Methods and systems for determining privacy requirements for an informatin resource

US 20080028435A1
Filed: 02/13/2007
Published: 01/31/2008
Est. Priority Date: 05/20/2003
Status: Active Grant

First Claim

Patent Images

1. A method for determining privacy requirements, comprising:

identifying an information resource that uses personal information about an individual;

collecting data about the information resource, including at least one of;

data about privacy aspects of the information resource, data about a privacy notice related to the information resource, data about choice available to the individual, data about the individual'"'"'s access to the personal information, data about redress available to the individual, data about third party access to the information resource, and data about information tools used by the information resource;

analyzing a privacy risk based on the collected data; and

determining a privacy requirement based on the collected data and the privacy risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privacy impact assessment is performed to determine and implement privacy requirements for any information resource that uses personal information. Data may be collected and analyzed regarding the information resource and the personal information, and applicable laws, regulations, and policies may be considered to determine privacy requirements. Such requirements may include, for example, access controls, information retention periods, systems requirements, and risk assessments.

355 Citations

40 Claims

1. A method for determining privacy requirements, comprising:
- identifying an information resource that uses personal information about an individual;
  
  collecting data about the information resource, including at least one of;
  
  data about privacy aspects of the information resource, data about a privacy notice related to the information resource, data about choice available to the individual, data about the individual'"'"'s access to the personal information, data about redress available to the individual, data about third party access to the information resource, and data about information tools used by the information resource;
  
  analyzing a privacy risk based on the collected data; and
  
  determining a privacy requirement based on the collected data and the privacy risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the privacy requirement applies to the personal information used by the information resource.
  - 3. The method of claim 1 wherein the privacy requirement applies to the information resource.
  - 4. The method of claim 1, wherein the personal information includes at least one of a name, an address, a social security number, and an identifying number.
  - 5. The method of claim 1, wherein the information resource collects the personal information.
  - 6. The method of claim 1, wherein the information resource stores the personal information.
  - 7. The method of claim 1, wherein the information resource transmits the personal information.
  - 8. The method of claim 1, wherein the determining further comprises:
    - applying a rule to the collected data.
  - 9. The method of claim 8, wherein the rule is one of a law, a regulation, and a privacy act.

10. A method for determining privacy requirements for an information resource, comprising:
- collecting data about the information resource;
  
  collecting data about information used by the information resource;
  
  identifying a rule based on the data about the information resource and the data about the information used by the information resource; and
  
  applying the rule to determine a privacy requirement for the information resource.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, wherein the rule is one of a law, a regulation, and a privacy policy.
  - 12. The method of claim 10, wherein the privacy requirement relates to controlling access to the information resource.
  - 13. The method of claim 10, wherein the privacy requirement relates to retention of the information used by the information resource.
  - 14. The method of claim 10, wherein the privacy requirement relates to systems requirements of the information resource.
  - 15. The method of claim 10, wherein the privacy requirement relates to a privacy risk associated with the information resource.
  - 16. The method of claim 10, wherein the information resource is one of a website, an application, and a database.
  - 17. The method of claim 10, wherein the information is personal information about an individual.
  - 18. The method of claim 10, wherein the information is identifying information about an individual.
  - 19. The method of claim 10, wherein collecting data about the information resource further comprises:
    - displaying a user interface with at least one question about the information resource to a user; and
      
      receiving the data about the information resource from the user via the displayed user interface.
  - 20. The method of claim 10, wherein collecting data about information used by the information resource further comprises:
    - displaying a user interface with at least one question about the information used by the information resource; and
      
      receiving the data about the information used by the information resource from the user via the displayed user interface.

21. A system for determining privacy requirements, comprising:
- an identifying component configured to identify an information resource that uses personal information about an individual;
  
  a collecting component configured to collect data about the information resource, including at least one of;
  
  data about privacy aspects of the information resource, data about a privacy notice related to the information resource, data about choice available to the individual, data about the individual'"'"'s access to the personal information, data about redress available to the individual, data about third party access to the information resource, and data about information tools used by the information resource;
  
  an analyzing component configured to analyze a privacy risk based on the collected data; and
  
  a determining component configured to determine a privacy requirement based on the collected data and the privacy risk.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The system of claim 21, wherein the privacy requirement applies to the personal information used by the information resource.
  - 23. The system of claim 21, wherein the privacy requirement applies to the information resource.
  - 24. The system of claim 21, wherein the personal information includes at least one of a name, an address, a social security number, and an identifying number.
  - 25. The system of claim 21, wherein the information resource collects the personal information.
  - 26. The system of claim 21, wherein the information resource stores the personal information.
  - 27. The system of claim 21, wherein the information resource transmits the personal information.

28. The system of system 21, wherein the determining component further comprises:
- an applying component configured to apply a rule to the collected data.
- View Dependent Claims (29)
- - 29. The system of claim 28, wherein the rule is one of a law, a regulation, and a privacy act.

30. A system for determining privacy requirements for an information resource, comprising:
- a first collecting component configured to collect data about the information resource;
  
  a second collecting component configured to collect data about information used by the information resource;
  
  an identifying component configured to identify a rule based on the data about the information resource and the data about the information used by the information resource; and
  
  an applying component configured to collect apply the rule to determine a privacy requirement for the information resource.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 31. The system of claim 30, wherein the rule is one of a law, a regulation, and a privacy policy.
  - 32. The system of claim 30, wherein the privacy requirement controls access to the information resource.
  - 33. The system of claim 30, wherein the privacy requirement affects retention of the information used by the information resource.
  - 34. The system of claim 30, wherein the privacy requirement affects systems requirements of the information resource.
  - 35. The system of claim 30, wherein the privacy requirement addresses a privacy risk associated with the information resource.
  - 36. The system of claim 30, wherein the information resource is one of a website, an application, and a database.
  - 37. The system of claim 30, wherein the information comprises personal information about an individual.
  - 38. The system of claim 30, wherein the information comprises identifying information about an individual.
  - 39. The system of claim 30, wherein the first collecting component further includes:
    - a displaying component configured to display a user interface with at least one question about the information resource to a user; and
      
      a receiving component configured to receive the data about the information resource from the user via the displayed user interface.
  - 40. The system of claim 30, wherein second collecting component further includes:
    - a displaying component configured to display a user interface with at least one question about the information used by the information resource; and
      
      a receiving component configured to receive the data about the information used by the information resource from the user via the displayed user interface

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United States Postal Service (Government of the United States of America)
Original Assignee
United States Postal Service (Government of the United States of America)
Inventors
Ryan, Kevin, Brannigan, Christopher, Kendall, Deborah, Iandolo, Raymond, Strickland, Zoe, Stark, Harold

Granted Patent

US 7,966,663 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06Q 10/083 Shipping

G06Q 10/10 Office automation; Time man...

Methods and systems for determining privacy requirements for an informatin resource

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

355 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for determining privacy requirements for an informatin resource

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

355 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links