×

De-identification of data

  • US 9,323,949 B2
  • Filed: 06/21/2012
  • Issued: 04/26/2016
  • Est. Priority Date: 12/14/2010
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method of de-identifying data from a data source for a target application, the method comprising:

  • generating, via a hardware processor, a default rule set including at least one rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules;

    mapping, via a hardware processor, the default rule set to data definitions each generated by a discovery tool and associated with a corresponding sensitive data element identified in the data;

    specifying, via a hardware processor, a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface;

    replacing, via a hardware processor, the default rule set with the runtime rule set to change the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment, and mapping the runtime rule set to the data definitions, whereineach data definition includes a data object comprising metadata, including an indicator of a type of sensitive data from among a plurality of types of sensitive data and information indicating the location of the data element within the data source, for that data element, andeach runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and

    receiving, via a hardware processor, the data and the data definitions, and for each data definition;

    obtaining the runtime rule mapped to that data definition; and

    applying the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identifying the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×