“Privateness Administration Techniques And Strategies” in Patent Utility Approval Course of (USPTO 20220180261): OneTrust LLC – InsuranceNewsNet

2022 JUN 27 (NewsRx) — By a News Reporter-Staff News Editor at Insurance Daily News — A patent application by the inventors Brannon, Jonathan Blake (Smyrna, GA, US); Chennur, Rajanandini (Atlanta, GA, US); Clearwater, Andrew (Brunswick, ME, US); Hecht, Trey (Atlanta, GA, US); Johnson, Wesley (Atlanta, GA, US); Pavlichek, Nicholas Ian (Atlanta, GA, US); Philbrook, Brian (Atlanta, GA, US), filed on February 24, 2022, was made available online on June 9, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application is assigned to OneTrust LLC (Atlanta, Georgia, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.

“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.

“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In accordance with various aspects, a method is provided. According to various embodiments, the method comprises: generating a master readiness questionnaire comprising questions; detecting, on a graphical user interface, a user selection of a first attribute impacting operations of an entity; responsive to detecting the user selection of the first attribute impacting operations of the entity: determining, by computing hardware, a first set of regulations or standards based on the first attribute impacting operations of the entity; and generating, by the computing hardware, a first readiness questionnaire based on the first set of regulations or standards, the first readiness questionnaire comprising questions; detecting, on the graphical user interface, a user selection of a second attribute impacting operations of the entity; responsive to detecting the user selection of the second attribute impacting operations of the entity: determining, by the computing hardware, a second set of regulations or standards based on the second attribute impacting operations of the entity; and generating, by the computing hardware, a second readiness questionnaire based on the second set of regulations or standards, the second readiness questionnaire comprises questions; generating, by the computing hardware, an ontology mapping a first question of the master readiness questionnaire to a first question of the first readiness questionnaire for the first set of regulations or standards and to a first question of the second readiness questionnaire for the second set of regulations or standards, wherein the first question of the master readiness questionnaire solicits information regarding organization policies; receiving a request to determine an extent of adherence to the first set of regulations or standards; responsive to receiving the request, generating a prompt to a user requesting an answer to the first question of the master readiness questionnaire; receiving input from the user indicating the answer to the first question of the master readiness questionnaire; accessing the ontology; populating, by the computing hardware, the first question of the first readiness questionnaire for the first set of regulations or standards with the answer to the first question of the master readiness questionnaire using the ontology; determining, by the computing hardware and based on the answer to the first question of the master readiness questionnaire, an extent of adherence to the first set of regulations or standards; and automatically generating, by the computing hardware, a notification of the extent of adherence.

“For instance, in particular embodiments, the first set of regulations or standards are associated with one or more environmental, social, and governance (ESG) frameworks. In addition, in particular embodiments, the method further comprises: populating, by the computing hardware, the first question of the second readiness questionnaire for the second set of regulations or standards with the answer to the first question of the master readiness questionnaire using the ontology; determining, by the computing hardware and based on the answer to the first question of the master readiness questionnaire, an extent of adherence to the second set of regulations or standards; and automatically generating, by the computing hardware, a notification of the extent of adherence to the second set of regulations or standards. In some embodiments, determining the extent of adherence with the first set of regulations or standards comprises determining a percentage of answers to questions in the first readiness questionnaire for the first set of regulations or standards that correspond to adherence answers. In other embodiments, determining the extent of adherence with the first set of regulations or standards comprises determining, based on the answer to the first question from the first readiness questionnaire, that a control from a first set of controls required by the first set of regulations or standards has been implemented.

“In particular embodiments, the notification of the extent of adherence with the first set of regulations or standards comprises an indication of a percentage of adherence with the first set of regulations or standards. Further, in particular embodiments, the indication of the extent of adherence with the first set of regulations or standards comprises a percentage of readiness to comply with the first set of regulations or standards.

“In accordance with various aspects, a system is provided comprising a non-transitory computer-readable medium storing instructions and a processing device communicatively coupled to the non-transitory computer-readable medium. In various embodiments, the processing device is configured to execute the instructions and thereby perform operations that include: generating a graphical user interface based on a master readiness questionnaire for a first set of regulations or standards and a second set of regulations or standards applicable to operations performed by an entity, wherein generating the graphical user interface comprises: configuring a first prompt for requesting a first answer to a first master question of the master readiness questionnaire, and configuring a second prompt for requesting a second answer to a second master question of the master readiness questionnaire; providing the graphical user interface for display, wherein displaying the graphical user interface involves providing the first prompt requesting the first answer to the first master question and providing the second prompt requesting the second answer to the second master question; receiving the first answer and the second answer; accessing an ontology that maps a data structure to the first set of regulations or standards and the second set of regulations or standards, wherein the data structure is configured to be populated via the master readiness questionnaire; updating a first element of the data structure for the entity with the first answer, wherein the ontology maps the first element to a first regulation or standard of the first set of regulations or standards and a first regulation or standard of the second set of regulations or standards; updating a second element of the data structure for the entity with the second answer, wherein the ontology maps the second element to a second regulation or standard of the first set of regulations or standards and a second regulation or standard of the second set of regulations or standards; determining a first adherence with the first set of regulations or standards based on the first element of the data structure that has been updated with the first answer and the second element of the data structure that has been updated with the second answer; determining a second adherence with the second set of regulations or standards based on the first element of the data structure that has been updated with the first answer, the second element of the data structure that has been updated with the second answer; and updating the graphical user interface to present a first indication of the first adherence and a second indication of the second adherence.

“For instance, in particular embodiments, the first set of regulations or standards are associated with one or more environmental, social, and governance (ESG) frameworks. In addition, in particular embodiments, the first adherence comprises a first percentage of adherence with the first set of regulations or standards and the second adherence comprises a second percentage of adherence with the second set of regulations or standards. Further, in particular embodiments, the graphical user interface is configured with a list of sets of regulations or standards and the operations further comprises: receiving a first indication of a selection of the first set of regulations or standards from the list of sets of regulations or standards; and receiving a second indication of a selection of the second set of regulations or standards from the list of sets of regulations or standards.

“In particular embodiments, the operations further comprise: receiving supporting data associated with the first answer; and determining a confidence level for the first answer, wherein: the supporting data substantiates the first answer, the confidence level for the first answer represents a confidence that the entity adheres with at least one of the first regulation or standard of the first set of regulations or standards or the first regulation or standard of the second set of regulations or standards, and at least one of the first adherence or the second adherence is determined based on the confidence level for the first answer. In some embodiments, determining the confidence level for the first answer is based on a source of the supporting data. In addition, in some embodiments, the supporting data comprises at least one of unsubstantiated data provided by the entity, substantiated data based on a remote interview with the entity, or substantiated data based on an audit of the entity.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A method comprising: generating a master readiness questionnaire comprising questions; detecting, on a graphical user interface, a user selection of a first attribute impacting operations of an entity; responsive to detecting the user selection of the first attribute impacting operations of the entity: determining, by computing hardware, a first set of regulations or standards based on the first attribute impacting operations of the entity; and generating, by the computing hardware, a first readiness questionnaire based on the first set of regulations or standards, the first readiness questionnaire comprising questions; detecting, on the graphical user interface, a user selection of a second attribute impacting operations of the entity; responsive to detecting the user selection of the second attribute impacting operations of the entity: determining, by the computing hardware, a second set of regulations or standards based on the second attribute impacting operations of the entity; and generating, by the computing hardware, a second readiness questionnaire based on the second set of regulations or standards, the second readiness questionnaire comprises questions; generating, by the computing hardware, an ontology mapping a first question of the master readiness questionnaire to a first question of the first readiness questionnaire for the first set of regulations or standards and to a first question of the second readiness questionnaire for the second set of regulations or standards, wherein the first question of the master readiness questionnaire solicits information regarding organization policies; receiving a request to determine an extent of adherence to the first set of regulations or standards; responsive to receiving the request, generating a prompt to a user requesting an answer to the first question of the master readiness questionnaire; receiving input from the user indicating the answer to the first question of the master readiness questionnaire; accessing the ontology; populating, by the computing hardware, the first question of the first readiness questionnaire for the first set of regulations or standards with the answer to the first question of the master readiness questionnaire using the ontology; determining, by the computing hardware and based on the answer to the first question of the master readiness questionnaire, an extent of adherence to the first set of regulations or standards; and automatically generating, by the computing hardware, a notification of the extent of adherence.

“2. The method of claim 1, wherein the first set of regulations or standards are associated with one or more environmental, social, and governance (ESG) frameworks.

“3. The method of claim 1 further comprising: populating, by the computing hardware, the first question of the second readiness questionnaire for the second set of regulations or standards with the answer to the first question of the master readiness questionnaire using the ontology; determining, by the computing hardware and based on the answer to the first question of the master readiness questionnaire, an extent of adherence to the second set of regulations or standards; and automatically generating, by the computing hardware, a notification of the extent of adherence to the second set of regulations or standards.

“4. The method of claim 1, wherein determining the extent of adherence with the first set of regulations or standards comprises determining a percentage of answers to questions in the first readiness questionnaire for the first set of regulations or standards that correspond to adherence answers.

“5. The method of claim 1, wherein determining the extent of adherence with the first set of regulations or standards comprises determining, based on the answer to the first question from the first readiness questionnaire, that a control from a first set of controls required by the first set of regulations or standards has been implemented.

“6. The method of claim 1, wherein the notification of the extent of adherence with the first set of regulations or standards comprises an indication of a percentage of adherence with the first set of regulations or standards.

“7. The method of claim 1, wherein the indication of the extent of adherence with the first set of regulations or standards comprises a percentage of readiness to comply with the first set of regulations or standards.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: generating a graphical user interface based on a master readiness questionnaire for a first set of regulations or standards and a second set of regulations or standards applicable to operations performed by an entity, wherein generating the graphical user interface comprises: configuring a first prompt for requesting a first answer to a first master question of the master readiness questionnaire, and configuring a second prompt for requesting a second answer to a second master question of the master readiness questionnaire; providing the graphical user interface for display, wherein displaying the graphical user interface involves providing the first prompt requesting the first answer to the first master question and providing the second prompt requesting the second answer to the second master question; receiving the first answer and the second answer; accessing an ontology that maps a data structure to the first set of regulations or standards and the second set of regulations or standards, wherein the data structure is configured to be populated via the master readiness questionnaire; updating a first element of the data structure for the entity with the first answer, wherein the ontology maps the first element to a first regulation or standard of the first set of regulations or standards and a first regulation or standard of the second set of regulations or standards; updating a second element of the data structure for the entity with the second answer, wherein the ontology maps the second element to a second regulation or standard of the first set of regulations or standards and a second regulation or standard of the second set of regulations or standards; determining a first adherence with the first set of regulations or standards based on the first element of the data structure that has been updated with the first answer and the second element of the data structure that has been updated with the second answer; determining a second adherence with the second set of regulations or standards based on the first element of the data structure that has been updated with the first answer, the second element of the data structure that has been updated with the second answer; and updating the graphical user interface to present a first indication of the first adherence and a second indication of the second adherence.

“9. The system of claim 8, wherein the first adherence comprises a first percentage of adherence with the first set of regulations or standards and the second adherence comprises a second percentage of adherence with the second set of regulations or standards.

“10. The system of claim 8, wherein the first set of regulations or standards are associated with one or more environmental, social, and governance (ESG) frameworks.

“11. The system of claim 8, wherein the graphical user interface is configured with a list of sets of regulations or standards and the operations further comprises: receiving a first indication of a selection of the first set of regulations or standards from the list of sets of regulations or standards; and receiving a second indication of a selection of the second set of regulations or standards from the list of sets of regulations or standards.

“12. The system of claim 8, wherein the operations further comprise: receiving supporting data associated with the first answer; and determining a confidence level for the first answer, wherein: the supporting data substantiates the first answer, the confidence level for the first answer represents a confidence that the entity adheres with at least one of the first regulation or standard of the first set of regulations or standards or the first regulation or standard of the second set of regulations or standards, and at least one of the first adherence or the second adherence is determined based on the confidence level for the first answer.

“13. The system of claim 12, wherein determining the confidence level for the first answer is based on a source of the supporting data.

“14. The system of claim 12, wherein the supporting data comprises at least one of unsubstantiated data provided by the entity, substantiated data based on a remote interview with the entity, or substantiated data based on an audit of the entity.”

There are additional claims. Please visit full patent to read further.

URL and more information on this patent application, see: Brannon, Jonathan Blake; Chennur, Rajanandini; Clearwater, Andrew; Hecht, Trey; Johnson, Wesley; Pavlichek, Nicholas Ian; Philbrook, Brian. Privacy Management Systems And Methods. Filed February 24, 2022 and posted June 9, 2022. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220220180261%22.PGNR.&OS=DN/20220180261&RS=DN/20220180261

(Our reports deliver fact-based news of research and discoveries from around the world.)

Comments are closed.