Automated Privacy Enforcement

US 20110099643A1
Filed: 10/26/2009
Published: 04/28/2011
Est. Priority Date: 10/26/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning a business purpose to one or more employees of an entity;

identifying a plurality of data elements associated with at least one customer of the entity; and

assigning an access value to each data element for the business purpose, wherein the access value indicates a level of access permitted for the one or more employees assigned the business purpose.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of protecting the privacy of data is presented. The system and method may include receiving data from a data warehouse and determining an access level for each data element received. The access value may be based on the assigned business purpose of the user attempting to access the data. If a user with an assigned business purpose is authorized to access the data then access will be given, if not, access to the data will be denied. In some examples, the requesting user may request to override the security settings in order to obtain access to the data.

Citations

21 Claims

1. A method comprising:
- assigning a business purpose to one or more employees of an entity;
  
  identifying a plurality of data elements associated with at least one customer of the entity; and
  
  assigning an access value to each data element for the business purpose, wherein the access value indicates a level of access permitted for the one or more employees assigned the business purpose.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the business purpose is assigned based on job duties of the one or more employees.
  - 3. The method of claim 1, wherein the business purpose is assigned based on the employee'"'"'s position within the entity.
  - 4. The method of claim 1, wherein the step of assigning a business purpose to one or more employees of an entity further includes assigning a business purpose to a plurality of employees of the entity, wherein the business purpose is assigned based on the employee'"'"'s job duties.
  - 5. The method of claim 1, further including providing the one or more employees access to each data element based on the assigned access value for each data element.

6. A method, comprising:
- receiving a request to access at least one data element associated with customer data;
  
  evaluating an access level of an employee making the request to access the at least one data element associated with the customer data;
  
  responsive to determining that the access level of the requesting employee meets a predetermined criteria, providing access to the at least one data element associated with the customer data; and
  
  generating a view including the at least one data element associated with the customer data.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6, wherein the customer data is provided by a data warehouse.
  - 8. The method of claim 6, wherein the business purpose is based on the job duties of the employee.
  - 9. The method of claim 6, further including responsive to determining that the access level of the requesting employee does not meet the predetermined criteria, not allowing access to the at least one data element within the customer data table and generating a view not including the at least one data element.
  - 10. The method of claim 6, further including responsive to determining that the access level of the requesting employee meets the predetermined criteria, providing access to the at least one data element if the customer associated with the at least one data element has consented to share the at least one data element and generating a view including the at least one data element if the customer associated with the at least one data element has consented to share the at least one data element.
  - 11. The method of claim 6, further including responsive to determining that the access level of the requesting employee meets the predetermined criteria, denying access to the at least one data element if the customer associated with the at least one data element has not consented to share the at least one data element and generating a view that does not include the at least one data element.

12. One or more computer-readable media storing computer readable instructions that, when executed, cause one or more processors to perform a method, comprising:
- receiving data including a plurality of data elements associated with at least one customer of an entity;
  
  identifying a plurality of employees of the entity and assigning a business purpose to each employee;
  
  evaluating each data element to determine an access level associated with each data element and the business purpose assigned to each employee; and
  
  assigning an access level to each data element based on the business purpose associated with each employee of the entity.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The one or more computer-readable media of claim 12, further including receiving a request to access at least one data element within the customer data table;
    - evaluating the access level of an employee making the request to access the at least one data element within the received data; and
      
      responsive to determining that the access level of the requesting employee meets a predetermined criteria, providing access to the at least one data element within the received data.
  - 14. The one or more computer-readable media of claim 12, further including responsive to determining that the access level of the requesting employee does not meet the predetermined criteria, not allowing access to the at least one data element within the received data.
  - 15. The one or more computer-readable media of claim 12, further including responsive to determining that the access level of the requesting employee meets the predetermined criteria, providing access to the at least one data element if the customer associated with the at least one data element has consented to share the at least one data element.
  - 16. The one or more computer-readable media of claim 12, further including responsive to determining that the access level of the requesting employee meets the predetermined criteria, denying access to the at least one data element if the customer associated with the at least one data element has not consented to share the at least one data element.

17. An apparatus comprising:
- at least one processor; and
  
  at least one memory storing computer readable instructions that, when executed, cause the at least one processor to;
  
  receive data including a plurality of data elements associated with at least one customer of an entity;
  
  identify a plurality of employees of the entity and assigning a business purpose to each employee;
  
  evaluate each data element to determine an access level associated with each data element and the business purpose assigned to each employee; and
  
  assign an access level to each data element based on the business purpose associated with each employee of the entity.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The apparatus of claim 17, wherein the computer readable instructions, when executed, further cause the apparatus to:
    - receive a request to access at least one data element within the received data;
      
      evaluate the access level of an employee making the request to access the at least one data element within the received data; and
      
      responsive to determining that the access level of the requesting employee meets a predetermined criteria, provide access to the at least one data element within the received data.
  - 19. The apparatus of claim 17, wherein the computer readable instructions, when executed, further cause the apparatus to, responsive to determining that the access level of the requesting employee does not meet the predetermined criteria, not allow access to the at least one data element within the received data.
  - 20. The apparatus of claim 17, wherein the computer readable instructions, when executed, further cause the apparatus to, responsive to determining that the access level of the requesting employee meets the predetermined criteria, provide access to the at least one data element if the customer associated with the at least one data element has consented to share the at least one data element.
  - 21. The apparatus of claim 17, wherein the computer readable instructions, when executed, further cause the apparatus to, responsive to determining that the access level of the requesting employee meets the predetermined criteria, deny access to the at least one data element if the customer associated with the at least one data element has not consented to share the at least one data element.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Harvey, Ann Charlot Hunaeus, Gerrard, Joan L.

Granted Patent

US 8,869,295 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

H04L 63/102   Entity profiles

Automated Privacy Enforcement

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Automated Privacy Enforcement

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links