System, method, and business methods for enforcing privacy preferences on personal-data exchanges across a network

Assignee

• International Business Machines Corporation · US

Inventors

• Kathryn Ann Bohrer · Austin, US
• Catherine Anne Chess · Ossining, US
• Robert Hoch · Wilton, US
• John Karat · Greenwich, US
• Dogan Kesdogan · White Plains, US
• Xuan Liu · Yorktown Heights, US
• Edith Schonberg · Kingston, US
• Moninder Singh · Farmington, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06Q20/383
• WIPO fieldIT methods for management
• WIPO sectorElectrical engineering

Abstract

An exemplary embodiment of the present invention includes a method to enforce privacy preferences on exchanges of personal data of a data-subject. The method comprises the steps of: specifying data-subject authorization rule sets having subject constraints, receiving a request message from a requester and a requester privacy statement, comparing the requester privacy statement to the subject constraints, and releasing the data-subject data in a response message to the requester only if the subject constraints are satisfied. The requester privacy statement includes purpose, retention, recipient, and access information, wherein the purpose information specifies the purpose for which the requested data is acquired, the retention information specifies a retention policy for the requested data, the recipient information specifies the recipients of the requested data, and the access information specifies whether the requested data should be accessing to the data-subject after the data has been released.