SYSTEM AND METHOD FOR MANAGING DATA PRIVACY

US 20070283171A1
Filed: 06/14/2007
Published: 12/06/2007
Est. Priority Date: 09/17/2002
Status: Abandoned Application

First Claim

Patent Images

1-31. -31. (canceled)

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise'"'"'s data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated. Once a questionnaire has been completed, the application is given ratings both with respect to the data privacy impact of the application and the application'"'"'s compliance with the data privacy requirements. If a risk exists, a plan for reducing the risk or bringing the application into compliance can be formulated, and progress towards compliance can be tracked. Alternatively, an identified exposure to risk can be acknowledged through the system, which requires sign off by various higher level managers and administrators.

Citations

52 Claims

1-31. -31. (canceled)

32. A computer implemented method for managing protection of data privacy, the method comprising the steps of:
- maintaining a repository for managing data privacy assessments for an entity;
  
  presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies;
  
  tracking responses associated with each automated questionnaire in the repository;
  
  evaluating compliance with the one or more policies based on the responses;
  
  assigning a rating of exposure to risk associated with the compliance; and
  
  determining an action based on the rating of exposure.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 33. The method of claim 32, wherein the one or more policies comprise one or more privacy regulations.
  - 34. The method of claim 33, wherein the one or more privacy regulations comprise one or more Federal regulations.
  - 35. The method of claim 34, wherein the Federal regulations comprise Health Insurance Portability and Accountability Act (HIPAA).
  - 36. The method of claim 32, wherein the one or more policies are specific to a jurisdiction associated with the entity.
  - 37. The method of claim 32, wherein the rating represents a degree of compliance with the one or more policies.
  - 38. The method of claim 32, wherein the one or more users are associated with one or more groups within the entity and wherein the one or more questionnaires are specific to each group.
  - 39. The method of claim 32, wherein the step of determining an action comprises formulating a plan for reducing the risk.
  - 40. The method of claim 32, wherein the step of determining an action comprises formulating a plan for compliance.
  - 41. The method of claim 32, wherein the step of determining an action comprises disclaiming the risk.
  - 42. The method of claim 32, further comprising the step of:
    - forwarding the rating of exposure to one or more designated users for evaluating the exposure of risk relative to other groups within the entity.
  - 43. The method of claim 32, further comprising the step of:
    - generating one or more reports that provide compliance status.
  - 44. The method of claim 32, further comprising the step of:
    - searching the repository for identifying one or more of risk and compliance information.

45. A computer implemented system for managing protection of data privacy, the system comprising:
- a repository for managing data privacy assessments for an entity; and
  
  a decision engine for presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies;
  
  tracking responses associated with each automated questionnaire;
  
  evaluating compliance with the one or more policies based on the responses;
  
  assigning a rating of exposure to risk associated with the compliance; and
  
  determining an action based on the rating of exposure.
- View Dependent Claims (46, 47, 48, 49, 50)
- - 46. The system of claim 45, wherein the one or more policies comprise one or more privacy regulations based on Federal regulations.
  - 47. The system of claim 46, wherein the Federal regulations comprise Health Insurance Portability and Accountability Act (HIPAA).
  - 48. The system of claim 45, wherein the rating represents a degree of compliance with the one or more policies.
  - 49. The system of claim 45, wherein the one or more users are associated with one or more groups within the entity and wherein the one or more questionnaires are specific to each group.
  - 50. The system of claim 45, wherein determining an action comprises one or more of formulating a plan for reducing the risk;
    - formulating a plan for compliance and disclaiming the risk.

51. A method for an enterprise to manage privacy of information, the method comprising:
- identifying application information that describes at least one software application used by the enterprise;
  
  storing the application information in a database;
  
  identifying types of information that are contained in or used by the application;
  
  storing the types of information in the database;
  
  determining jurisdiction information that describes the jurisdictions in which the application operates;
  
  storing the jurisdiction information in the database;
  
  identifying the procedures used to protect the privacy of the types of information;
  
  storing procedural information related to the procedures in the database;
  
  automatically determining a compliance rating associated with the application;
  
  storing the compliance rating in the database;
  
  providing status data from the database, wherein the status data comprises at least the compliance rating.
- View Dependent Claims (52)
- - 52. The method of claim 51, wherein the step of automatically determining the compliance rating associated with the application is in response to one or more regulations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Breslin, Jodi, Borgia, Evelyn, de Gottal, Graham

Application Number

US11/763,030
Publication Number

US 20070283171A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06Q 10/10 Office automation; Time man...

SYSTEM AND METHOD FOR MANAGING DATA PRIVACY

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR MANAGING DATA PRIVACY

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links