the first question of the second readiness questionnaire for the second set of regulations or standards.

“7. The method of claim 1, wherein the indication of the extent of adherence with the second set of regulations or standards comprises a percentage of readiness to comply with the second set of regulations or standards.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: generating a graphical user interface based on a master readiness questionnaire for a first set of regulations or standards and a second regulations or standards applicable to operations performed by an entity, wherein generating the graphical user interface comprises: configuring a first prompt for requesting a first answer to a first master question of the master readiness questionnaire, and configuring a second prompt for requesting a second answer to a second master question of the master readiness questionnaire; providing the graphical user interface for display, wherein displaying the graphical user interface involves providing the first prompt requesting the first answer to the first master question and providing the second prompt requesting the second answer to the second master question; receiving the first answer and the second answer; accessing an ontology that maps a data structure to the first set of regulations or standards and the second set of regulations or standards, wherein the data structure is configured to be populated via the master readiness questionnaire; updating a first element of the data structure for the entity with the first answer, wherein the ontology maps the first element to a first regulation or standard of the first set of regulations or standards and a first regulation or standard of the second set of regulations or standards; updating a second element of the data structure for the entity with the second answer, wherein the ontology maps the second element to a second regulation or standard of the first set of regulations or standards and a second regulation or standard of the second set of regulations or standards; determining a first indication of adherence with the first set of regulations or standards based on the first element of the data structure that has been updated with the first answer and the second element of the data structure that has been updated with the second answer; determining a second indication of adherence with the second set of regulations or standards based on the first element of the data structure that has been updated with the first answer, the second element of the data structure that has been updated with the second answer; and updating the graphical user interface to present the first indication of adherence and the second indication of adherence.

“9. The system of claim 8, wherein the first indication of adherence comprises a first percentage of adherence.

“10. The system of claim 8, wherein the operations further comprise: receiving an indication that a third set of regulations or standards is no longer applicable to the entity; and editing, based on the indication, the master readiness questionnaire to remove a third master question associated with a first regulation or standard of the third set of regulations or standards.

“11. The system of claim 8, wherein the first set of regulations or standards are related to a set of environmental, social, and governance standards.

“12. The system of claim 8, wherein the operations further comprise: receiving supporting data associated with the first answer; determining a confidence level for the first answer, wherein: the supporting data substantiates the first answer, and the confidence level for the first answer represents a confidence that the entity adheres with at least one of the first regulation or standard of the first set of regulations or standards or the first regulation or standard of the second set of regulations or standards; and updating a fourth element of the data structure for the entity with the confidence level for the first answer.

“13. The system of claim 12, wherein the operations further comprise updating the graphical user interface to present the confidence level for the first answer.

“14. The system of claim 12, wherein the supporting data comprises at least one of unsubstantiated data provided by the entity, substantiated data based on a remote interview with the entity, or substantiated data based on an audit of the entity.”

There are additional claims. Please visit full patent to read further.

For additional information on this patent application, see: Brannon, Jonathan Blake; Chennur, Rajanandini; Clearwater, Andrew; Hecht, Trey; Johnson, Wesley; Pavlichek, Nicholas Ian; Philbrook, Brian. Privacy Management Systems And Methods. Filed February 11, 2022 and posted May 26, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220164732%22.PGNR.&OS=DN/20220164732&RS=DN/20220164732

(Our reports deliver fact-based news of research and discoveries from around the world.)