Privacy management policy hub

US 8,606,746 B2
Filed: 10/20/2008
Issued: 12/10/2013
Est. Priority Date: 10/19/2007
Status: Active Grant

First Claim

Patent Images

1. A privacy management system comprising:

a privacy database, whereinthe privacy database comprises a privacy sharing preference of a customer,the privacy sharing preference is configured to control sharing of personally identifiable information (PII) of the customer, andthe PII comprisesa first portion, anda second portion;

a processor; and

a memory coupled to the processor, the memory storing instructions executable by the processor, the instructions configured to implement a privacy process module, whereinthe privacy process module is communicatively coupled to the privacy database,the privacy process module is configured toreceive an insert record request from a source, whereinthe insert record request comprises privacy data of the customer, andthe source is an external computer system, anddetermine whether a best version record associated with the customer exists in the privacy database, whereinthe best version record comprises a most current representation of the privacy sharing preference,the privacy process module comprises a survivorship engine, wherein the survivorship engine is configured todetermine whether the source is trusted,determine whether the privacy data can be used to update the best version record, in response to a determination that the source is trusted,identify one or more fields of the privacy data that can be used to update one or more fields of the best version record, based on survivorship rules, andupdate the one or more fields of the best version record to produce an updated best version record, andthe privacy process module is further configured tostore a revision history of the best version record, whereinthe revision history comprises at least a portion of the privacy data, the best version record, and the updated best version record,determine whether the privacy data comprises at least one of opt-in information of the customer, whereinthe opt-in information indicates at least the first portion can be shared, oropt-out information of the customer, whereinthe opt-out information indicates at least the second portion should not be shared,define a default privacy sharing preference that indicates at least one ofthe first portion is shared, orthe second portion is not shared, andupdate the best version record with the default privacy sharing preference.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system architecture is disclosed that includes a privacy management system. In particular, the privacy management system provides a policy hub for maintaining and managing customer privacy information. The privacy management system maintains a master data database for customer information and customer privacy preferences, and a rules database for privacy rules. The privacy management system captures, synchronizes, and stores customer privacy data. Privacy rules may be authored using a privacy management vocabulary, and can be customized for an enterprise'"'"'s privacy policies.

302 Citations

26 Claims

1. A privacy management system comprising:
- a privacy database, whereinthe privacy database comprises a privacy sharing preference of a customer,the privacy sharing preference is configured to control sharing of personally identifiable information (PII) of the customer, andthe PII comprisesa first portion, anda second portion;
  
  a processor; and
  
  a memory coupled to the processor, the memory storing instructions executable by the processor, the instructions configured to implement a privacy process module, whereinthe privacy process module is communicatively coupled to the privacy database,the privacy process module is configured toreceive an insert record request from a source, whereinthe insert record request comprises privacy data of the customer, andthe source is an external computer system, anddetermine whether a best version record associated with the customer exists in the privacy database, whereinthe best version record comprises a most current representation of the privacy sharing preference,the privacy process module comprises a survivorship engine, wherein the survivorship engine is configured todetermine whether the source is trusted,determine whether the privacy data can be used to update the best version record, in response to a determination that the source is trusted,identify one or more fields of the privacy data that can be used to update one or more fields of the best version record, based on survivorship rules, andupdate the one or more fields of the best version record to produce an updated best version record, andthe privacy process module is further configured tostore a revision history of the best version record, whereinthe revision history comprises at least a portion of the privacy data, the best version record, and the updated best version record,determine whether the privacy data comprises at least one of opt-in information of the customer, whereinthe opt-in information indicates at least the first portion can be shared, oropt-out information of the customer, whereinthe opt-out information indicates at least the second portion should not be shared,define a default privacy sharing preference that indicates at least one ofthe first portion is shared, orthe second portion is not shared, andupdate the best version record with the default privacy sharing preference.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The privacy management system of claim 1, wherein the privacy process module is further configured todetermine whether the customer is a business customer or a consumer customer, in response to the determination that the source is trusted,in response to a determination that the customer is a consumer customer, evaluate whether the privacy data comprises a new privacy sharing preference of the customer, andupdate the best version record with the new privacy sharing preference, in response to an evaluation that the privacy data comprises the new privacy sharing preference.
  - 3. The privacy management system of claim 2, wherein said privacy process module is further configured to:
    - in response to a determination that the customer is a business customer, evaluate whether the privacy data relates to a privacy sharing preference right, andstore the privacy data in the privacy database, in response to the evaluation.
  - 4. The privacy management system of claim 1, further comprisinga privacy knowledgebase, whereinthe privacy knowledgebase comprises a plurality of privacy rules,the plurality of privacy rules implement a privacy policy that comports with a plurality of laws and regulations,the plurality of laws and regulations are applicable to an entity that stores the PII, andthe plurality of privacy rules are configured to further control how the PII of the customer is shared.
  - 5. The privacy management system of claim 4, further comprising:
    - a privacy administration user interface (UI), whereinsaid privacy administration UI is communicatively coupled to said privacy database.
  - 6. The privacy management system of claim 4, further comprising:
    - a privacy rules user interface (UI), whereinsaid privacy rules UI is communicatively coupled to said privacy knowledgebase, andsaid privacy rules UI allows configuration of said privacy knowledgebase by virtue of being configured toadd a new privacy rule to said privacy rules,modify an existing privacy rule from said privacy rules, anddelete said existing privacy rule from said privacy rules.
  - 7. The privacy management system of claim 1, wherein the privacy process module is further configured toset a privacy flag, wherein the privacy flag indicates a pending status,set a privacy timer for a period of waiting time, andupon expiration of the privacy timer, performthe definition of the default privacy sharing preference, andthe updating of the best version record with the default privacy sharing preference.
  - 8. The privacy management system of claim 1, whereinthe survivorship engine is further configured todetermine a publication date of the privacy data, andcompare the publication date of the privacy data with a plurality of best version publication dates, whereinthe plurality of best version publication dates are associated with a plurality of fields of the best version record, anda comparison result identifies the one or more fields of the privacy data that can be used to update the one or more fields of the best version record.
  - 9. The privacy management system of claim 1, wherein said privacy process module further comprises:
    - a batch management module configured to update a plurality of best version records in a batch;
      
      a communications protocol layer configured to communicate with a plurality of external systems; and
      
      an object manager configured to communicate with the privacy process module, whereinthe object manager is communicatively coupled tothe batch management module, andthe communications protocol layer.
  - 10. The privacy management system of claim 1, said instructions are further configured to implement:
    - a user interface (UI) interaction module, whereinsaid UI interaction module is communicatively coupled to said privacy process module, andsaid UI interaction module comprises at least one ofa privacy status module configured to track current privacy sharing preferences of a plurality of customers, anda privacy history module configured to track past privacy sharing preferences of the plurality of customers.
  - 11. The privacy management system of claim 10, wherein said UI interaction module is configured todetect a privacy event, whereinthe privacy event is caused by receipt of the privacy data of the customer, andprovide the privacy data to the privacy process module, in response to the detection of the privacy event.
  - 12. The privacy management system of claim 1, whereinthe privacy process module is further configured todetermine that no best version record associated with the customer exists in the privacy database, andgenerate a new best version record associated with the customer, whereinthe best version record comprises the privacy data.
  - 13. The privacy management system of claim 1, whereinthe privacy process module is further configured toevaluate whether the privacy data comprises a data update for the PII of the customer, whereinthe PII is stored in the privacy database, andthe PII comprises a plurality of best version data records, andthe survivorship module is further configured tocompare the privacy data with the plurality of best version data records of the customer, in response to an evaluation that the privacy data comprises the data update,identify a matching best version data record that corresponds to the privacy data, andupdate the matching best version data record with the privacy data, based on the survivorship rules.
  - 14. The privacy management system of claim 13, wherein the privacy process module further comprises:
    - a source data history module configured toin response to the data update, create a revision history by saving at least a portion of the matching best version data record as a historical record before the matching best version data record is updated with the data update.

15. A method comprising:
- receiving, at a privacy management computer system, an insert record request from a source, whereinthe insert record request comprises privacy data of a customer, andthe source is an external computer system;
  
  determining whether a best version record associated with the customer exists in a privacy database, whereinthe best version record comprises a most current representation of a privacy sharing preference of the customer,the privacy sharing preference is configured to control sharing of personally identifiable information (PII) of the customer, andthe PII comprisesa first portion, anda second portion;
  
  determining whether the source is trusted;
  
  determining whether the privacy data can be used to update the best version record, in response to a determination that the source is trusted;
  
  identifying one or more fields of the privacy data that can be used to update one or more fields of the best version record, based on survivorship rules;
  
  updating the one or more fields of the best version record to produce an updated best version record;
  
  storing a revision history of the best version record, whereinthe revision history comprises at least a portion of the privacy data, the best version record, and the updated best version record;
  
  determining whether the privacy data comprises at least one ofopt-in information of the customer, whereinthe opt-in information indicates at least the first portion can be shared, oropt-out information of the customer, whereinthe opt-out information indicates at least the second portion should not be shared;
  
  defining a default privacy sharing preference that indicates at least one of the first portion is shared, orthe second portion is not shared; and
  
  updating the best version record with the default privacy sharing preference.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, further comprising:
    - detecting a privacy event, whereinsaid receiving of said privacy data of the customer causes said privacy event.
  - 17. The method of claim 15, further comprising:
    - in response to a determination that the customer is a business customer,evaluating whether the privacy data relates to a privacy preference right, andstoring the privacy data in said privacy database, in response to said evaluation.
  - 18. The method of claim 15, further comprising:
    - evaluating whether the privacy data comprises a data update for the PII of the customer, whereinthe PII is stored in the privacy database, andthe PII comprises a plurality of best version data records;
      
      comparing the privacy data with the plurality of best version data records of the customer, in response to an evaluation that the privacy data comprises the data update;
      
      identifying a matching best version data record that corresponds to the privacy data; and
      
      updating the matching best version data record with the privacy data, based on the survivorship rules.
  - 19. The method of claim 18, further comprising:
    - in response to the data update, creating a revision history by saving at least a portion of the matching best version data record as a historical record before the matching best version data record is updated with the data update.
  - 20. The method of claim 15, whereinthe privacy management computer system comprises a privacy knowledgebase,the privacy knowledgebase comprisesa plurality of privacy rules, anda privacy vocabulary,the plurality of privacy rules implement a privacy policy that comports with a plurality of laws and regulations,the plurality of laws and regulations are applicable to an entity that stores the PII,the plurality of privacy rules are configured to further control sharing of the PII of the customer,the privacy vocabulary comprises a plurality of rule building blocks, andthe plurality of privacy rules are built using the plurality of rule building blocks.
  - 21. The method of claim 20, further comprising at least one of:
    - adding a new privacy rule to the plurality of privacy rules,modifying an existing privacy rule from the plurality of privacy rules, anddeleting existing privacy rule from the plurality of privacy rules.

22. A non-transitory computer program product comprising non-transitory computer readable storage media comprising a plurality of instructions executable on a computer system, wherein the plurality of instructions are configured to:
- receive an insert record request from a source, whereinthe insert record request comprises privacy data of a customer, andthe source is an external computer system;
  
  determine whether a best version record associated with the customer exists in a privacy database, whereinthe best version record comprises a most current representation of a privacy sharing preference of the customer,the privacy sharing preference is configured to control sharing of personally identifiable information (PII) of the customer, andthe PII comprisesa first portion, anda second portion;
  
  determine whether the source is trusted;
  
  determine whether the privacy data can be used to update the best version record, in response to a determination that the source is trusted;
  
  identify one or more fields of the privacy data that can be used to update one or more fields of the best version record, based on survivorship rules;
  
  update the one or more fields of the best version record to produce an updated best version record;
  
  store a revision history of the best version record, whereinthe revision history comprises at least a portion of the privacy data, the best version record, and the updated best version record;
  
  determine whether the privacy data comprises at least one ofopt-in information of the customer, whereinthe opt-in information indicates at least the first portion can be shared, oropt-out information of the customer, whereinthe opt-out information indicates at least the second portion should not be shared;
  
  define a default privacy sharing preference that indicates at least one ofthe first portion is shared, orthe second portion is not shared; and
  
  update the best version record with the default privacy sharing preference.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The non-transitory computer program product of claim 22, wherein said instructions are further configured to:
    - detect a privacy event, whereinreceipt of the privacy data of the customer causes the privacy event.
  - 24. The non-transitory computer program product of claim 23, wherein said instructions are further configured to:
    - in response to a determination that the customer is a business customer, evaluate whether the privacy data relates to a privacy preference right, andstore the privacy data in said privacy database, in response to said evaluation.
  - 25. The non-transitory computer program product of claim 23, wherein said instructions are further configured to:
    - evaluate whether the privacy data comprises a data update for the PII of the customer, whereinthe PII is stored in the privacy database, andthe PII comprises a plurality of best version data records;
      
      compare the privacy data with the plurality of best version data records of the customer, in response to an evaluation that the privacy data comprises the data update;
      
      identify a matching best version data record that corresponds to the privacy data; and
      
      update the matching best version data record with the privacy data, based on the survivorship rules.
  - 26. The non-transitory computer program product of claim 25, wherein said instructions are further configured to:
    - in response to the data update, create a revision history by saving at least a portion of the matching best version data record as a historical record before the matching best version data record is updated with the data update.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Yeap, Hwee Har, You, Catherine, Lu, Qin, Li, Jane, Hsieh, Weiwei, Chan, Lindy H.
Primary Examiner(s)
Richardson, James E

Application Number

US12/254,691
Publication Number

US 20090254511A1
Time in Patent Office

1,877 Days
Field of Search

707/603, 707/689, 707/942, 707/694, 705/317
US Class Current

707/603
CPC Class Codes

G06F 16/219   Managing data history or ve...

G06F 21/6245   Protecting personal data, e...

G06Q 10/0637   Strategic management or ana...

G06Q 30/01   Customer relationship services

G06Q 30/02   Marketing; Price estimation...

G06Q 50/265   Personal security, identity...

Privacy management policy hub

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

302 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy management policy hub

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

302 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links