Free Shipping on orders over US$39.99 How to make these links

Patent Issued for Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance (USPTO 11343284): OneTrust LLC – InsuranceNewsNet


2022 JUN 15 (NewsRx) — By a News Reporter-Staff News Editor at Insurance Daily News — From Alexandria, Virginia, NewsRx journalists report that a patent by the inventors Barday, Kabir A. (Atlanta, GA, US), Brannon, Jonathan Blake (Smyrna, GA, US), Browne, Ken A. (Johns Creek, GA, US), Daniel, Richard L. (Atlanta, GA, US), Finch, Steven W. (Kennesaw, GA, US), Heard, Nathan W. (Marietta, GA, US), Karanjkar, Mihir S. (Marietta, GA, US), Patel, Aakash H. (Norcross, GA, US), Patton-Kuhl, Dylan D. (Atlanta, GA, US), Sabourin, Jason L. (Brookhaven, GA, US), filed on May 31, 2021, was published online on May 24, 2022.

The patent’s assignee for patent number 11343284 is OneTrust LLC (Atlanta, Georgia, United States).

News editors obtained the following quote from the background information supplied by the inventors: “Over the past years, privacy and security policies, and related operations have become increasingly important. Breaches in security, leading to the unauthorized access of personal data (which may include sensitive personal data) have become more frequent among companies and organizations of all sizes. Such personal data may include, but is not limited to, personally identifiable information (PII), which may be information that directly (or indirectly) identifies an individual or entity. Examples of PII include names, addresses, dates of birth, social security numbers, and biometric identifiers such as a person’s fingerprints or picture. Other personal data may include, for example, customers’ Internet browsing habits, purchase history, or even their preferences (i.e., likes and dislikes, as provided or obtained through social media). While not all personal data may be sensitive, in the wrong hands, this kind of information may have a negative impact on the individuals or entities whose sensitive personal data is collected, including identity theft and embarrassment. Not only would a breach have the potential of exposing individuals to malicious wrongdoing, fallout from the breach may also result in damage to reputation, potential liability, and costly remedial action for the organizations who collected the information and were under an obligation to maintain its confidentiality and security.

“Many organizations that obtain, use, and transfer personal data, including sensitive personal data, have begun to address these privacy and security issues. To manage personal data, many companies have attempted to implement operational policies and processes that comply with legal requirements, such as Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) or the U.S.’s Health Insurance Portability and Accountability Act (HIPPA) protecting a patient’s medical information. For many companies handling personal data, privacy audits, whether performed according to AICPA Generally Accepted Privacy Principles or ISACA’s IT Standards, Guidelines, and Tools and Techniques for Audit Assurance and Control Professionals, are not just a best practice but are a requirement. However, lack of transparency or clarity into where personal data comes from, where it is stored, who is using it, where it has been transferred, and for what purpose is it being used, can oftentimes bog down many conventional privacy audit (e.g., compliance and/or adequacy audit) practices, processes, and the like and can leave many organizations’ systems vulnerable to privacy-related data incidents such as data breaches. Accordingly, many of these privacy-related data incidents can be rooted in vulnerabilities found in software code utilized by these organizations such as software applications, websites, or other computer code that collect, transfer, store, process, and/or the like personal data.

“In light of the above, there is currently a need for improved systems and methods for assessing computer code such as, for example, mobile applications, websites, and other computer code for features and conditions that may have an impact on a company’s compliance with privacy standards, as well as an impact on creating vulnerabilities to privacy-related incidents.”

As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “According to exemplary embodiments, a system for operationalizing privacy compliance is described herein. The system may be comprised of one or more servers and client computing devices that execute one or more software modules that perform functions and methods related to the input, processing, storage, retrieval, and display of campaign data related to a privacy campaign. A privacy campaign may be any business function, system, product, technology, process, project, engagement, initiative, campaign, etc., that may utilize personal data collected from one or more persons or entities. Campaign data may data representative of one or more attributes related to the personal data collected as part of the campaign.

“A computer-implemented data processing system and method is operable for electronically receiving the input of campaign data associated with a privacy campaign, and electronically calculating a risk level for the privacy campaign based on the campaign data.

“The system is operable for displaying on a graphical user interface (GUI) a prompt to create an electronic record for a privacy campaign. The system receives a command to create an electronic record for the privacy campaign, creates an electronic record for the privacy campaign and digitally stores the record. The system presents on one or more graphical user interfaces a plurality of prompts for the input of campaign data related to the privacy campaign. It electronically receives any campaign data input by one or more users. The privacy campaign data may relate to a description of the campaign, one or more types of personal data related to the campaign, a subject from which the personal data was collected, the storage of the personal data, and access to the personal data.

“The system processes the campaign data by electronically associating the campaign data with the record for the privacy campaign, and digitally storing the campaign data associated with the record for the campaign.

“Using a microprocessor, the system calculates a “Risk Level” for the campaign based on the campaign data, electronically associates the risk level with the record for the campaign; and digitally stores the risk level associated with the record for the campaign (e.g., in a storage device such as a networked hard drive, a cloud drive, the hard drive of one or more computing devices, etc.).”

The claims supplied by the inventors are:

“1. A method comprising: monitoring, by computing hardware, a location where computer code is located; identifying, by the computing hardware, a new instance of the computer code at the location; comparing, by the computing hardware, the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing, by the computing hardware, the new instance of the computer code to determine a privacy-related attribute of the new instance of the computer code, the privacy-related attribute indicating a type of personal information that the new instance of the computer code at least one of collects or accesses; modifying, by the computing hardware, a data map representing processing of the personal information to reflect the privacy-related attribute identified for the new instance of the computer code; and providing, by the computing hardware, the data map for display to a user.

“2. The method of claim 1, wherein analyzing the new instance of the computer code to determine the privacy-related attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior.

“3. The method of claim 1, wherein the computer code is associated with a website and identifying the new instance of the computer code involves identifying a change in information displayed on the website.

“4. The method of claim 3, wherein the change in information comprises at least one of a change made to a privacy policy displayed on the website or a change in a location of a link to the privacy policy.

“5. The method of claim 1, wherein the computer code is an application and identifying the new instance of the computer code involves identifying a new version of the application is available at the location.

“6. The method of claim 1, wherein modifying the data map to reflect the privacy-related attribute comprises modifying the data map to identify a storage location for the type of personal information that the new instance of the computer code at least one of collects or accesses.

“7. The method of claim 1, wherein the data map is associated with a privacy campaign and providing the data map for display to the user comprises providing a visual representation of the privacy campaign that includes the type of personal information that the new instance of the computer code at least one of collects or accesses.

“8. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations, upon a new instance of a computer code being identified at a location being monitored where the computer code is located, comprising: comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing the new instance of the computer code to determine a privacy-related attribute of the new instance of the computer code, the privacy-related attribute indicating a type of personal information that the new instance of the computer code at least one of collects or accesses; modifying a data map representing processing of the personal information to reflect the privacy-related attribute identified for the new instance of the computer code; and providing the data map for display to a user.

“9. The system of claim 8, wherein analyzing the new instance of the computer code to determine the privacy-related attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior.

“10. The system of claim 8, wherein the privacy-related attribute represents at least one of a storage location of the type of personal information or an access permission of the type of personal information.

“11. The system of claim 8, wherein the computer code is associated with a website and identifying the new instance of the computer code involves identifying at least one of a change made to a privacy policy displayed on the website or a change in a location of a link to the privacy policy.

“12. The system of claim 8, wherein modifying the data map to reflect the privacy-related attribute comprises modifying the data map to identify a storage location for the type of personal information that the new instance of the computer code at least one of collects or accesses.

“13. The system of claim 8, wherein the data map is associated with a privacy campaign and providing the data map for display to the user comprises providing a visual representation of the privacy campaign that includes the type of personal information that the new instance of the computer code at least one of collects or accesses.

“14. A non-transitory computer-readable medium storing computer-executable instructions that, when executed by processing hardware, configure the processing hardware to perform operations, upon a new instance of a computer code being identified at a location being monitored where the computer code is located, comprising: comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; responsive to identifying the change, analyzing the new instance of the computer code to determine a privacy-related attribute of the new instance of the computer code, the privacy-related attribute indicating a type of personal information that the new instance of the computer code at least one of collects or accesses; and modifying a data map representing processing of the personal information to reflect the privacy-related attribute identified for the new instance of the computer code, wherein the data map is provided for display to a user.

“15. The non-transitory computer-readable medium of claim 14, wherein analyzing the new instance of the computer code to determine the privacy-related attribute comprises detecting use by the computer code of at least one of a location-based capability to detect a location of a user computing device, an encryption capability, a call to third party computer code, a communication log, or a cookie to track user behavior.

“16. The non-transitory computer-readable medium of claim 14, wherein the privacy-related attribute represents at least one of a storage location of the type of personal information or an access permission of the type of personal information.

“17. The non-transitory computer-readable medium of claim 14, wherein the computer code is associated with a website and identifying the new instance of the computer code involves identifying at least one of a change made to a privacy policy displayed on the website or a change in a location of a link to the privacy policy.

“18. The non-transitory computer-readable medium of claim 14, wherein modifying the data map to reflect the privacy-related attribute comprises modifying the data map to identify a storage location for the type of personal information that the new instance of the computer code at least one of collects or accesses.

“19. The non-transitory computer-readable medium of claim 14, wherein the data map is associated with a privacy campaign and providing the data map for display to the user comprises providing a visual representation of the privacy campaign that includes the type of personal information that the new instance of the computer code at least one of collects or accesses.

“20. A system, wherein upon a new instance of a computer code being identified at a location being monitored where the computer code is located comprises: means for comparing the new instance of the computer code with a previous instance of the computer code to identify a change has been made to the computer code; and responsive to identifying the change, means for analyzing the new instance of the computer code to determine a privacy-related attribute of the new instance of the computer code, wherein the privacy-related attribute indicates a type of personal information that the new instance of the computer code at least one of collects or accesses and a data map representing processing of the personal information is modified to reflect the privacy-related attribute identified for the new instance of the computer code to be provided for display to a user.”

For additional information on this patent, see: Barday, Kabir A. Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance. U.S. Patent Number 11343284, filed May 31, 2021, and published online on May 24, 2022. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=11343284.PN.&OS=PN/11343284RS=PN/11343284

(Our reports deliver fact-based news of research and discoveries from around the world.)





Source link

We will be happy to hear your thoughts

Leave a reply

Info Bbea
Logo
Enable registration in settings - general
Compare items
  • Total (0)
Compare
0
Shopping cart