Using a privacy agreement framework to improve handling of personally identifiable information
    2.
    发明授权
    Using a privacy agreement framework to improve handling of personally identifiable information 失效
    使用隐私协议框架来改善对个人身份信息的处理

    公开(公告)号:US07603317B2

    公开(公告)日:2009-10-13

    申请号:US09884296

    申请日:2001-06-19

    IPC分类号: G06Q99/00

    CPC分类号: G06F21/6245

    摘要: The invention entails identifying the parties involved in a process of handling personally identifiable information; identifying the data involved in said process; classifying the data; expressing each relationship between each pair of said parties in terms of a privacy agreement; and representing the parties, data, and privacy agreements graphically in one or more privacy agreement relationship diagrams. The invention has the advantage of identifying opportunities to reduce privacy-related risks, including identifying unnecessary exchanges of data, for possible elimination, and identifying opportunities to transform data into a less sensitive form. Privacy agreements are based on a limited set of privacy-related actions: access, disclose, release, notify, utilize, update, withdrawConsent, giveConsent, delete, anonymize, depersonalize, and repersonalize. One aspect of the present invention is a method for improving the handling of personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.

    摘要翻译: 本发明需要确定涉及处理个人身份信息的过程中的各方; 识别所述过程中涉及的数据; 数据分类; 根据隐私协议表达每对所述各方之间的每个关系; 并在一个或多个隐私协议关系图中以图形方式表示各方,数据和隐私协议。 本发明具有以下优点:识别减少隐私相关风险的机会,包括识别不必要的数据交换,以便可能消除,以及识别将数据转换成较不敏感的形式的机会。 隐私协议是基于一组有限的隐私相关行为:访问,披露,发布,通知,利用,更新,撤销等等,授权,删除,匿名化,个人化和个人化。 本发明的一个方面是改善个人身份信息处理的方法。 本发明的另一方面是用于执行本发明的方法的系统。 本发明的第三方面是用于执行本发明的方法的计算机可用介质或驻留在计算机系统中的一组指令。