SYSTEM AND METHOD FOR MANAGING DATA PRIVACY
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise'"'"'s data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated. Once a questionnaire has been completed, the application is given ratings both with respect to the data privacy impact of the application and the application'"'"'s compliance with the data privacy requirements. If a risk exists, a plan for reducing the risk or bringing the application into compliance can be formulated, and progress towards compliance can be tracked. Alternatively, an identified exposure to risk can be acknowledged through the system, which requires sign off by various higher level managers and administrators.
-
Citations
52 Claims
-
1-31. -31. (canceled)
-
32. A computer implemented method for managing protection of data privacy, the method comprising the steps of:
-
maintaining a repository for managing data privacy assessments for an entity;
presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies;
tracking responses associated with each automated questionnaire in the repository;
evaluating compliance with the one or more policies based on the responses;
assigning a rating of exposure to risk associated with the compliance; and
determining an action based on the rating of exposure. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A computer implemented system for managing protection of data privacy, the system comprising:
-
a repository for managing data privacy assessments for an entity; and
a decision engine for presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies;
tracking responses associated with each automated questionnaire;
evaluating compliance with the one or more policies based on the responses;
assigning a rating of exposure to risk associated with the compliance; and
determining an action based on the rating of exposure. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. A method for an enterprise to manage privacy of information, the method comprising:
-
identifying application information that describes at least one software application used by the enterprise;
storing the application information in a database;
identifying types of information that are contained in or used by the application;
storing the types of information in the database;
determining jurisdiction information that describes the jurisdictions in which the application operates;
storing the jurisdiction information in the database;
identifying the procedures used to protect the privacy of the types of information;
storing procedural information related to the procedures in the database;
automatically determining a compliance rating associated with the application;
storing the compliance rating in the database;
providing status data from the database, wherein the status data comprises at least the compliance rating. - View Dependent Claims (52)
-
Specification