US2007283171A1PendingUtilityA1

System and method for managing data privacy

56
Assignee: JPMORGAN CHASE BANK NAPriority: Sep 17, 2002Filed: Jun 14, 2007Published: Dec 6, 2007
Est. expirySep 17, 2022(expired)· nominal 20-yr term from priority
G06Q 10/10
56
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for assessing the risk associated with the protection of data privacy by software application. A decision engine is provided to assess monitor and manage key issues around the risk management of data privacy. The system creates a core repository that manages, monitors and measures the data privacy assessments of applications across an institution (e.g., a corporation). The system and method employs automated questionnaires that require responses from the user (preferably the manager responsible for the application). The responses are tracked in order to evaluate the progress of the assessment and the status of the applications with respect to compliance with the enterprise's data privacy policies and procedures as well as the regulations and laws of the jurisdictions in which the application is operated. Once a questionnaire has been completed, the application is given ratings both with respect to the data privacy impact of the application and the application's compliance with the data privacy requirements. If a risk exists, a plan for reducing the risk or bringing the application into compliance can be formulated, and progress towards compliance can be tracked. Alternatively, an identified exposure to risk can be acknowledged through the system, which requires sign off by various higher level managers and administrators.

Claims

exact text as granted — not AI-modified
1 - 31 . (canceled)  
   
   
       32 . A computer implemented method for managing protection of data privacy, the method comprising the steps of: 
 maintaining a repository for managing data privacy assessments for an entity;    presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies;    tracking responses associated with each automated questionnaire in the repository;    evaluating compliance with the one or more policies based on the responses;    assigning a rating of exposure to risk associated with the compliance; and    determining an action based on the rating of exposure.    
   
   
       33 . The method of  claim 32 , wherein the one or more policies comprise one or more privacy regulations.  
   
   
       34 . The method of  claim 33 , wherein the one or more privacy regulations comprise one or more Federal regulations.  
   
   
       35 . The method of  claim 34 , wherein the Federal regulations comprise Health Insurance Portability and Accountability Act (HIPAA).  
   
   
       36 . The method of  claim 32 , wherein the one or more policies are specific to a jurisdiction associated with the entity.  
   
   
       37 . The method of  claim 32 , wherein the rating represents a degree of compliance with the one or more policies.  
   
   
       38 . The method of  claim 32 , wherein the one or more users are associated with one or more groups within the entity and wherein the one or more questionnaires are specific to each group.  
   
   
       39 . The method of  claim 32 , wherein the step of determining an action comprises formulating a plan for reducing the risk.  
   
   
       40 . The method of  claim 32 , wherein the step of determining an action comprises formulating a plan for compliance.  
   
   
       41 . The method of  claim 32 , wherein the step of determining an action comprises disclaiming the risk.  
   
   
       42 . The method of  claim 32 , further comprising the step of: 
 forwarding the rating of exposure to one or more designated users for evaluating the exposure of risk relative to other groups within the entity.    
   
   
       43 . The method of  claim 32 , further comprising the step of: 
 generating one or more reports that provide compliance status.    
   
   
       44 . The method of  claim 32 , further comprising the step of: 
 searching the repository for identifying one or more of risk and compliance information.    
   
   
       45 . A computer implemented system for managing protection of data privacy, the system comprising: 
 a repository for managing data privacy assessments for an entity; and    a decision engine for presenting one or more automated questionnaires to one or more users within the entity, wherein the automated questionnaires are directed to one or more policies; tracking responses associated with each automated questionnaire; evaluating compliance with the one or more policies based on the responses; assigning a rating of exposure to risk associated with the compliance; and determining an action based on the rating of exposure.    
   
   
       46 . The system of  claim 45 , wherein the one or more policies comprise one or more privacy regulations based on Federal regulations.  
   
   
       47 . The system of  claim 46 , wherein the Federal regulations comprise Health Insurance Portability and Accountability Act (HIPAA).  
   
   
       48 . The system of  claim 45 , wherein the rating represents a degree of compliance with the one or more policies.  
   
   
       49 . The system of  claim 45 , wherein the one or more users are associated with one or more groups within the entity and wherein the one or more questionnaires are specific to each group.  
   
   
       50 . The system of  claim 45 , wherein determining an action comprises one or more of formulating a plan for reducing the risk; formulating a plan for compliance and disclaiming the risk.  
   
   
       51 . A method for an enterprise to manage privacy of information, the method comprising: 
 identifying application information that describes at least one software application used by the enterprise;    storing the application information in a database;    identifying types of information that are contained in or used by the application;    storing the types of information in the database;    determining jurisdiction information that describes the jurisdictions in which the application operates;    storing the jurisdiction information in the database;    identifying the procedures used to protect the privacy of the types of information;    storing procedural information related to the procedures in the database;    automatically determining a compliance rating associated with the application;    storing the compliance rating in the database;    providing status data from the database, wherein the status data comprises at least the compliance rating.    
   
   
       52 . The method of  claim 51 , wherein the step of automatically determining the compliance rating associated with the application is in response to one or more regulations.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.