Methods and systems for determining privacy requirements for an informatin resource
First Claim
Patent Images
1. A method for determining privacy requirements, comprising:
- identifying an information resource that uses personal information about an individual;
collecting data about the information resource, including at least one of;
data about privacy aspects of the information resource, data about a privacy notice related to the information resource, data about choice available to the individual, data about the individual'"'"'s access to the personal information, data about redress available to the individual, data about third party access to the information resource, and data about information tools used by the information resource;
analyzing a privacy risk based on the collected data; and
determining a privacy requirement based on the collected data and the privacy risk.
1 Assignment
0 Petitions
Accused Products
Abstract
A privacy impact assessment is performed to determine and implement privacy requirements for any information resource that uses personal information. Data may be collected and analyzed regarding the information resource and the personal information, and applicable laws, regulations, and policies may be considered to determine privacy requirements. Such requirements may include, for example, access controls, information retention periods, systems requirements, and risk assessments.
355 Citations
40 Claims
-
1. A method for determining privacy requirements, comprising:
-
identifying an information resource that uses personal information about an individual;
collecting data about the information resource, including at least one of;
data about privacy aspects of the information resource, data about a privacy notice related to the information resource, data about choice available to the individual, data about the individual'"'"'s access to the personal information, data about redress available to the individual, data about third party access to the information resource, and data about information tools used by the information resource;
analyzing a privacy risk based on the collected data; and
determining a privacy requirement based on the collected data and the privacy risk. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for determining privacy requirements for an information resource, comprising:
-
collecting data about the information resource;
collecting data about information used by the information resource;
identifying a rule based on the data about the information resource and the data about the information used by the information resource; and
applying the rule to determine a privacy requirement for the information resource. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for determining privacy requirements, comprising:
-
an identifying component configured to identify an information resource that uses personal information about an individual;
a collecting component configured to collect data about the information resource, including at least one of;
data about privacy aspects of the information resource, data about a privacy notice related to the information resource, data about choice available to the individual, data about the individual'"'"'s access to the personal information, data about redress available to the individual, data about third party access to the information resource, and data about information tools used by the information resource;
an analyzing component configured to analyze a privacy risk based on the collected data; and
a determining component configured to determine a privacy requirement based on the collected data and the privacy risk. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. The system of system 21, wherein the determining component further comprises:
an applying component configured to apply a rule to the collected data. - View Dependent Claims (29)
-
30. A system for determining privacy requirements for an information resource, comprising:
-
a first collecting component configured to collect data about the information resource;
a second collecting component configured to collect data about information used by the information resource;
an identifying component configured to identify a rule based on the data about the information resource and the data about the information used by the information resource; and
an applying component configured to collect apply the rule to determine a privacy requirement for the information resource. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification