Systems and methods for data privacy and destruction

US 9,047,228 B2
Filed: 07/26/2012
Issued: 06/02/2015
Est. Priority Date: 07/26/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing access to personal data, the method comprising:

a processor selecting one or more business partners having personal data records stored in a database connected to an enterprise computing system, the personal data records including the personal data;

for each particular business partner of the selected business partners, a business partner data management component of the processor identifying each application that accesses the personal data records associated with the particular business partner;

the business partner data management component inquiring from each identified application if it has reached an end-of-purpose period for the personal data records of the particular business partner;

if an end-of-purpose period has been reached by a particular application, receiving a start-of-retention-time indication from the particular application;

storing the start-of-retention-time indication in a data record associated with the particular business partner;

blocking access by the particular application to the personal data records of the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database;

if a start-of-retention-time indication is not received from the particular application, allowing continued access by the particular application to the personal data records associated with the selected business partner;

for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner,calculating an end-of-retention period time for the personal data by the information lifecycle management component; and

removing the personal data from the personal data records at the end-of-retention period expiration.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing application(s)'"'"' access to personal data of an enterprise business partner is presented. The method includes selecting business partners having personal data records stored in a database connected to an enterprise computing system, for each particular business partner identifying each application that accesses the business partner'"'"'s personal data records, inquiring from each identified application if it has reached an end-of-purpose period for the personal data records. If an end-of-purpose period has been reached receiving a start-of-retention-time from the application, storing the start-of-retention-time indication in a data record associated with the particular business partner, and blocking access by the particular application to the personal data records of the particular business partner. If a start-of-retention-time indication is not received allowing continued access by the particular application to the personal data records associated with the selected business partner. Applications located in remote systems can be queried and blocked.

30 Citations

View as Search Results

15 Claims

1. A computer-implemented method for managing access to personal data, the method comprising:
- a processor selecting one or more business partners having personal data records stored in a database connected to an enterprise computing system, the personal data records including the personal data;
  
  for each particular business partner of the selected business partners, a business partner data management component of the processor identifying each application that accesses the personal data records associated with the particular business partner;
  
  the business partner data management component inquiring from each identified application if it has reached an end-of-purpose period for the personal data records of the particular business partner;
  
  if an end-of-purpose period has been reached by a particular application, receiving a start-of-retention-time indication from the particular application;
  
  storing the start-of-retention-time indication in a data record associated with the particular business partner;
  
  blocking access by the particular application to the personal data records of the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database;
  
  if a start-of-retention-time indication is not received from the particular application, allowing continued access by the particular application to the personal data records associated with the selected business partner;
  
  for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner,calculating an end-of-retention period time for the personal data by the information lifecycle management component; and
  
  removing the personal data from the personal data records at the end-of-retention period expiration.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further including blocking access by setting a flag in a field of the personal data records of the particular business partner.
  - 3. The method of claim 1, further including the application requesting an end-of-residence-time from an information lifecycle management component of the processor to determine a business purpose status of the personal data records of the particular business partner.
  - 4. The method of claim 1 further including storing the start-of-retention-time and an application identifier in a data table associated with the particular business partner.
  - 5. The method of claim 1, wherein the one or more business partners are selected based on user specified criteria.
  - 6. The method of claim 1, further including:
    - the business partner data management component identifying one or more remote systems having applications accessing the personal data records associated with the selected business partners;
      
      determining if the applications of the remote systems have reached an end-of-purpose period for the personal data records associated with the selected business partners; and
      
      if the applications of the remote systems have reached the end-of-purpose period, receiving a start-of-retention time from applications of the remote system.

7. A non-transitory computer readable medium having stored thereon instructions which when executed by a processor cause the processor to perform the method of:
- selecting one or more business partners having personal data records stored in a database connected to an enterprise computing system, the personal data records including personal data;
  
  for each particular business partner of the selected business partners, a business partner data management component of the processor identifying each application that accesses the personal data records associated with the particular business partner;
  
  the business partner data management component inquiring from each identified application if it has reached an end-of-purpose period for the personal data records of the particular business partner;
  
  if an end-of-purpose period has been reached by a particular application, receiving a start-of-retention-time indication from the particular application;
  
  storing the start-of-retention-time indication in a data record associated with the personal data records of the particular business partner;
  
  blocking access by the particular application to the personal data records of the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database;
  
  if a start-of-retention-time indication is not received from the particular application, allowing continued access by the particular application to the personal data records associated with the selected business partner;
  
  for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner,calculating an end-of-retention period time for the personal data by the information lifecycle management component; and
  
  removing the personal data from the personal data records at the end-of-retention period expiration.
- View Dependent Claims (8, 9)
- - 8. The non-transitory computer readable medium of claim 7, further including executable instructions to cause a processor to perform the step of storing the start-of-retention-time and an application identifier in a data table associated with the particular business partner.
  - 9. The non-transitory computer readable medium of claim 7, further including executable instructions to cause a processor to perform the steps of:
    - the business partner data management component identifying one or more remote systems having applications accessing the personal data records associated with the selected business partners;
      
      determining if the applications of the remote systems have reached an end-of-purpose period for the personal data records associated with the selected business partners; and
      
      if the applications of the remote systems have reached the end-of-purpose period, receiving a start-of-retention time from applications of the remote system.

10. A system comprising:
- a processor in communication with a database connected to an enterprise computing system;
  
  the database containing personal data records associated with business partners of the enterprise, the personal data records including personal data;
  
  the enterprise computing system including one or more applications that access the personal data records;
  
  the processor including a business partner data management component configured to identify each application that accesses the personal data records associated with a particular business partner of the selected business partners;
  
  the processor including an information lifecycle management component that is configured to store a start-of-retention-time indication received from a particular one of the identified applications;
  
  the processor configured to block the particular application access to the personal data records associated with the particular business partner based on the start-of-retention-time indication received from the particular application, without deleting the personal data from the database;
  
  the information lifecycle management component configured to calculate an end-of-retention period time for the personal data for each particular business partner if a start-of-retention time is received from each application accessing the personal data records associated with the particular business partner; and
  
  the processor configured to remove the personal data from the personal data records at the end-of-retention period expiration.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, further including a data store in communication with the processor, the data store containing at least one of retention rules and residence rules based on data privacy requirements.
  - 12. The system of claim 11, further including the information lifecycle management component configured to support the definition of the retention rules and the residence rules.
  - 13. The system of claim 10, the information lifecycle component including:
    - an archiving component configured to archive information lifecycle management objects;
      
      a blocking component configured to block access to the personal data records; and
      
      a retention management component configured to customize at least one of the residence rules and the retention rules associated with the one or more applications.
  - 14. The system of claim 10, the business partner data management component including:
    - an end-of-purpose interface component configured to perform verification of an application reaching its end of purpose for personal data records associated with a particular one of the selected business partners; and
      
      a registration component configured to create custom interfaces between each particular business partner and each application accessing the personal data records of the particular business partner.
  - 15. The system of claim 14, further including:
    - one or more archiving event modules configured to implement at least one of check data for dependencies, archive business partner record header data, archive business partner dependent data, and delete one of header and dependent data; and
      
      one or more deletion event modules configured to determine if a business partner data record can be deleted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Sarferaz, Siar, Wiederspohn, Joerg
Primary Examiner(s)
Vital, Pierre
Assistant Examiner(s)
Sultana, Nargis

Application Number

US13/558,654
Publication Number

US 20140032600A1
Time in Patent Office

1,041 Days
Field of Search

707/781
US Class Current

1/1
CPC Class Codes

G06F 12/14   Protection against unauthor...

G06F 16/00   Information retrieval; Data...

G06F 16/13   File access structures, e.g...

G06F 16/972   Access to data in other rep...

G06Q 10/06   Resources, workflows, human...

G06Q 10/10   Office automation; Time man...

Systems and methods for data privacy and destruction

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for data privacy and destruction

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links