Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The IDS filed 10/27/2020 has been considered and entered.

Drawings
The drawings filed 8/8/2019 are accepted.
Specification
The specification filed 8/8/2019 is accepted.



EXAMINER'S AMENDMENT

An examiner' s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner' s amendment was given in an interview with Matt May on 5-28-2021

The application has been amended as follows: 



executing by a processor, computer executable instructions stored in a memory connected thereto, the execution causing  a computing device to:
receive, from a user, personally identifying information wherein the user is a consumer;

electronically collect data from interactions and transactions between the user and device applications and associated remote software;

determine the user has a corresponding account using only the received personally identifying information and collected data; 

create a respective company specific privacy practice dataset for each company of the plurality of companies, each of the respective datasets based on:
		a number of data breach events at each company and a timeframe for each data breach 
event,
		
whether the each company uses any personally identifying data of the user for target 
advertising,

whether the each company uses secure data storage to store all of the any personally identifying data,

whether the each company shares any of the personally identifying data with third parties,

an indication of a time duration that the each company retains any of the personally identifying data, and 

an indication of a time duration that each of the third parties retains any of the personally identifying data;

determine a plurality of company privacy scores by, for each company, using the respective company specific dataset to determine, for the each company, a corresponding company privacy score indicative of a measure of protection, provided by the each company, of the personally identifying data used, shared, or stored by the each company; and



determine a user privacy score for the user based on each of the plurality of company privacy scores; 

determine a relationship between the consumer privacy score and a risk of loss to the insurance company;

determine  an insurance premium price for the user;

increase the insurance premium price when the consumer privacy score indicates an increase to the risk of loss; and

decrease the insurance premium when the consumer privacy score indicates a decrease to the risk of loss.



further comprises: generating each of the corresponding company privacy scores based on a calculation comprising elements of the privacy practice of the corresponding company and elements of a privacy policy of the corresponding company.
3. (cancelled)
4. (cancelled)
5. The method of claim 4, further comprising: determining a trend of the user privacy score, based on the user privacy score and a previous privacy score of the user; and outputting, for display, an indication of the trend. 
8. The method of claim 1, further comprising: determining a value representative of a worth of the personally identifying data used, shared, or stored by the personally identifying data used, shared, or stored comprises consumer data collected according to a privacy policy of the at least one company; and 
outputting, for display, an indication of the value. 
9. An apparatus, comprising: a processor; a memory unit storing computer-executable instructions, which when executed by the processor, cause the apparatus to: 
receive, from a user, personally identifying information wherein the user is a consumer;

electronically collect data from interactions and transactions between the user and device applications and associated remote software;

determine a plurality of companies with which the user has a corresponding account using only the received personally identifying information and collected data;
 
create a respective company specific privacy practice dataset for each company of the plurality of companies, each of the respective datasets based on:
		a number of data breach events at each company and a timeframe for each data breach 
event,
		
whether the each company uses any personally identifying data of the user for target 
advertising,

whether the each company uses secure data storage to store all of the any personally identifying data,

whether the each company shares any of the personally identifying data with third parties,

an indication of a time duration that the each company retains any of the personally identifying data, and 

an indication of a time duration that each of the third parties retains any of the personally identifying data;

determine a plurality of company privacy scores by, for the each company,  using the respective company specific dataset to determine a corresponding company privacy score indicative of a measure of protection, provided by the each company, of the personally identifying data used, shared, or stored by the each company; 

determine user privacy score for the user based on each of the plurality of company privacy scores; 

 
determine a relationship between the consumer privacy score and a risk of loss to the insurance company;

determine an insurance premium price for the user;

increase the insurance premium price when the consumer privacy score indicates an increase to the risk of loss; and

decrease the insurance premium when the consumer privacy score indicates a decrease to the risk of loss.



10. The apparatus of claim 9, wherein the computer-executable instructions, when executed by the processor, further causes the apparatus to determine the plurality of company privacy scores by causing the apparatus to: generate each of the corresponding company privacy scores based on a calculation comprising elements of the privacy practice of the corresponding company and elements of a privacy policy of the corresponding company.
11. (cancelled)
12. (cancelled)
13. The apparatus of claim 12, wherein the computer-executable instructions, when executed by the processor, cause the apparatus to: determine a trend of the user privacy score, based on the user privacy score and a previous privacy score of the user; and output, for display, an indication of the trend.
16. The apparatus of claim 9, wherein the computer-executable instructions, when executed by the processor, cause the apparatus to: 
determine a value representative of a worth of the personally identifying data used, shared, or stored by the personally identifying data used, shared, or stored by comprises consumer data collected according to a privacy policy of the at least one company; and 
output, for display, an indication of the value.


receive, from a user, personally identifying information wherein the user is a consumer;
electronically collect data from interactions and transactions between the user and device applications and associated remote software;

determine a plurality of companies with which the user has a corresponding account using only the received personally identifying information and collected data;
 
create a respective company specific privacy practice dataset for each company of the plurality of companies, each of the respective datasets based on:
		a number of data breach events at each company and a timeframe for each data breach 
event,
		
whether the each company uses any personally identifying data of the user for target 
advertising,

whether the each company uses secure data storage to store all of the any personally identifying data,

whether the each company shares any of the personally identifying data with third parties,

an indication of a time duration that the each company retains any of the personally identifying data, and 

an indication of a time duration that each of the third parties retains any of the personally identifying data;

determine a plurality of company privacy scores by, for each company,  using the respective company specific dataset to determine a corresponding company privacy score indicative of a measure of protection, provided by the each company, of the personally identifying data used, shared, or stored by the each company; 

determine user privacy score for the user based on each of the plurality of company privacy scores; 
 
determine a relationship between the consumer privacy score and a risk of loss to the insurance company;

determine an insurance premium price for the user;

increase the insurance premium price when the consumer privacy score indicates an increase to the risk of loss; and

decrease the insurance premium when the consumer privacy score indicates a decrease to the risk of loss.


corresponding company privacy scores based on a calculation comprising elements of the privacy practice of the corresponding company and elements of a privacy policy of the corresponding company.
19. (cancelled)
20. (cancelled)

Allowable Subject Matter
Claim 1-2, 5-10, and 13-18 are allowed.

The following is an examiner' s statement of reasons for allowance: 
Yampolskiy et al  (US 2017/0048267  ) discloses in Fig 7 a company privacy score card.  Further in Fig 8, Yampolskiy discloses elements of privacy practice as well as a historical trend of company privacy score.  In Fig 9, Yampolskiy discloses further detail related to elements of privacy practice. In Fig 10 1002, Yampolskiy discloses a 31 day history of malware events.  And in [0094] Yampolskiy discloses, the cyber insurance provider may then adjust premiums based on the assessment of an entity's probability of experiencing a security breach.

NPL document titled, 'Ranking Digital Rights – 2019 Corporate Accountability Index'
archived on July 29, 2019 and retrieved from: 
web.archive.org/web/20190729140823/https://rankingdigitalrights.org/index2019/report/privacy
teaches in Figure 13 found page 3/33, plurality of company privacy scores.

Urdea et al (US 2009/0012716) discloses in [0055] a diabetes risk score that determines an individual's premium for health insurance.

Mo et el (US 2019/0034846) discloses generating Fig 2 201  a cybersecurity risk level for a portfolio of companies and to generated Fig 2 204  a degree of mutuality (i.e. common attributes) that may increase risk to the portfolio as a whole,  used to adjust the cybersecurity risk level according to the added risk introduced by interdependencies or commonalities between companies. see also [0045],  [0071]

Balabine (US 10,771,347) discloses in C11 4-6 that insurance premiums and coverage amounts can determined using models regarding risk of breach and cost of data breach.

Fitzgerald et al (US 2014/0200929) discloses in [0196] that a user's insurance premium covering a phone may be adjusted according to the users compliance with opt-in provisions to allow for monitoring and fraud prevention of the phone.
Curry et al (US 2007/0294195) discloses [0044] – [0053] an individual(s) associated with a corporation is to be assessed for fraud risk.  And if the individuals calculated fraud risk is lower than a threshold, the insurance premium for corporate insurance may be reduced.

The prior art of record does not explicitly disclose in light of the other features recited in the independent claims, 
determine a plurality of companies with which the user has a corresponding account using only the received personally identifying information and collected data

determine a user privacy score for the user based on each corresponding company privacy score 

increase the insurance premium price when the consumer privacy score indicates an increase to the risk of loss;

decrease the insurance premium when the consumer privacy score indicates a decrease to the risk of loss.



Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner' s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/RICHARD A MCCOY/Examiner, Art Unit 2431