| 发明名称 | Automated privacy enforcement | ||
| 摘要 | A system and method of protecting the privacy of data is presented. The system and method may include receiving data from a data warehouse and determining an access level for each data element received. The access value may be based on the assigned business purpose of the user attempting to access the data. If a user with an assigned business purpose is authorized to access the data then access will be given, if not, access to the data will be denied. In some examples, the requesting user may request to override the security settings in order to obtain access to the data. | ||
| 申请公布号 | US8869295(B2) | 申请公布日期 | 2014.10.21 |
| 申请号 | US200912605691 | 申请日期 | 2009.10.26 |
| 申请人 | Bank of America Corporation | 发明人 | Harvey Ann Charlot Hunaeus;Gerrard Joan L. |
| 分类号 | G06F21/00;H04L29/06;G06Q10/06;G06Q10/10;G06F21/62 | 主分类号 | G06F21/00 |
| 代理机构 | Banner & Witcoff, Ltd. | 代理人 | Banner & Witcoff, Ltd. ;Springs Michael A. |
| 主权项 | 1. A method comprising: identifying, by a computing device having a processor and memory, a first plurality of business purpose activities associated with an entity; assigning, by a computing device having a processor and memory, a second plurality of business purpose activities to each employee of a plurality of employees of the entity, the second plurality of business purpose activities being a subset of the first plurality of business purpose activities; identifying, by the computing device, a plurality of data elements to be protected, the plurality of data elements including data elements internal to the entity and data elements received by the entity from a third party, the plurality of data elements being associated with at least one user of the entity; assigning, by the computing device, a numeric access value to each data element of the plurality of data elements for each identified business purpose activity of the first plurality of business purpose activities, wherein the numeric access value indicates a level of access to the data element of the plurality of data elements to which it is assigned permitted for an employee of the entity acting under the respective business purpose activity; and determining, by the computing device, whether a data element of the plurality of protected data elements associated with the at least one user of the entity is provided by a third-party entity different from the entity,wherein when it is determined that the data element is provided by the third-party entity, the numeric access value is conditioned on a preference of the at least one user of the entity. | ||
| 地址 | Charlotte NC US | ||