SYSTEM AND METHOD FOR CONTROLLING COMMUNICATION OF PRIVATE INFORMATION OVER A NETWORK
First Claim
1. A system for controlling access to private information, comprising:
- a privacy preference repository accessible by one or more subjects of said private information and by a private access bureau, said privacy preference repository storing privacy preferences configured by said subjects to indicate conditions for disclosure of said private information;
a policy repository accessible by said private access bureau, said policy repository storing legal criteria for accessing said private information;
wherein said private access bureau is configured to receive requests from privacy-enabled systems for said privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to said privacy-enabled systems receiving a request for access to said private information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for controlling access to private information over a network is provided including a privacy preference repository accessible by one or more subjects of the private information and by a private access bureau. The privacy preference repository stores privacy preferences configured by the subjects to indicate conditions for disclosure of said private information. A policy repository that stores legal criteria for accessing the private information is also accessible by the private access bureau. The private access bureau is configurable to receive requests from privacy-enabled systems for privacy directives that take into account the privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to the privacy-enabled systems.
-
Citations
20 Claims
-
1. A system for controlling access to private information, comprising:
-
a privacy preference repository accessible by one or more subjects of said private information and by a private access bureau, said privacy preference repository storing privacy preferences configured by said subjects to indicate conditions for disclosure of said private information; a policy repository accessible by said private access bureau, said policy repository storing legal criteria for accessing said private information; wherein said private access bureau is configured to receive requests from privacy-enabled systems for said privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to said privacy-enabled systems receiving a request for access to said private information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer implemented method for controlling access to private information, comprising:
-
receiving, by a computer implemented private access bureau having at least one processor, a request for parameters governing opening a private record from a privacy-assured application; reading legal criteria related to said private record from a policy repository of said private access bureau by said at least one processor in response to said request; reading privacy preferences related to said private record from a privacy preference repository of said private access bureau by said at least one processor in response to said request; comparing said request to said legal criteria and said privacy preferences by said at least one processor in response to said request to determine which portions of said private record are authorized for viewing by a requestor in accordance with both said legal criteria and said privacy preferences; and sending, by said private access bureau to said privacy-enabled application, an indication of which portions of said private record are authorized for viewing in response to completing said comparison.
-
-
15. A computer implemented method of effecting a privacy policy for a website or online service, comprising:
-
establishing a baseline policy respecting the collection, access, use, and sharing of data received from said website or online service users; promising in said privacy policy that if a user of said website or online service establishes a privacy preference in a private access bureau that deviates from said baseline policy, that said website or online service will abide by said preference unless expressly prohibited from doing so by controlling law; and configuring said website or online service to query said private access bureau and if said user has a privacy preference, taking into account said privacy preference in carrying out said website or online service'"'"'s practices with respect to collecting, accessing, using or sharing data received from said user. - View Dependent Claims (16, 17, 18)
-
-
19. A computer-implemented method in which crowd-sourcing is used to establish privacy policies for purposes of a private access bureau comprising:
-
establishing a private network comprised of subject matter experts; identifying access right use cases involving the sharing of private data identifying critical topics for discussion by said subject matter experts, said critical topics involving the application of jurisdictional rules to said access right use cases; and identifying asymptotic areas where said crowd-sourcing indicates unanimity as to the appropriate rules embodying the access right use cases, and entering these into the private access bureau. - View Dependent Claims (20)
-
Specification