Systems and methods for data privacy and destruction
First Claim
1. A computer-implemented method for managing access to personal data, the method comprising:
- a processor selecting one or more business partners having personal data records stored in a database connected to an enterprise computing system, the personal data records including the personal data;
for each particular business partner of the selected business partners, a business partner data management component of the processor identifying each application that accesses the personal data records associated with the particular business partner;
the business partner data management component inquiring from each identified application if it has reached an end-of-purpose period for the personal data records of the particular business partner;
if an end-of-purpose period has been reached by a particular application, receiving a start-of-retention-time indication from the particular application;
storing the start-of-retention-time indication in a data record associated with the particular business partner;
blocking access by the particular application to the personal data records of the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database;
if a start-of-retention-time indication is not received from the particular application, allowing continued access by the particular application to the personal data records associated with the selected business partner;
for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner,calculating an end-of-retention period time for the personal data by the information lifecycle management component; and
removing the personal data from the personal data records at the end-of-retention period expiration.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing application(s)'"'"' access to personal data of an enterprise business partner is presented. The method includes selecting business partners having personal data records stored in a database connected to an enterprise computing system, for each particular business partner identifying each application that accesses the business partner'"'"'s personal data records, inquiring from each identified application if it has reached an end-of-purpose period for the personal data records. If an end-of-purpose period has been reached receiving a start-of-retention-time from the application, storing the start-of-retention-time indication in a data record associated with the particular business partner, and blocking access by the particular application to the personal data records of the particular business partner. If a start-of-retention-time indication is not received allowing continued access by the particular application to the personal data records associated with the selected business partner. Applications located in remote systems can be queried and blocked.
30 Citations
15 Claims
-
1. A computer-implemented method for managing access to personal data, the method comprising:
-
a processor selecting one or more business partners having personal data records stored in a database connected to an enterprise computing system, the personal data records including the personal data; for each particular business partner of the selected business partners, a business partner data management component of the processor identifying each application that accesses the personal data records associated with the particular business partner; the business partner data management component inquiring from each identified application if it has reached an end-of-purpose period for the personal data records of the particular business partner; if an end-of-purpose period has been reached by a particular application, receiving a start-of-retention-time indication from the particular application; storing the start-of-retention-time indication in a data record associated with the particular business partner; blocking access by the particular application to the personal data records of the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database; if a start-of-retention-time indication is not received from the particular application, allowing continued access by the particular application to the personal data records associated with the selected business partner; for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner, calculating an end-of-retention period time for the personal data by the information lifecycle management component; and removing the personal data from the personal data records at the end-of-retention period expiration. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable medium having stored thereon instructions which when executed by a processor cause the processor to perform the method of:
-
selecting one or more business partners having personal data records stored in a database connected to an enterprise computing system, the personal data records including personal data; for each particular business partner of the selected business partners, a business partner data management component of the processor identifying each application that accesses the personal data records associated with the particular business partner; the business partner data management component inquiring from each identified application if it has reached an end-of-purpose period for the personal data records of the particular business partner; if an end-of-purpose period has been reached by a particular application, receiving a start-of-retention-time indication from the particular application; storing the start-of-retention-time indication in a data record associated with the personal data records of the particular business partner; blocking access by the particular application to the personal data records of the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database; if a start-of-retention-time indication is not received from the particular application, allowing continued access by the particular application to the personal data records associated with the selected business partner; for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner, calculating an end-of-retention period time for the personal data by the information lifecycle management component; and removing the personal data from the personal data records at the end-of-retention period expiration. - View Dependent Claims (8, 9)
-
-
10. A system comprising:
-
a processor in communication with a database connected to an enterprise computing system; the database containing personal data records associated with business partners of the enterprise, the personal data records including personal data; the enterprise computing system including one or more applications that access the personal data records; the processor including a business partner data management component configured to identify each application that accesses the personal data records associated with a particular business partner of the selected business partners; the processor including an information lifecycle management component that is configured to store a start-of-retention-time indication received from a particular one of the identified applications; the processor configured to block the particular application access to the personal data records associated with the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database; the information lifecycle management component configured to calculate an end-of-retention period time for the personal data for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner; and the processor configured to remove the personal data from the personal data records at the end-of-retention period expiration. - View Dependent Claims (11, 12, 13, 14, 15)
-
Specification