Using a privacy agreement framework to improve handling of personally identifiable information
First Claim
1. A method, in an information handling system comprising a processor and a storage device, for improving the handling of personally identifiable information, said method comprising:
- generating, in the information handling system, an object model for representing relationships between active entities with regard to handling of personally identifiable information, wherein the active entities comprise a data subject, represented as a data subject object in the object model, and at least one data user, represented as at least one data user object in the object model, and wherein the data subject is an active entity that is identified by the personally identifiable information and the at least one data user is an active entity that uses the personally identifiable information obtained from the data subject;
identifying, by the information handling system, parties involved in a process of handling personally identifiable information based on the object model, wherein the parties comprise the data subject and the at least one data user;
identifying, by the information handling system, data involved in said process from a data model;
classifying, by the information handling system, the data as personally identifiable information or non-personally identifiable information;
expressing, by the information handling system, based on the object model, each relationship between each pair of said parties in terms of a privacy agreement, wherein the privacy agreement for each relationship between each pair of parties is a subset of a natural language privacy policy set, the subset being defined as specific to a particular situation or purpose and specific to the particular parties in the pair of parties; and
representing, by the information handling system, said parties, said data, and said privacy agreements graphically as objects and associations between objects in one or more privacy agreement relationship diagrams;
reducing privacy-related risks involved in said process based on the one or more privacy agreement relationship diagrams; and
transforming data into a less sensitive form based on the one or more privacy agreement relationship diagrams, wherein the less sensitive form is one of a de-personalized form in which transformed data does not contain personally identifiable information that identifies the data subject but is able to be associated with the data subject using other data having personally identifiable information, or an anonymous form in which transformed data does not contain personally identifiable information that identifiers the data subject and is not able to be associated with the data subject, wherein;
each privacy agreement uses a limited number of privacy-related actions concerning said personally identifiable information; and
said privacy agreement expresses privacy rules regarding said privacy-related actions, for each party in a pair of parties with which the privacy agreement is associated.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention entails identifying the parties involved in a process of handling personally identifiable information; identifying the data involved in said process; classifying the data; expressing each relationship between each pair of said parties in terms of a privacy agreement; and representing the parties, data, and privacy agreements graphically in one or more privacy agreement relationship diagrams. The invention has the advantage of identifying opportunities to reduce privacy-related risks, including identifying unnecessary exchanges of data, for possible elimination, and identifying opportunities to transform data into a less sensitive form. Privacy agreements are based on a limited set of privacy-related actions: access, disclose, release, notify, utilize, update, withdrawConsent, giveConsent, delete, anonymize, depersonalize, and repersonalize. One aspect of the present invention is a method for improving the handling of personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
78 Citations
6 Claims
-
1. A method, in an information handling system comprising a processor and a storage device, for improving the handling of personally identifiable information, said method comprising:
-
generating, in the information handling system, an object model for representing relationships between active entities with regard to handling of personally identifiable information, wherein the active entities comprise a data subject, represented as a data subject object in the object model, and at least one data user, represented as at least one data user object in the object model, and wherein the data subject is an active entity that is identified by the personally identifiable information and the at least one data user is an active entity that uses the personally identifiable information obtained from the data subject; identifying, by the information handling system, parties involved in a process of handling personally identifiable information based on the object model, wherein the parties comprise the data subject and the at least one data user; identifying, by the information handling system, data involved in said process from a data model; classifying, by the information handling system, the data as personally identifiable information or non-personally identifiable information; expressing, by the information handling system, based on the object model, each relationship between each pair of said parties in terms of a privacy agreement, wherein the privacy agreement for each relationship between each pair of parties is a subset of a natural language privacy policy set, the subset being defined as specific to a particular situation or purpose and specific to the particular parties in the pair of parties; and representing, by the information handling system, said parties, said data, and said privacy agreements graphically as objects and associations between objects in one or more privacy agreement relationship diagrams; reducing privacy-related risks involved in said process based on the one or more privacy agreement relationship diagrams; and transforming data into a less sensitive form based on the one or more privacy agreement relationship diagrams, wherein the less sensitive form is one of a de-personalized form in which transformed data does not contain personally identifiable information that identifies the data subject but is able to be associated with the data subject using other data having personally identifiable information, or an anonymous form in which transformed data does not contain personally identifiable information that identifiers the data subject and is not able to be associated with the data subject, wherein; each privacy agreement uses a limited number of privacy-related actions concerning said personally identifiable information; and said privacy agreement expresses privacy rules regarding said privacy-related actions, for each party in a pair of parties with which the privacy agreement is associated. - View Dependent Claims (2)
-
-
3. A system for improving the handling of personally identifiable information, said system comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to; generate an object model for representing relationships between active entities with regard to handling of personally identifiable information, wherein the active entities comprise a data subject, represented as a data subject object in the object model, and at least one data user, represented as at least one data user object in the object model, and wherein the data subject is an active entity that is identified by the personally identifiable information and the at least one data user is an active entity that uses the personally identifiable information obtained from the data subject; identify parties involved in a process of handling personally identifiable information based on the object model, wherein the parties comprise the data subject and the at least one data user; identify data involved in said process from a data model; classify the data as personally identifiable information or non-personally identifiable information express, based on the object model, each relationship between each pair of said parties in terms of a privacy agreement, wherein the privacy agreement for each relationship between each pair of parties is a subset of a natural language privacy policy set, the subset being defined as specific to a particular situation or purpose and specific to the particular parties in the pair of parties; represent said parties, said data, and said privacy agreements graphically as objects and associations between objects in one or more privacy agreement relationship diagrams; reduce privacy-related risks involved in said process based on the one or more privacy agreement relationship diagrams; and transform data into a less sensitive form based on the one or more privacy agreement relationship diagrams, wherein the less sensitive form is one of a de-personalized form in which transformed data does not contain personally identifiable information that identifies the data subject but is able to be associated with the data subject using other data having personally identifiable information, or an anonymous form in which transformed data does not contain personally identifiable information that identifiers the data subject and is not able to be associated with the data subject, wherein; each privacy agreement uses a limited number of privacy-related actions concerning said personally identifiable information; and said privacy agreement expresses privacy rules regarding said privacy-related actions, for each party in a pair of parties with which the privacy agreement is associated. - View Dependent Claims (4)
-
-
5. A computer-usable medium having computer-executable instructions for improving the handling of personally identifiable information, said computer-executable instructions, when executed by a computing device, cause the computing device to:
-
generate an object model for representing relationships between active entities with regard to handling of personally identifiable information, wherein the active entities comprise a data subject, represented as a data subject object in the object model, and at least one data user, represented as at least one data user object in the object model, and wherein the data subject is an active entity that is identified by the personally identifiable information and the at least one data user is an active entity that uses the personally identifiable information obtained from the data subject; identify parties involved in a process of handling personally identifiable information based on the object model, wherein the parties comprise the data subject and the at least one data user; identify data involved in said process from a data model; classify the data as personally identifiable information or non-personally identifiable information; express, based on the object model, each relationship between each pair of said parties in terms of a privacy agreement, wherein the privacy agreement for each relationship between each pair of parties is a subset of a natural language privacy policy set, the subset being defined as specific to a particular situation or purpose and specific to the particular parties in the pair of parties; and represent said parties, said data, and said privacy agreements graphically as objects and associations between objects in one or more privacy agreement relationship diagrams; reduce privacy-related risks involved in said process based on the one or more privacy agreement relationship diagrams; and transform data into a less sensitive form based on the one or more privacy agreement relationship diagrams, wherein the less sensitive form is one of a de-personalized form in which transformed data does not contain personally identifiable information that identifies the data subject but is able to be associated with the data subject using other data having personally identifiable information, or an anonymous form in which transformed data does not contain personally identifiable information that identifiers the data subject and is not able to be associated with the data subject, wherein; each privacy agreement uses a limited number of privacy-related actions concerning said personally identifiable information; and said privacy agreement expresses privacy rules regarding said privacy-related actions, for each party in a pair of parties with which the privacy agreement is associated. - View Dependent Claims (6)
-
Specification