SYSTEMS AND METHODS OF AUTOMATED COMPLIANCE WITH DATA PRIVACY LAWS
First Claim
Patent Images
1. A method, including:
- tracking a person-related data source by associating a data entity that holds person-related data with a trust object that tracks the source;
wherein the trust object holds trust metadata, including;
name of the person-related data source,interface category of the person-related data source,origin of the person-related data source,consent-type given by subject of the person-related data,data privacy regulations applicable to the origin,at least one purpose of assembling the person-related data, andat least one classification of the person-related data;
receiving a tenant request for the person-related data, wherein the tenant request identifies at least one jurisdiction for subsequently using the person-related data;
constructing a filter that sets acceptable values, in accordance with the data privacy regulations specified in the jurisdiction, for the name of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, the purpose of assembling the person-related data, and the classification of the person-related data; and
automatically applying the filter to the person-related data to restrict transfer of any person-related data that do not meet the data privacy regulations.
1 Assignment
0 Petitions
Accused Products
Abstract
The technology disclosed relates to automated compliance with data privacy laws of varying jurisdictions. In particular, it relates to constructing trust filters that automatically restrict collection, use, processing, transfer, or consumption of any person-related data that do not meet the data privacy regulations of the applicable jurisdictions. The trust filters are constructed dependent on associating person-related data entities with trust objects that track person-related data sources.
-
Citations
14 Claims
-
1. A method, including:
-
tracking a person-related data source by associating a data entity that holds person-related data with a trust object that tracks the source; wherein the trust object holds trust metadata, including; name of the person-related data source, interface category of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, data privacy regulations applicable to the origin, at least one purpose of assembling the person-related data, and at least one classification of the person-related data; receiving a tenant request for the person-related data, wherein the tenant request identifies at least one jurisdiction for subsequently using the person-related data; constructing a filter that sets acceptable values, in accordance with the data privacy regulations specified in the jurisdiction, for the name of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, the purpose of assembling the person-related data, and the classification of the person-related data; and automatically applying the filter to the person-related data to restrict transfer of any person-related data that do not meet the data privacy regulations. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, including:
a processor and a computer readable storage medium storing computer instructions configured to cause the processor to; track a person-related data source by associating a data entity that holds person-related data with a trust object that tracks the source; wherein the trust object holds trust metadata, including; name of the person-related data source, interface category of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, data privacy regulations applicable to the origin, at least one purpose of assembling the person-related data, and at least one classification of the person-related data; receive a tenant request for the person-related data, wherein the tenant request identifies at least one jurisdiction for subsequently using the person-related data; construct a filter that sets acceptable values, in accordance with the data privacy regulations specified in the jurisdiction, for the name of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, the purpose of assembling the person-related data, and the classification of the person-related data; and automatically apply the filter to the person-related data to restrict transfer of any person-related data that do not meet the data privacy regulations. - View Dependent Claims (9, 10, 11, 12, 13, 14)
Specification