SYSTEMS AND METHODS OF AUTOMATED COMPLIANCE WITH DATA PRIVACY LAWS

US 20140373182A1
Filed: 04/30/2014
Published: 12/18/2014
Est. Priority Date: 06/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method, including:

tracking a person-related data source by associating a data entity that holds person-related data with a trust object that tracks the source;

wherein the trust object holds trust metadata, including;

name of the person-related data source,interface category of the person-related data source,origin of the person-related data source,consent-type given by subject of the person-related data,data privacy regulations applicable to the origin,at least one purpose of assembling the person-related data, andat least one classification of the person-related data;

receiving a tenant request for the person-related data, wherein the tenant request identifies at least one jurisdiction for subsequently using the person-related data;

constructing a filter that sets acceptable values, in accordance with the data privacy regulations specified in the jurisdiction, for the name of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, the purpose of assembling the person-related data, and the classification of the person-related data; and

automatically applying the filter to the person-related data to restrict transfer of any person-related data that do not meet the data privacy regulations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The technology disclosed relates to automated compliance with data privacy laws of varying jurisdictions. In particular, it relates to constructing trust filters that automatically restrict collection, use, processing, transfer, or consumption of any person-related data that do not meet the data privacy regulations of the applicable jurisdictions. The trust filters are constructed dependent on associating person-related data entities with trust objects that track person-related data sources.

Citations

14 Claims

1. A method, including:
- tracking a person-related data source by associating a data entity that holds person-related data with a trust object that tracks the source;
  
  wherein the trust object holds trust metadata, including;
  
  name of the person-related data source,interface category of the person-related data source,origin of the person-related data source,consent-type given by subject of the person-related data,data privacy regulations applicable to the origin,at least one purpose of assembling the person-related data, andat least one classification of the person-related data;
  
  receiving a tenant request for the person-related data, wherein the tenant request identifies at least one jurisdiction for subsequently using the person-related data;
  
  constructing a filter that sets acceptable values, in accordance with the data privacy regulations specified in the jurisdiction, for the name of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, the purpose of assembling the person-related data, and the classification of the person-related data; and
  
  automatically applying the filter to the person-related data to restrict transfer of any person-related data that do not meet the data privacy regulations.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein interface categories of person-related data sources include access controlled APIs, public Internet, and social networking sites.
  - 3. The method of claim 1, wherein the origin of the person-related data source identifies at least one geographic location of the source.
  - 4. The method of claim 1, wherein consent-types of subjects of person-related data include at least express consent, implied consent, and opt-out consent.
  - 5. The method of claim 1, wherein the classification of the person-related data includes at least personal data and business data.
  - 6. The method of claim 1, further including automatically authorizing transfer of the filtered person-related data into the jurisdiction used to construct the filter.
  - 7. The method of claim 1, further including automatically authorizing access to the filtered person-related data by tenant personnel stationed in the jurisdiction used to construct the filter.

8. A system, including:
- a processor and a computer readable storage medium storing computer instructions configured to cause the processor to;
  
  track a person-related data source by associating a data entity that holds person-related data with a trust object that tracks the source;
  
  wherein the trust object holds trust metadata, including;
  
  name of the person-related data source,interface category of the person-related data source,origin of the person-related data source,consent-type given by subject of the person-related data,data privacy regulations applicable to the origin,at least one purpose of assembling the person-related data, andat least one classification of the person-related data;
  
  receive a tenant request for the person-related data, wherein the tenant request identifies at least one jurisdiction for subsequently using the person-related data;
  
  construct a filter that sets acceptable values, in accordance with the data privacy regulations specified in the jurisdiction, for the name of the person-related data source, origin of the person-related data source, consent-type given by subject of the person-related data, the purpose of assembling the person-related data, and the classification of the person-related data; and
  
  automatically apply the filter to the person-related data to restrict transfer of any person-related data that do not meet the data privacy regulations.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein interface categories of person-related data sources include access controlled APIs, public Internet, and social networking sites.
  - 10. The system of claim 8, wherein the origin of the person-related data source identifies at least one geographic location of the source.
  - 11. The system of claim 8, wherein consent-types of subjects of person-related data include at least express consent, implied consent, and opt-out consent.
  - 12. The system of claim 8, wherein the classification of the person-related data includes at least personal data and business data.
  - 13. The system of claim 8, further including automatically authorizing transfer of the filtered person-related data into the jurisdiction used to construct the filter.
  - 14. The system of claim 8, further including automatically authorizing access to the filtered person-related data by tenant personnel stationed in the jurisdiction used to construct the filter.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Peri, Harish, Singh, Atul, Jacques, Shiela

Granted Patent

US 10,430,608 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

SYSTEMS AND METHODS OF AUTOMATED COMPLIANCE WITH DATA PRIVACY LAWS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS OF AUTOMATED COMPLIANCE WITH DATA PRIVACY LAWS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links