US2015310575A1PendingUtilityA1

System and method for controlling communication of private information over a network

48
Assignee: SHELTON ROBERTPriority: Dec 22, 2010Filed: May 4, 2015Published: Oct 29, 2015
Est. expiryDec 22, 2030(~4.4 yrs left)· nominal 20-yr term from priority
H04L 63/10G06Q 10/00G06Q 50/265H04L 63/20G06F 21/6245G06Q 20/102G06F 16/951
48
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method for controlling access to private information over a network is provided including a privacy preference repository accessible by one or more subjects of the private information and by a private access bureau. The privacy preference repository stores privacy preferences configured by the subjects to indicate conditions for disclosure of said private information. A policy repository that stores legal criteria for accessing the private information is also accessible by the private access bureau. The private access bureau is configurable to receive requests from privacy-enabled systems for privacy directives that take into account the privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to the privacy-enabled systems.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for controlling access to private information, comprising:
 a privacy preference repository accessible by one or more subjects of said private information and by a private access bureau, said privacy preference repository storing privacy preferences configured by said subjects to indicate conditions for disclosure of said private information;   a policy repository accessible by said private access bureau, said policy repository storing legal criteria for accessing said private information;   wherein said private access bureau is configured to receive requests from privacy-enabled systems for said privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to said privacy-enabled systems receiving a request for access to said private information.   
     
     
         2 . The system of  claim 1 , wherein said private access bureau is configured to compare said request to said legal criteria and said privacy preferences in response to said request to determine which portions of said private information are authorized for viewing by a requestor in accordance with both said legal criteria and said privacy preferences. 
     
     
         3 . The system of  claim 2 , wherein said private access bureau is configured to send to said privacy-enabled systems, an indication of which portions of said private record are authorized for viewing in response to completing said comparison. 
     
     
         4 . The system of  claim 3 , wherein said policy repository storing institutional policy criteria for accessing said private information. 
     
     
         5 . The system of  claim 4 , wherein said private access bureau further configured to adjudicate conflicts between said privacy preferences, said legal criteria, and said institutional policy criteria. 
     
     
         6 . The system of  claim 3 , further comprising an audit database accessible by said private access bureau and by said one or more subjects, said audit database receiving audit records of information sent by said private access bureau to said privacy-enabled systems. 
     
     
         7 . The system of  claim 1 , wherein said subjects are able update said indicated conditions for disclosure of said private information using a mobile device. 
     
     
         8 . The system of  claim 7 , wherein said updates by said subjects being in response to a specific request for approval initiated by said private access bureau. 
     
     
         9 . The system of  claim 8 , wherein said request for approval by said private access bureau occurring in the event that the private access bureau is unable to successfully adjudicate conflicts between said privacy preferences, said legal criteria, and said institutional policy criteria. 
     
     
         10 . The system of  claim 2 , wherein said requester being a search engine, and the affected view being the search results page to an inquiry initiated by a user of such search engine. 
     
     
         11 . The system of  claim 2 , wherein when said legal criteria are insufficient to permit such comparison and render a determination as to which portions of said private information are authorized for viewing, for reporting this to the appropriate governing body so that it may consider changes or clarifications in the legal criteria to enable such comparison. 
     
     
         12 . The system of  claim 3 , further comprising a transaction database accessible by said private access bureau and by said one or more users of the private access bureau, said transaction database being configured to receive payments by said parties requesting access to said private information in return therefore. 
     
     
         13 . The system of  claim 12 , wherein said private access bureau being configured to disburse proceeds of such payments collected to the parties to whom such payments are obligated. 
     
     
         14 . A computer implemented method for controlling access to private information, comprising:
 receiving, by a computer implemented private access bureau having at least one processor, a request for parameters governing opening a private record from a privacy-assured application;   reading legal criteria related to said private record from a policy repository of said private access bureau by said at least one processor in response to said request;   reading privacy preferences related to said private record from a privacy preference repository of said private access bureau by said at least one processor in response to said request;   comparing said request to said legal criteria and said privacy preferences by said at least one processor in response to said request to determine which portions of said private record are authorized for viewing by a requestor in accordance with both said legal criteria and said privacy preferences; and   sending, by said private access bureau to said privacy-enabled application, an indication of which portions of said private record are authorized for viewing in response to completing said comparison.   
     
     
         15 . A computer implemented method of effecting a privacy policy for a website or online service, comprising:
 establishing a baseline policy respecting the collection, access, use, and sharing of data received from said website or online service users;   promising in said privacy policy that if a user of said website or online service establishes a privacy preference in a private access bureau that deviates from said baseline policy, that said website or online service will abide by said preference unless expressly prohibited from doing so by controlling law; and   configuring said website or online service to query said private access bureau and if said user has a privacy preference, taking into account said privacy preference in carrying out said website or online service's practices with respect to collecting, accessing, using or sharing data received from said user.   
     
     
         16 . The method of  claim 15 , further comprising:
 said baseline policy being to utilize any data received from said website or online service user to the maximum extent permissible under then current applicable law.   
     
     
         17 . The method of  claim 15 , further comprising:
 assessing a usage fee in an instance when one or more of the privacy preference options set by said user is more restrictive than said website or online service's right to access, use or share said user's data than the baseline policy under then current applicable law.   
     
     
         18 . The method of  claim 17 , further comprising:
 providing for a payment to said user in an instance when one or more of the privacy preference options set by said user is less restrictive than said website on said website or online service's right to access, use or share said user's data than the otherwise baseline policy under then current applicable law.   
     
     
         19 . A computer-implemented method in which crowd-sourcing is used to establish privacy policies for purposes of a private access bureau comprising:
 establishing a private network comprised of subject matter experts;   identifying access right use cases involving the sharing of private data   identifying critical topics for discussion by said subject matter experts, said critical topics involving the application of jurisdictional rules to said access right use cases; and   identifying asymptotic areas where said crowd-sourcing indicates unanimity as to the appropriate rules embodying the access right use cases, and entering these into the private access bureau.   
     
     
         20 . The method of  claim 19 , further comprising:
 identifying areas where unanimity does not occur and identifying potential changes in laws, policies and regulations that would result in unanimity; and   recommending said changes to the appropriate rules-making authority.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.