Policy notice method and system
First Claim
1. A method for promoting compliance with data protection and privacy laws and regulations relating to the privacy rights of individuals that comprises:
- informing an individual involved in potential disclosure of his/her personal data to an entity that the entity has certified its compliance with approved privacy and data security practices that conform to relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
obtaining the individual'"'"'s consent to have the entity receive, or acknowledgment that the entity will receive, and use his/her personal data in accordance with a stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
transmitting to the entity data indicating that the individual has been informed of the entity'"'"'s privacy practices and consented to the entity receiving, or acknowledged that the entity will be receiving, and using his/her personal data in accordance with its stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
receiving from the entity data comprising personal data collected by the entity from the individual;
storing said personal data received from the entity;
periodically checking whether the entity has complied with the stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location; and
wherein the steps of informing the individual, obtaining the individual'"'"'s consent or acknowledgment, transmitting data to the entity, and receiving data from the entity are performed over a computer network.
5 Assignments
0 Petitions
Accused Products
Abstract
A preferred embodiment of the present invention comprises a method and system for promoting compliance with data protection and privacy laws and regulations relating to the privacy rights of individuals. The method comprises the following steps: (1) informing an individual involved in potential disclosure of the individual'"'"'s personal data to an entity that the entity has certified its compliance with approved privacy and data security practices; (2) obtaining the individual'"'"'s consent to have the entity receive, or acknowledgment that the entity will receive, and use the individual'"'"'s personal data in accordance with a stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s country of location; (3) transmitting to the entity data indicating that the individual has been informed of the entity'"'"'s privacy practices and consented to the entity receiving, or acknowledgment that the entity will be receiving, and using the individual'"'"'s personal data; (4) receiving from the entity data comprising personal data collected by the entity from the individual; and (5) periodically checking whether the entity has complied with the stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location.
318 Citations
36 Claims
-
1. A method for promoting compliance with data protection and privacy laws and regulations relating to the privacy rights of individuals that comprises:
-
informing an individual involved in potential disclosure of his/her personal data to an entity that the entity has certified its compliance with approved privacy and data security practices that conform to relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
obtaining the individual'"'"'s consent to have the entity receive, or acknowledgment that the entity will receive, and use his/her personal data in accordance with a stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
transmitting to the entity data indicating that the individual has been informed of the entity'"'"'s privacy practices and consented to the entity receiving, or acknowledged that the entity will be receiving, and using his/her personal data in accordance with its stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
receiving from the entity data comprising personal data collected by the entity from the individual;
storing said personal data received from the entity;
periodically checking whether the entity has complied with the stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location; and
wherein the steps of informing the individual, obtaining the individual'"'"'s consent or acknowledgment, transmitting data to the entity, and receiving data from the entity are performed over a computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for promoting compliance with data protection and privacy laws and regulations relating to the privacy rights of individuals that comprises:
-
means for informing an individual involved in potential disclosure of hi/her personal data to an entity that the entity has certified its compliance with approved privacy and data security practices that conform to relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
means for obtaining the individual'"'"'s consent to have the entity receive, or acknowledgment that the entity will receive and use his/her personal data in accordance with a stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
means for transmitting to the entity data indicating that the individual has been informed of the entity'"'"'s privacy practices and consented to the entity receiving, or acknowledgment that the entity will be receiving, and using his/her personal data in accordance with its stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location;
means for receiving from the entity data comprising personal data collected by the entity from the individual;
means for storing said personal data received from the entity;
means for periodically checking whether the entity has complied with the stated policy or with relevant data protection and privacy laws and regulations covering the use of personal data in at least the individual'"'"'s or the entity'"'"'s country of location; and
wherein a computer network comprises the means for informing the individual, obtaining the individual'"'"'s consent or acknowledgment, transmitting data to the entity, and receiving data from the entity. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification