System and Methods for Privacy Management
Abstract
Exemplary privacy management platforms are described herein. Such platforms may be embodied in systems, computer-implemented methods, apparatuses and/or software applications. The described privacy management platform may be configured to scan identity, primary and/or secondary data sources in order to provide users with visibility into stored personal information, risk associated with storing such information and usage activity relating to such information. The platform may correlate personal information to specific data subjects to provide an indexed inventory across multiple data sources.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A computer-implemented method of locating personal information in a plurality of data sources and correlating the personal information to one or more data subjects, the method comprising:
searching, by the computer, a first data source; determining, by the computer, that the first data source contains first personal information, based on one or more personal information rules; correlating, by the computer, the first personal information to a data subject; creating, by the computer, a first personal information record corresponding to the first personal information and the data subject; searching, by the computer, a second data source; determining, by the computer, that the second data source contains second personal information, based on one or more of the personal information rules; correlating, by the computer, the second personal information to the data subject; creating, by the computer, a second personal information record corresponding to the second personal information and the data subject; associating, by the computer, the first personal information record and the second personal information record with a data subject profile corresponding to the data subject; and providing, by the computer, the data subject profile to a user.
2 . A computer-implemented method according to claim 1 , wherein the second personal information is located at a first location within the second data source and the method further comprises:
searching, by the computer, a second location of the second data source for personal information, based on one or more proximity rules; determining, by the computer, that the second location of the second data source comprises third personal information, based on one or more of the personal information rules; correlating, by the computer, the third personal information to the data subject; and associating, by the computer, the third personal information record with the data subject profile.
3 . A computer-implemented method according to claim 2 , wherein the second location is located within a proximity of the first location.
4 . A computer-implemented method according to claim 2 further comprising:
updating, by the computer, one or more of the proximity rules, based on the second personal information record and/or the third personal information record; and
searching, by the computer, at least one of the following, based on one or more of the updated proximity rules: a second location of the first data source, a third location of the second data source.
5 . A computer-implemented method according to claim 1 further comprising:
updating, by the computer, one or more of the personal information rules, based on the first personal information record and/or the second personal information record;
searching, by the computer, a third data source for personal information; and
determining, by the computer, that the third data source contains third personal information, based on one or more of the updated personal information rules.
6 . A computer-implemented method according to claim 1 further comprising:
determining, by the computer, that the second data source comprises third personal information, based on one or more of the personal information rules;
correlating, by the computer, the third personal information finding to a second data subject;
associating, by the computer, the third personal information record with a second data subject profile; and
providing the second data subject profile to a user.
7 . A computer-implemented method according to claim 1 further comprising:
determining, by the computer, that the second data source comprises third personal information, based on one or more of the personal information rules;
creating, by the computer, a personal information finding corresponding to the third personal information;
correlating, by the computer, the third personal information finding to the data subject and/or to a different data subject; and
determining, by the computer, that the personal information finding constitutes a false positive finding,
wherein, based on the determination, a personal information record is not created for the third personal information.
8 . A computer-implemented method according to claim 1 , wherein each of the personal information records comprises metadata associated with the respective, corresponding personal information, the metadata selected from the group consisting of: an attribute type, an attribute value, a data source, a location within the data source and a data subject.
9 . A computer-implemented method according to claim 8 , wherein the each of the attribute types associated with the first personal information record and the second personal information record is selected from the group consisting of: a name, a social security number, a phone number, an address, an email address, a license number, a passport number, a credit card number, a username, a date of birth, personal health information, educational information and combinations thereof.
10 . A computer-implemented method according to claim 8 , wherein:
the first personal information record is associated with a first attribute value; and the second personal information record is associated with a second value that is different than the first attribute value.
11 . A computer-implemented method according to claim 1 , wherein the first data source is an identity data source.
12 . A computer-implemented method according to claim 11 , wherein the second data source is a primary or secondary data source.
13 . A computer-implemented method according to claim 1 , wherein the one or more of the personal information rules are received from a user.
14 . A computer-implemented method according to claim 1 further comprising:
calculating, by the computer, a first risk score for the first personal information record;
calculating, by the computer, a second risk score for the second personal information record;
calculating, by the computer, a data subject risk score for the data subject profile, based on the first risk score and the second risk score; and
associating, by the computer, the data subject risk score with the data subject profile.
15 . A computer-implemented method according to claim 14 further comprising:
calculating, by the computer, a third risk score for the first data source;
calculating, by the computer, a fourth risk score for the second data source;
calculating, by the computer, an aggregate risk score, based on the first, second, third, and fourth risk scores; and
providing the aggregate risk score to the user.
16 . A computer-implemented method according to claim 1 further comprising:
monitoring, by the computer, the second personal information in the second data source;
determining, by the computer, that an activity relating to the second personal information has occurred;
determining, by the computer, that the activity violates one or more compliance rules; and
providing a notification to the user relating to the activity.
17 . A system comprising one or more computers and one or more storage devices storing instructions that when executed by the one or more computers cause the one or more computers to perform operations comprising:
searching a first data source; determining that the first data source contains first personal information, based on one or more personal information rules; correlating the first personal information to a data subject; creating a first personal information record corresponding to the first personal information and the data subject; searching a second data source; determining that the second data source contains second personal information, based on one or more of the personal information rules; correlating the second personal information to the data subject; creating a second personal information record corresponding to the second personal information and the data subject; searching a second location of the second data source for personal information, based on one or more proximity rules; determining that the second location of the second data source comprises third personal information, based on one or more of the personal information rules; correlating the third personal information to the data subject; creating a third personal information record corresponding to the third personal information and the data subject; associating the first personal information record, the second personal information record and the third personal information record with a data subject profile corresponding to the data subject; and providing the data subject profile to a user.
18 . A system according to claim 17 , wherein the one or more operations further comprise:
calculating a first risk score for the first personal information record; calculating a second risk score for the second personal information record; calculating a third risk score for the third personal information record; calculating a fourth risk score for the first data source; calculating a fifth risk score for the second data source; calculating an aggregate risk score, based on the first, second, third, fourth and fifth risk scores; and providing the aggregate risk score to the user.
19 . A system according to claim 17 , wherein the one or more operations further comprise:
monitoring the second personal information in the second data source; determining that an activity relating to the second personal information has occurred; determining that the activity violates one or more compliance rules; and providing a notification to the user relating to the activity.
20 . A system according to claim 19 , wherein the compliance rules are based on one or more of: an attribute type, an attribute location, data subject consent, data subject residency, user access privileges, application type, application location, application privileges, activity type and an activity pattern.Join the waitlist — get patent alerts
Track US2022179993A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.