Automated privacy enforcement
First Claim
Patent Images
1. A method comprising:
- identifying, by a computing device having a processor and memory, a first plurality of business purpose activities associated with an entity;
assigning, by a computing device having a processor and memory, a second plurality of business purpose activities to each employee of a plurality of employees of the entity, the second plurality of business purpose activities being a subset of the first plurality of business purpose activities;
identifying, by the computing device, a plurality of data elements to be protected, the plurality of data elements including data elements internal to the entity and data elements received by the entity from a third party, the plurality of data elements being associated with at least one user of the entity;
assigning, by the computing device, a numeric access value to each data element of the plurality of data elements for each identified business purpose activity of the first plurality of business purpose activities, wherein the numeric access value indicates a level of access to the data element of the plurality of data elements to which it is assigned permitted for an employee of the entity acting under the respective business purpose activity; and
determining, by the computing device, whether a data element of the plurality of protected data elements associated with the at least one user of the entity is provided by a third-party entity different from the entity,wherein when it is determined that the data element is provided by the third-party entity, the numeric access value is conditioned on a preference of the at least one user of the entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of protecting the privacy of data is presented. The system and method may include receiving data from a data warehouse and determining an access level for each data element received. The access value may be based on the assigned business purpose of the user attempting to access the data. If a user with an assigned business purpose is authorized to access the data then access will be given, if not, access to the data will be denied. In some examples, the requesting user may request to override the security settings in order to obtain access to the data.
14 Citations
20 Claims
-
1. A method comprising:
-
identifying, by a computing device having a processor and memory, a first plurality of business purpose activities associated with an entity; assigning, by a computing device having a processor and memory, a second plurality of business purpose activities to each employee of a plurality of employees of the entity, the second plurality of business purpose activities being a subset of the first plurality of business purpose activities; identifying, by the computing device, a plurality of data elements to be protected, the plurality of data elements including data elements internal to the entity and data elements received by the entity from a third party, the plurality of data elements being associated with at least one user of the entity; assigning, by the computing device, a numeric access value to each data element of the plurality of data elements for each identified business purpose activity of the first plurality of business purpose activities, wherein the numeric access value indicates a level of access to the data element of the plurality of data elements to which it is assigned permitted for an employee of the entity acting under the respective business purpose activity; and determining, by the computing device, whether a data element of the plurality of protected data elements associated with the at least one user of the entity is provided by a third-party entity different from the entity, wherein when it is determined that the data element is provided by the third-party entity, the numeric access value is conditioned on a preference of the at least one user of the entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory computing readable media storing computer readable instructions that, when executed by a processor, cause one or more computing devices to:
-
identify a first plurality of business purpose activities associated with an entity; assign a second plurality of business purpose activities to each employee of a plurality of employees of the entity, the second plurality of business purpose activities being a subset of the first plurality of business purpose activities; identify a plurality of data elements to be protected, the plurality of data elements including data elements internal to the entity and data elements received by the entity from a third party, the plurality of data elements being associated with at least one user of the entity; assign a numeric access value to each data element of the plurality of data elements for each identified business purpose activity of the first plurality of business purpose activities, wherein the numeric access value indicates a level of access to the data element of the plurality of data elements to which it is assigned permitted for an employee of the entity acting under the respective business purpose activity; and determine whether a data element of the plurality of protected data elements associated with the at least one user of the entity is provided by a third-party entity different from the entity, wherein when it is determined that the data element is provided by the third-party entity, the numeric access value is conditioned on a preference of the at least one user of the entity. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a processor; and memory coupled to the processor and storing instructions that, when executed by the processor, cause the apparatus to; identify a first plurality of business purpose activities associated with an entity; assign a second plurality of business purpose activities to each employee of a plurality of employees of the entity, the second plurality of business purpose activities being a subset of the first plurality of business purpose activities; identify a plurality of data elements to be protected, the plurality of data elements including data elements internal to the entity and data elements received by the entity from a third party, the plurality of data elements being associated with at least one user of the entity; assign a numeric access value to each data element of the plurality of data elements for each identified business purpose activity of the first plurality of business purpose activities, wherein the numeric access value indicates a level of access to the data element of the plurality of data elements to which it is assigned permitted for an employee of the entity acting under the respective business purpose activity; and determine whether a data element of the plurality of protected data elements associated with the at least one user of the entity is provided by a third-party entity different from the entity, wherein when it is determined that the data element is provided by the third-party entity, the numeric access value is conditioned on a preference of the at least one user of the entity. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification