System and methods for facilitating privacy enforcement
First Claim
1. A computer-implemented method of facilitating privacy enforcement, the computer-implemented method comprising:
- receiving, from an associate of an enterprise, input related to use of stored customer information;
accessing at least one of a plurality of subsystems including data related to customers;
accessing at least one of a plurality of subsystems including data related to associates;
determining, based on the data related to associates, an attribute of the associate;
comparing the data related to customers with the attribute of the associate, wherein the comparison determines the stored customer information that the associate is able to access;
determining which of a plurality of subsystems to access based on comparing of data related to customers and the attribute of the associate;
wherein the plurality of subsystems comprises a governed data label subsystem storing metadata describing how, when and by whom government data stored in one or more external environments is collected, describing how, when and by whom policy data stored in at least one of the plurality of subsystems is collected, the government data comprising data related to government laws or government regulations, the metadata also describing how government data is formatted in the one or more external environments and how policy data is formatted in at least one of the plurality of subsystems;
accessing at least one of the plurality of subsystems to retrieve policy data and at least one of the external environments to retrieve government data based at least in part on the metadata;
maintaining, using the governed data label subsystem, a table of changes comprising a plurality of changes to enterprise policies, government laws and government regulations, the maintaining comprising escalating one or more of the changes in the table of changes for review in response to one or more requests received from associates of the enterprise;
updating the policy data, using the governed data label subsystem, in response to escalating the one or more changes;
filtering, using a processor, at least some of the stored customer information that the associate is able to access, wherein filtering comprises;
characterizing the data related to the associates and the data related to the customers in order to determine which from a plurality of restriction levels is applicable to the data related to the associates, resulting in a first restriction level, and which from a plurality of restriction levels is applicable to the data related to the customers, resulting in a second restriction level;
computing a third restriction level based on a Cartesian product mapping of the first restriction level and the second restriction level, andfiltering, based at least in part on the comparison of the data related to the customer with the third restriction level, the updated policy data and the government data; and
presenting the filtered stored customer information to the associate.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and methods for facilitating privacy enforcement are described. Embodiments of the present invention can deliver automated compliance and/or enforcement for certain consumer privacy laws and privacy-related policies to employees and contractors of an enterprise. When input related to the use of stored customer information is received, data subsystems can be accessed by a privacy engine, which then provides decisioning to produce an enforcement action. Examples of enforcement actions can include denying access to customer information, or granting such access but filtering the information. Enforcement actions can also include updating stored tables or other data structures to maintain an appropriate privacy enforcement posture when new information is added to systems or existing information is changed.
27 Citations
21 Claims
-
1. A computer-implemented method of facilitating privacy enforcement, the computer-implemented method comprising:
-
receiving, from an associate of an enterprise, input related to use of stored customer information; accessing at least one of a plurality of subsystems including data related to customers; accessing at least one of a plurality of subsystems including data related to associates; determining, based on the data related to associates, an attribute of the associate; comparing the data related to customers with the attribute of the associate, wherein the comparison determines the stored customer information that the associate is able to access; determining which of a plurality of subsystems to access based on comparing of data related to customers and the attribute of the associate; wherein the plurality of subsystems comprises a governed data label subsystem storing metadata describing how, when and by whom government data stored in one or more external environments is collected, describing how, when and by whom policy data stored in at least one of the plurality of subsystems is collected, the government data comprising data related to government laws or government regulations, the metadata also describing how government data is formatted in the one or more external environments and how policy data is formatted in at least one of the plurality of subsystems; accessing at least one of the plurality of subsystems to retrieve policy data and at least one of the external environments to retrieve government data based at least in part on the metadata; maintaining, using the governed data label subsystem, a table of changes comprising a plurality of changes to enterprise policies, government laws and government regulations, the maintaining comprising escalating one or more of the changes in the table of changes for review in response to one or more requests received from associates of the enterprise; updating the policy data, using the governed data label subsystem, in response to escalating the one or more changes; filtering, using a processor, at least some of the stored customer information that the associate is able to access, wherein filtering comprises; characterizing the data related to the associates and the data related to the customers in order to determine which from a plurality of restriction levels is applicable to the data related to the associates, resulting in a first restriction level, and which from a plurality of restriction levels is applicable to the data related to the customers, resulting in a second restriction level; computing a third restriction level based on a Cartesian product mapping of the first restriction level and the second restriction level, and filtering, based at least in part on the comparison of the data related to the customer with the third restriction level, the updated policy data and the government data; and presenting the filtered stored customer information to the associate. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A privacy enforcement system comprising:
-
a privacy engine comprising a processor that executes computer readable instructions stored on a non-transitory computer readable medium to; receive, from an associate, input related to use of stored customer information, wherein the stored customer information is associated with a customer; communicate with a source data subsystem to receive data related to the customer; communicate with a source data subsystem to receive data related to the associate; compare the data related to the customer with the data related to the associate, wherein the comparison determines the stored customer information that the associate is able to access; determine which of a plurality of subsystems to access based on comparing of data related to the customer and the data related to the associate; wherein the plurality of subsystems comprises a governed data label subsystem storing metadata describing how, when and by whom government data stored in one or more external environments is collected, describing how, when and by whom policy data stored in at least one of the plurality of subsystems is collected, the government data comprising data related to government laws or government regulations, the metadata also describing how government data is formatted in the one or more external environments and how policy data is formatted in at least one of the plurality of subsystems; and access at least one of the plurality of subsystems to retrieve policy data and at least one of the external environments to retrieve government data based at least in part on the metadata; and a source data subsystem comprising a processor to; maintain a table of changes comprising a plurality of changes to enterprise policies, government laws and government regulations, the maintaining comprising escalating one or more of the changes in the table of changes for review in response to one or more requests received from associates of the enterprise; update the policy data, in response to escalating the one or more changes; and wherein the privacy engine is further to; filter at least some of the stored customer information that the associate is able to access, wherein filtering comprises; characterizing the data related to the associates and the data related to the customers in order to determine which from a plurality of restriction levels is applicable to the data related to the associates, resulting in a first restriction level, and which from a plurality of restriction levels is applicable to the data related to the customers, resulting in a second restriction level; computing a third restriction level based on a Cartesian product mapping of the first restriction level and the second restriction level, and filtering, based at least in part on the comparison of the data related to the customer with the third restriction level, the updated policy data and the government data; and present the filtered stored customer information to the associate. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product, the computer program product comprising at least one non-transitory computer-readable medium having computer-readable program code embodied therein, the computer-readable program code comprising:
-
an executable code configured for receiving, from an associate of an enterprise, input related to use of stored customer information; an executable code configured for accessing at least one of a plurality of subsystems including data related to customers; an executable code configured for accessing at least one of a plurality of subsystems including data related to associates; an executable code configured for determining, based on the data related to associates, an attribute of the associate; an executable code configured for comparing the data related to customers with the attribute of the associate, wherein the comparison determines the stored customer information that the associate is able to access; an executable code configured for determining which of a plurality of subsystems to access based on comparing of data related to customers and the attribute of the associate, wherein the plurality of subsystems comprises a governed data label subsystem storing metadata describing how, when and by whom government data stored in one or more external environments is collected, describing how, when and by whom policy data stored in at least one of the plurality of subsystems is collected, the government data comprising data related to government laws or government regulations, the metadata also describing how government data is formatted in the one or more external environments and how policy data is formatted in at least one of the plurality of subsystems; an executable code configured for accessing at least one of a plurality of subsystems to retrieve policy data and at least one of the external environments to retrieve government data based at least in part on the metadata; an executed code configured for maintaining, using the governed data label subsystem, a table of changes comprising a plurality of changes to enterprise policies, government laws and government regulations, the maintaining comprising escalating one or more of the changes in the table of changes for review in response to one or more requests received from associates of the enterprise; an executable code configured for updating the policy data, using the governed data label subsystem, in response to escalating the one or more changes; an executable code configured for filtering, using a processor, at least some of the stored customer information that the associate is able to access, wherein filtering comprises; characterizing the data related to the associates and the data related to the customers in order to determine which from a plurality of restriction levels is applicable to the data related to the associates, resulting in a first restriction level, and which from a plurality of restriction levels is applicable to the data related to the customers, resulting in a second restriction level; computing a third restriction level based on a Cartesian product mapping of the first restriction level and the second restriction level, and filtering, based at least in part on the comparison of the data related to the customer with the third restriction level, the updated policy data and the government data; and an executable code configured for presenting the filtered stored customer information to the associate. - View Dependent Claims (18, 19, 20, 21)
-
Specification