2022 NOV 24 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Barday, Kabir A. (Atlanta, GA, US); Brannon, Jonathan Blake (Smyrna, GA, US), filed on July 20, 2022, was made available online on November 10, 2022, according to news reporting originating from Washington, D.C., by NewsRx correspondents.
This patent application is assigned to OneTrust LLC (Atlanta, Georgia, United States).
The following quote was obtained by the news editors from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and other organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (e.g., likes and dislikes, as provided or obtained through social media).
“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. Many regulators recommend conducting privacy impact assessments, or data protection risk assessments along with data inventory mapping. For example, the GDPR requires data protection impact assessments. Additionally, the United Kingdom ICO’s office provides guidance around privacy impact assessments. The OPC in Canada recommends certain personal information inventory practices, and the Singapore PDPA specifically mentions personal data inventory mapping.
“In implementing these privacy impact assessments, an individual may provide incomplete or incorrect information regarding personal data to be collected, for example, by new software, a new device, or a new business effort, for example, to avoid being prevented from collecting that personal data, or to avoid being subject to more frequent or more detailed privacy audits. In light of the above, there is currently a need for improved systems and methods for monitoring compliance with corporate privacy policies and applicable privacy laws in order to reduce a likelihood that an individual will successfully “game the system” by providing incomplete or incorrect information regarding current or future uses of personal data.
“Organizations that obtain, use, and transfer personal data often work with other organizations (“vendors”) that provide services and/or products to the organizations. Organizations working with vendors may be responsible for ensuring that any personal data to which their vendors may have access is handled properly. However, organizations may have limited control over vendors and limited insight into their internal policies and procedures. Therefore, there is currently a need for improved systems and methods that help organizations ensure that their vendors handle personal data properly. There is also a need for improved systems and methods for estimating the timing of vendor risk analysis and procurement and providing effective training to ensure that employees and/or vendors are compliant with applicable privacy and security regulations and standards.”
In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “According to various aspects, a method is provided that comprises: detecting, by computing hardware, a request to procure a vendor for an entity and a user parameter identifying a user, wherein the vendor is to provide at least one of a service or a product to the entity; determining, by the computing hardware and based on an assessment conducted on the vendor with respect to the vendor handling data for the entity, a training requirement associated with a procurement of the vendor; determining, by the computing hardware and based on the user parameter and training data for the user, a progress of the user completing the training requirement; generating, by the computing hardware and based on the progress of the user, customized training content comprising a portion of a training course associated with the training requirement; and configuring, by the computing hardware, a graphical user interface to display a presentation element configured for presenting the customized training content on the graphical user interface.