US9202085B2 - Private information storage system - Google Patents

Private information storage system Download PDF

Info

Publication number
US9202085B2
US9202085B2 US13/302,561 US201113302561A US9202085B2 US 9202085 B2 US9202085 B2 US 9202085B2 US 201113302561 A US201113302561 A US 201113302561A US 9202085 B2 US9202085 B2 US 9202085B2
Authority
US
United States
Prior art keywords
data
identifiers
data items
records
deviation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/302,561
Other versions
US20120131075A1 (en
Inventor
Gary Mawdsley
Steven Meyfroidt
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anzen Technology Systems Ltd
Original Assignee
KUBE PARTNERS Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by KUBE PARTNERS Ltd filed Critical KUBE PARTNERS Ltd
Priority to US13/302,561 priority Critical patent/US9202085B2/en
Assigned to KUBE PARTNERS LIMITED reassignment KUBE PARTNERS LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MAWDSLEY, GARY, MR., MEYFROIDT, STEVEN, MR.
Publication of US20120131075A1 publication Critical patent/US20120131075A1/en
Application granted granted Critical
Publication of US9202085B2 publication Critical patent/US9202085B2/en
Assigned to ANZEN DATA LIMITED reassignment ANZEN DATA LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KUBE PARTNERS LIMITED
Assigned to ANZEN TECHNOLOGY SYSTEMS LIMITED reassignment ANZEN TECHNOLOGY SYSTEMS LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ANZEN DATA LIMITED
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden

Definitions

  • This invention relates to a scheme for storage of private information on a cloud computing platform without contravention of territorial privacy laws.
  • cloud storage and processing providers typically may distribute or migrate content across multiple geographic sites as a form or redundancy or to assist with load balancing. Even if one were to upload personal content to a cloud in the local territory backups may be made to other clouds throughout the world.
  • cloud based systems for storage and processing is however advantageous due the ability to scale as storage and processing demands increase.
  • a method of anonymising a database of personal data comprising a plurality of data records, each data record comprising a plurality of data items
  • the method comprising; for a subset of data items in said data records, determining a deviation of each of said data items in said data records relative to reference data items in a reference record, and assigning deviation identifiers to each of said determined deviations in said data records to anonymise said data items in said subset of said data items in said data records; generating a translation table mapping said data items in said subset to said deviation identifiers; storing said translation table; and storing said deviation identifiers defining said anonymised data items for said data records remotely to said translation table.
  • the method further comprises assigning data identifiers to a second subset of said data items in said data records to anonymise said data items in said second set of said data items in said data records; wherein said generating a translation table further comprises mapping said data items in said second subset to said data identifiers; and further comprising storing said data identifiers remotely to said translation table.
  • the data identifiers may refer to personal details such as name, contact details and address for example—i.e. alphanumeric data, although it may not be necessary to store data identifiers—instead only deviation identifiers may need to be stored.
  • the deviation identifiers used to identify data that is recorded as deviations to reference data items in a reference record, typically refer to numerical data such as financial data. Such deviations may provide useful information for statistical and characterising purposes without revealing any association or reference to the actual values or personal data that such numerical information is linked to.
  • Each of the subsets of data may comprise of one or more data items.
  • the identifiers and the translation table are stored independent to one another, preferably on different computing machines to ensure the translation table is held and stored securely and only available to authorised persons.
  • the result is that the data is both obfuscated and divided—data allowing an association between the identifiers and the personal information is still held within the local territory to comply with mandated privacy laws, but the identifiers can be stored anywhere. In privacy terms, this is the first privacy enhancing technology (PET) layer.
  • PET privacy enhancing technology
  • the identifiers contain obfuscated information meaning that even if someone were to obtain the identifier information, no personal information could be determined.
  • This approach differs to encryption techniques such as public key encryption because information is divided and links to personal information are only obtainable by also having the translation table available.
  • the translation table may typically be orders of magnitude smaller in size to the identifiers storing the main body of data. This reduces the local storage requirements allowing the mass storage to be pushed out to a cloud computing platform for example without contravening national data protection laws.
  • the method further comprises generating the reference record.
  • the reference record used to enable determination of deviations to data items in the data records may be generated by deriving one or more reference data items defining a characteristic profile of data items in records already stored in the database and thus may be updated and modified over time (consequently the deviations and identifiers will also then need re-computing).
  • the reference records may be determined by analysing of one or more of the data records already stored in the database, alternatively it may be from alternative data gathered independent to the database of data records such as from market analysis, trends or general statistical information related to the nature of the content stored within the database.
  • Each reference record effectively defines the different ‘pools’ into which each of the data records are classified, the deviations for each record determined relative to reference data items in the reference record for that particular pool. Furthermore, as more records are added to the database, the characteristic profile(s) may be dynamically updated dependent on the new records.
  • reference data identifiers are assigned to the reference data items in the reference record. These reference data identifiers may then also be stored, preferably remotely to the translation table.
  • the translation table then further stores a mapping of the reference data items to the reference data identifiers so that a during decoding of the anonymised database the content of the reference data record may be determined.
  • the reference data identifiers are stored with the data identifiers and deviation identifiers which are also stored remotely to the translation table. This then allows all the identifiers to be retrieved together from the same location, which may be for example from remote storage within a cloud computing environment.
  • To determine the deviations it may then be necessary to select a reference record by which to derive this deviation. This may be done by generating a deviation for one or more of the data items against each reference record and then comparing the similarity of the record to the referenced records to select the deviation to store one may then compare the similarity of records and then select the closest matching reference record.
  • the marker could be to a particular data item in a reference record or may be more generally related to a particular reference record.
  • the translation table is stored on a client machine and the data identifiers (if present) and the deviation identifiers are stored on a remote data server.
  • the remote data server for example may be stored on a remote cloud computing platform.
  • the data identifiers and deviation identifiers contain anonymised information no personal information can be extracted from this data thereby allowing storage of such information anywhere within the world to maintain compliance with territorial privacy laws.
  • the translation table may be stored on computing machines located only within permitted territories thereby ensuring full compliance with local laws. It will be appreciated however that data may still be anonymised according to the methods herein described even if the identifiers are not pushed out to a remote clouding computing platform.
  • the one or more of the translation table, data identifiers (if present) and deviation identifiers may be encrypted (such as with asymmetric public key encryption for example). More preferably the method further comprises applying one or more further layers of encryption, in particular wherein one of said one or more further layers of encryption is a proprietary format such that further layers of protection (further PET layers) are added to the data stored either locally or remotely on the cloud. This adds further layers of security to the information.
  • the process of obfuscation and dividing described herein differs to encryption techniques such as public key encryption because even if the identifiers stored within the cloud were accessed by an unauthorised person the data contains no information to link it back to personal information (which is held elsewhere in the translation tables). Furthermore, even if multiple PET encryption layers were applied to the identifiers, circumvention of such encryption would still only lead to availability of the obfuscated identifiers thus maintaining at least the first PET layer. Depending on the nature of the encryption methodology, it may be possible to analyse trends in the data, although it will be appreciated that in some circumstances the company storing such information may not wish to perform such analysis and thereby encrypt different elements of the personal data to prevent such analysis.
  • One or more of the PET layers may be a proprietary format, i.e. a unique form of encryption applied by the organisation holding the content.
  • the data items in the data records are arranged into fields.
  • the process of determining a deviation comprises determining a deviation of each of the data items relative to a data item in a corresponding field in the reference record. For example if a particular numerical field refers to pension financial information the deviation could be compared to similar pension information details in the reference record.
  • the first subset of data comprises data defining personal data and the second subset of data comprises financial data linked to the personal data although it will be appreciated that other forms of data may be stored and the invention is not limited to the storage of financial data only.
  • Information stored may include names, addresses, ages, contact details, and financial information include shares and investments, pensions and bank account details. It will be appreciated that further content may also be stored and these are examples only of such content.
  • the reference record comprises a common financial profile comprising pre-characterised financial data.
  • the reference record and the data record all typically refer to financial information, including details such as pension information, investments, bank account details and the like.
  • the reference record may be structured in a similar way to the data records for customers to provide a direct mapping for determining deviation of numerical data or alternative may take on a different structure.
  • a method of decoding a database of personal data anonymised according to the method of the first aspect of the invention, the database comprising a plurality of data records, each data record comprising a plurality of data items, the method comprising; retrieving deviation identifiers for a subset of said data items in remote data record from remote storage, wherein said deviation identifiers define anonymised deviations for each of said data items in said data records relative to reference data items in a reference record; retrieving a translation table from storage, wherein said storage is distinct to said deviation identifiers, and wherein said translation table defines a mapping of said data items in said subset with said deviation identifiers; processing said deviation identifiers using said reference record and said translation table to decode said database of personal data; wherein said processing comprises performing a reverse mapping of said deviation identifiers to deviations of each of said data items in said subset of data items and, using said reference record and said deviations, determining said data items in said subset of data items
  • the method further comprises: retrieving data identifiers for a second subset of said data items in said remote data record from said remote storage (distinct, i.e. separate to the storage of the translation table which may be stored locally to comply with national data protection laws), said data identifiers defining anonymised data items in said remote data record; wherein said translation table further defines a mapping of said data items in said second subset with said data identifiers; wherein said storage of said translation table is distinct to said data identifiers; wherein said processing further comprises processing said data identifiers and said translation table to decode said database of personal data; and wherein said processing further comprises performing a reverse mapping of said data identifiers to said data items in said second subset of data items.
  • the translation table further maps the reference data items to the reference data identifiers. This requires retrieving reference data items from remote storage (which may be the same remote storage as the data identifiers (if present) and deviation identifiers). These are then be processed using the translation table (typically stored locally) to perform a reverse mapping of the reference data identifiers to the reference data items for the reference record. By having the reference record (or multiple reference records) then decoded this information can be used in conjunction with the deviations in the subsets of data items to determine the original numerical values of those particular pieces of information.
  • Portable devices such as laptops
  • tablet style devices are particularly suited to use as a tool for decoding the obfuscated data to reassemble the original data set.
  • the translation table may typically be orders of magnitude smaller than the identifiers, even devices with only a nominal amount of storage (for example limited flash storage) such as tablet style devices will have sufficient storage capacity to keep the translation table stored locally.
  • the process of decoding and reassembly of data may be performed through provision of a web-based application for example, hosted either locally or remotely.
  • the processing further comprises selecting one of the plurality of reference records before using the deviation information to determine the original values.
  • one of the data items in the data record comprises a marker defining the reference record which is used to determine the anonymised deviation. This then enables the relevant reference record to be determined in order to use the particular deviation to decode and derive the original value.
  • the selecting process therefore comprises reading a particular marker to determine which reference record to use.
  • the process of selecting comprises determining a difference between the deviations in at least one of the data items in the subset and at least one of the reference data items in the plurality of reference records. The relevant reference record to use is then selected dependent on the difference between the deviations (typically the minimum deviation will be selected to determine the relevant reference record).
  • the translation table is stored on a client machine used in the territory in which legal compliance with personal data storage must be maintained.
  • the data identifiers (if present) and the deviation identifiers may also be stored on a remote data server which may be located within a remote cloud computing platform which may be anywhere in the world. Given that the identifiers contain no personal information (they provide only identifiers requiring the locally stored translation table to ascertain the stored information), there are fewer restrictions on where this information can be stored, i.e. cloud based storage is now possible.
  • the translation table may be stored remotely to the remote data server and downloaded onto the client machine.
  • the translation table may be stored on a server for a company within the territories allowed to store personal information and downloaded for example over a secure internet connection to the client computer when an adviser wishes to access such information.
  • the data identifiers (if present), deviation identifiers and or translation table may have previously have been encrypted, therefore processing further requires decrypting this information in order to decode the database of personal data.
  • the invention further provides a client computer machine configured to implement the methods as described in the first and second aspects of the invention. It will be appreciated that these may be one and the same computing machine or may be independent computing machines.
  • a database management system for decoding a subset of data items in data records from a distributed database, the distributed database comprising: a plurality of deviation identifiers storing anonymised references to deviations in a subset of data items in data records, wherein the deviations define deviations of the subset of data item to a reference data item in a reference record; the database management system comprising: a data dictionary comprising a translation table storing mappings from the subset of data items to the deviation identifiers; a transaction engine to retrieve one or more of the plurality of deviation identifiers from remote storage, to retrieve the translation table, and to retrieve the reference record; a query engine to process the deviation identifiers using the reference record and the translation table to decode the distributed database and reconstitute the subset of data items in the data records, wherein the decoding comprises performing a reverse mapping of the deviation identifiers to deviations of each of the data items in the subset of data items and, using the reference record and the
  • the database management system allows conventional database interactions to interface to the distributed storage system, performing the database queries and accessing the cloud storage.
  • DBMS database management system
  • the original data in its original decoded form can be determined.
  • a data marshaller to generate the reference record.
  • the generating comprises determining one or more reference data items defining a characteristic profile of data suitable for storing in the database and thus allows the deviations to be derived.
  • the characteristic profile is determined from data items stored in the distributed database, i.e. from existing data by performing an analysis to characterise and identify profiles.
  • profile information may be determined from other sources and added to the system for use as an additional characteristic profile. This may be useful in situations whereby a particular characteristic profile is of interest to the particular system owner.
  • the data marshaller is further operable to update the deviation identifiers in the distributed database and the data dictionary responsive to the generating of the reference record so that the new reference record/profile is fully integrated and used within the database.
  • the data marshaller manages the structure of the underlying cloud storage facility and enables the reference records to be generated, updated and additional reference records added as and when new profiles are identified and incorporated into the system allowing the remote storage to be updated and adjusted according to newly identifier characteristic trends and profiles in data.
  • one or more of the translation table and the deviation identifiers are encrypted to provide additional layers of privacy enhancing technology (PET)/security to the system. For example, one could want to restrict access to the translation table to prevent unauthorised access to this information.
  • the database management system preferably further comprises an authorisation engine to decrypt the one or more of the translation table and the deviation identifiers according to the encryption layers
  • the invention further provides processor control code to implement the above-described methods, for example on a general purpose computer system or on a digital signal processor (DSP).
  • the code may be provided on a carrier such as a disk, CD- or DVD-ROM, programmed memory such as read-only memory (Firmware), or on a data carrier such as an optical or electrical signal carrier.
  • Code (and/or data) to implement embodiments of the invention may comprise source, object or executable code in a conventional programming language (interpreted or compiled) such as C, or assembly code. As the skilled person will appreciate such code and/or data may be distributed between a plurality of coupled components in communication with one another.
  • FIG. 1 shows the process of deriving the anonymised data
  • FIG. 2 shows the process of determining deviations in data items
  • FIG. 3 shows the typical system implementing embodiments of the invention.
  • FIG. 4 shows an example of the database management system (DBMS).
  • DBMS database management system
  • the scheme addresses the fundamental issues of storage of data and the legal mechanics of data separation, dispersal, and subsequent reassembly of the data into a meaningful view to an authorised person.
  • the process operates as a pseudonymising or obfuscation tool, by substituting elements of personal data and turning each of those elements into an identifier, which we call a Unique Identifier (UID).
  • UID derives from a basic identifying data element, such as first name, surname, postcode or from financial data such as salary, expenditure, type of investment or value. Further, the UIDs created from the financial data falls into two categories: deviations and non-deviations. Each UID is made up of a multi-layered numerical code.
  • the process of turning data into initial UIDs is given the name: “domainizing” and results in a sequence of UIDs and a residue.
  • the residue provides a translation table that maps/translates the UIDs to the underlying data, including names, address and financial data. Without this residue/translation data it is not possible to unveil the true identities and financial information within the personal data.
  • each layer is known as a PET layer—privacy enhancing technology layer.
  • the initial translation to UIDs via domainizing is the first layer of PET.
  • the method and system incorporate additional security features and precautions such as multiple levels of non-conventional encryption techniques applied to such coded data prior to transmission both to and from the cloud.
  • the cloud provider will host data in the form of UID sequence derived from both the demographic data from client financial deviation data.
  • the coded UID data can only be reconstituted through the application in the hands of the authorised users with access to the residue within the translation table.
  • the residual data is not stored in the Cloud, but instead within an organisation under the same controls for personal data as exists today.
  • the system provides a mechanism where personal data can be stored in the cloud without territorial restriction in terms of privacy and compliance.
  • privacy laws regulate the geographical locality of personal information storage.
  • Personal UK financial data under this scheme can be stored legally in the Cloud.
  • information may also be stored in the Cloud.
  • Cloud storage is not possible with standard encryption practices as the data is still stored, albeit in encrypted form potentially in non-permitted jurisdictions. Should any unauthorised person obtain access to the encrypted data, circumvention of the password, or password ‘cracking’ could allow them access to the data and the personal information.
  • data storage in the cloud does not negate from the true meaning of the content—statistical analysis can still be performed on the content without any linkage or reference back to the personal information stored within the residue/translation table.
  • the scheme works by ‘domainizing’ (splitting into groups) the personal data and additionally by fitting the financial element of a client's data to a pre-determined/characteristic profile, and recording the deviations from this characteristic profile.
  • Multiple characteristic profiles may also be used as will be described later.
  • the first group contains the UIDs assigned to personal data (herein referred to as data identifiers), plus UID's assigned to each element of the deviation of a client's financial information (herein referred to as deviation identifiers) from that of the closest matching reference profile.
  • data identifiers the UIDs assigned to personal data
  • deviation identifiers the UIDs assigned to each element of the deviation of a client's financial information
  • the use of reference records allows data to dynamically normalizes itself around specific data content. This is akin to hiding data in a tightly packed cohort of peers.
  • the second group contains a table of string values and related UID's: a dictionary (or residue) providing the translation table.
  • the existing group of UIDs data will have the ability to adjust its structure accordingly. The effect is to further compress the cohorts of data, reducing storage volume, data mining dimensions, and more importantly allowing more essence to be extracted from the group of UID sequences (“water vapour”) and deposited into the translation table (“stock cube”).
  • the group of UID sequences providing identifiers (“water vapour” group of data) will be placed in the Cloud and consequently may reside anywhere in the world. This has the commercial advantage that data storage can scale infinitely and quickly, and cloud compute clusters can be leveraged to crunch data.
  • the translation table (“stock cube” group of data) will be kept within an organisation or on specific devices authorised by the organisation. The devices will be only used inside of the appropriate geographic territory by an authorised person. As the translation table may typically be orders of magnitude smaller in size to the data identifiers storing the main body of data local storage and computer power is reduced, with the increased storage demands pushed out to remote cloud computing platforms. This means that the data that forms the translation table stays within the physical protection of the organisation or on machines that reside within a guaranteed territory with sufficient security to guarantee they are used only by authorised personnel (i.e. reflecting today's privacy laws). Authorised persons may use devices such as desktop computers, corporate servers, tablet style computing devices or even smartphones and the like to store or access the data.
  • the group of UID sequences providing identifiers (“water vapour” group of data) is combined with the translation table (“stock cube” group of data) on the device residing in the specified territory by an authorised and regulated person.
  • Data will be first entered by an authorised and regulated person; software on the device will split out the data into the identifiers and translation table. The identifiers are pushed to the Cloud and any addition to the translation table is merged with the existing translation table data on the device.
  • the scheme is defined to place the human data controller in electronic control of the load process such that her interaction with the device initiates the domainization of the data and it's dispersal to the Cloud.
  • the scheme allows for the translation table group of data to be stored centrally within the standard computing environment of the organisation by allowing data from multiple devices to be synchronised and merged centrally. This means as a domain expands on one device it will subsequently become available to all devices.
  • Data in both the UID group and translation table group may have unlimited layers of privacy enhancing technology (PET) applied to them.
  • Data in the first group (in its raw form) is a base series of UIDs, plus UID encoding of deviations from a common financial profile (herein referred to as deviation identifiers).
  • Additive PETs provide the mechanism by which further obfuscation and encryption can take place on the UID data.
  • PET for example may be common day encryption techniques: others may be more esoteric like modern day equivalents of the Enigma machine, with many more wheels, extended character sets, and plug boards.
  • the approach of obfuscation and division of data herein described allows for an organisation to apply other forms of PET such as standardised forms of encryption such as public key encryption or their own proprietary standards. This is useful as it provides additional levels of protection against unwanted and illegal attempts to access the data and understand its meaning
  • Table 1 shows a typical subset of tables of customer data—the data that is to be anonymised. Three clients are shown: client # 1 , client # 2 and client # 3 .
  • PROFILE PERTURBATION (numbers clipped and represent order of magnitude) (quantity normalization) 100s 10s 1000s household family client names (first, no of 1000s spouse monthly income middle, surname) Will? children income income expenditure protection client #1 homer Will ⁇ 1 ⁇ 5 5 0 0 matched to stephen ‘young simpleton subsistence income’ client #1 homer Will 0 0 0 ⁇ 25 7.54 matched to stephen ‘young simpleton subsistence income’ client #2 donald None 0 5 ⁇ 3 1 0 matched to drake ‘young subsistence income’ client #2 donald None 0 0 0 75 ⁇ 4.85 matched to drake ‘young subsistence income’ client #3 mark None 0 2 0 0 0 matched to smithers ‘lifestyle content’ client #3 mark None 1 320 0 ⁇ 50 0 matched to smithers ‘lifestyle content’ PROFILE PERTURBATION (numbers clipped and represent order of magnitude) (quantity normalization) 100
  • PROFILE PERTURBATION (with string domainization) client #1 817413026 234164724 930071094 792441855 983704673 422457101 422457101 matched to 757739110 ‘young 232754115 subsistence income’ client #1 0 0 0 ⁇ 25 7.54 matched to ‘young subsistence income’ client #2 245060467 679055516 422457101 983704673 646002909 22658639 422457101 matched to 757739110 ‘young 168182192 subsistence income’ client #2 0 0 0 75 ⁇ 4.85 matched to ‘young subsistence income’ client #3 13540256 679055516 422457101 827516500 422457101 422457101 422457101 matched to 690500610 ‘lifestyle content’ client #3 1 320 0 ⁇ 50 0 matched to ‘lifestyle content’ PROFILE PERTURBATION (with string domainization) client
  • TABLE-6 (STORED DOMAIN LOCALLY) TABLE homer 817413026 stephen 757739110 simpleton 232754115 donald 245060467 drake 168182192 Will 234164724 None 679055516 mark 13540256 smithers 690500610 ⁇ 1 930071094 ⁇ 5 792441855 5 983704673 0 422457101 ⁇ 7 938631754 1 22658639 ⁇ 3 646002909 3 91145402 20 599634554 2 827516500 ⁇ 20 963841943 40 933100774 85 324423887 ⁇ 120 752154942
  • Table 2 above shows a set of characteristic profiles, each providing a reference record.
  • Example characteristic profiles include: ‘a young family subsistence’, “lifestyle content’ and ‘young/old buy to let investors’.
  • ‘a young family subsistence’ “lifestyle content’
  • ‘young/old buy to let investors’ ‘young/old buy to let investors’.
  • multiple entries are stored and each relate to a particular property owned by the buy to let investor.
  • the ideal for the pool such as ‘young family subsistence’ or ‘lifestyle content’ (each being stored as a reference record for example). All real members (client # 1 , # 2 etc) are measured by their perturbations from the prototype. The pool number and perturbations for each client may be recorded for subsequent decoding of the data. Before storage the pool and perturbation information are domainized as described above, i.e. turned into two groups of data identifiers and translation tables as shown in Tables 3 to 6 above.
  • FIG. 2 shows an embodiment of how deviations are determined relative to the profile/reference record.
  • Numerical data items pertaining to financial information are each compared to reference values in the reference record (for example data item 3 with reference data item 3 ), the deviation determined and then output.
  • the deviation is then assigned a deviation identifier and stored within the cloud along with the identifiers for any non deviation data (for example for names, addresses).
  • the deviation of data fields to the most relevant reference record is determined.
  • the most relevant (closest matching for example) reference record for client # 1 and client # 2 in FIG. 3 is the ‘young family subsistence’ profile and thus deviations for each numerical value are determined relative to this profile/reference record.
  • client # 1 has an income of £5000 and the ‘young family subsistence’ profile defines a reference income of £40000.
  • the resulting profile perturbation calculated is ⁇ £5000.
  • the first row represents values of the data in orders of magnitude and the second the excess or remainder having determined the orders of magnitude.
  • client #3 has an income of £2320 from table 1, which converts to a deviation from the ‘lifestyle content’ profile of £320.
  • the magnitude value determined is 2 (from £2000), providing an excess of £20.
  • Tables 5 and 6 show the data finally stored after the processing is complete.
  • the essence of the data (the domain) is stored securely by the organisation and made available to data controllers.
  • This is the translation table (“stock cube” set of data) effectively providing a dictionary.
  • Table 5 shows an example of derived UIDs (data identifiers) stored in cloud storage. This data is now anonymised and this is capable of being remotely stored whilst being in compliance with many different territorial data protection laws.
  • Table 6 shows an example of the translation table (domain table) stored locally that allows the decoding to take place. In this example each alphanumeric data item is assigned a unique ID, and numerical values are also assigned a unique ID. The result is that the data is partitioned so that the bulk of the data is can be stored remotely and only the table that allows the true personal and financial data to be derived needs to be stored in the local jurisdiction.
  • Data is reassembled by the data controller using software tools on a device local to the data controller (such as a client machine, which may be a desktop computer, corporate server, tablet style computing device or even smartphones and the like) and within the appropriate geographical territory.
  • a device local to the data controller such as a client machine, which may be a desktop computer, corporate server, tablet style computing device or even smartphones and the like
  • Data arrives back from the cloud and onto the device as a sequence of meaningless UIDs/identifiers.
  • the reverse of each PET is applied to the stream to reveal the real underlying and still meaningless sequence of UIDs.
  • the on-device translation table (the “stock cube” of data) is combined with the de-obfuscated UIDs/identifiers (“water vapour set”) on the device and under the control of the data controller.
  • the real data is revealed, the pieces having been reassembled by the data controller on machines local to the data controller.
  • the data controller is a person within the organisation who is authorised from a compliance perspective to work on behalf of the organisation with its clients' personal data. Legally it is only a data controller that can dissolve real data into its UIDs/identifiers (“water vapour”) and translation table (“stock”) components, and in turn combines the underlying parts back into real data again.
  • the data controller uses the software tools to achieve the split, dispersal and reassembly.
  • FIG. 4 shows an example of the database management system (DBMS) used to enable the new mechanisms described herein.
  • DBMS database management system
  • This approach allows for a new style of database whereby the DBMS and distilled data (forming the translation table) are stored locally and the cloud is used as a massively expandable and connected storage ‘disk’.
  • DBMS database management system
  • distilled data forming the translation table
  • the cloud is used as a massively expandable and connected storage ‘disk’.
  • simply moving storage to a cloud computing environment is not possible without anonymisation/obfuscation due to territorial restrictions on data storage to ensure compliance with data protection requirements.
  • Anonymous data elements are stored in the cloud database (DB) and are viewed by the DPMS in the same way the bytes on a magnetic disk of a conventional database are viewed.
  • the sequence of UIDs can be considered to be the raw data of the DBMS.
  • Data is stored as a sequence of UIDs in anonymous tables using anonymous column names, preferably in remote cloud storage as previously described. This is the rawest form for this model—in some configurations there will already be indexing and transaction facilities in place at the hosting cloud provider to allow indexing and transactions to be dealt with within the cloud environment.
  • the DBMS provides all the benefits of modern data access to our storage scheme and removes the requirement for a given application to encode its data access in a way specific to this invention's storage scheme, i.e. the DBMS performs the abstraction to generate the identifiers to be stored on the cloud computing platform and the translation table to be stored locally.
  • the Data Dictionary holds the translation table with information that maps a meaningful logical data model into the structure used to store UIDs in the cloud. For example, a table named t 101 could hold Mortgage information and col 73 in table t 101 could contain the outstanding loan amount.
  • the Data Dictionary intrinsically supports profile types.
  • the dictionary defines each of the profile types against which an individual client data perturbation is calculated and translated into UIDs, i.e. the subsequent perturbations may be derived from the reference records and reference data items which define the characteristic profile types.
  • the dictionary may support inheritance and so for example investment types ISAs, OEIC, Stocks can be classified as ‘financial assets’.
  • the Query Engine is able to translate data operations expressed in terms of the full logical data model into operations against both the domain data store (the translation table) and the anonymous UID based data store (the deviation identifiers stored in cloud storage). This allows the Query Engine to process the deviation identifiers, the translation table and any reference records in order to reconstitute/determine the original data entries.
  • the Dictionary is used to phrase data operations expressed in terms of super types like ‘financial assets’ and further profile types like “young family subsistence living” type. So a query such as ‘find all “young family subsistence living” that do not have a FIB protection’ can be implemented.
  • the Transaction Engine performs the transmission and retrieval of data to and from the remote cloud storage. Furthermore, it may also be used to retrieve the translation table and reference record(s). The Transaction Engine is important when writing data as it is used to ensure consistency between the cloud store and the domainized data.
  • this hybrid cloud data store offers the ability to manage audit and authorization (using the Authorization Engine) as well as transaction consistency between the domain data store and the UID cloud store. This enables transaction verification and encryption to be implemented. One or more layers of encryption could be applied, dependent on the requirements of the user.
  • the Data Marshaller is used to manage the structure of the underlying cloud storage facility. This includes the capability to enable the database to adjust its storage structure as patterns are discovered in the data leading to new profiles and new perturbation structures. For example, a newly added reference record could be identified as a new pattern or general trend is observed. This could be uploaded via the Data Marshaller which then interrogates and updates the entries throughout the system to fully integrate this new reference record—this may include redetermining deviations of one or more data items in the data records based upon this new reference record for example.
  • Profiles (from which the reference records are derived) are not simply strata of society, but they have a ‘shape’ in terms of the logical normalized data structures we would expect to see example of within the profile. Further, the profile would need a base set of a data.
  • the example profile of “young family subsistence living” contains the following products: mortgage of around 140 k; FIB for a family of two adults and two children; house buildings and contents insurance; a salary of around 35 k per annum; a small amount of savings.
  • the cloud storage structures represent the UID encoded perturbations from such a profile. Data mining will reveal adjustments to the profiles and new profiles also, causing the raw cloud storage structures to be rebalanced. The Data Marshaller takes care of this, whilst the rest of the DBMS abstracts any application from this dynamic adjustment via the Data Dictionary.
  • the device containing the capabilities to store the translation table and receive the identifiers is in a specific territory (e.g. UK), further containing an application code to process the translation table and identifiers. Access to the device is restricted to the human data controller. Whilst containing the application, in our example, the device is never taken out of the UK. In the UK, these levels of device security are no different to those required today in respect of the Financial Services Authority (FSA) and the data controller's organisation.
  • FSA Financial Services Authority
  • the translation table (“stock cube” group of data) is resident on the device and is synchronised with the master copy on servers within the organisation. This data is small in size and easy fits into the memory of a portable device, such as a table style computer.
  • FIG. 3 shows an example of a typical system including client computers held within the relevant geographical state (UK for example) so as to comply with national data protection and privacy laws.
  • the local server is also stored within the same geographical state and may optionally store a master copy of the translation table which can be transferred to the client computing machines as and when the information is needed thereby maintaining a master copy. Alternatively the individual computing machines may permanently store a copy and update the server copy if content is modified.
  • Each client computing machine may download data from the remote server within the cloud computing environment either directly or via the local server (should the provider of the information wish to track and log who is downloading the information for example) to obtain a copy of the identifiers necessary to decode the data.
  • the application then freely works with the UIDs (“water vapour” group of data) in the cloud using a secure (SSL) connection to push and pull UIDs at a set number of levels of PET. Searches can be performed and meaningless streams of UIDs are returned to the device.
  • SSL secure
  • the discussion has set out a scheme where a person's financial story is represented as a sequence of UIDs/identifiers in the cloud.
  • values x,y,z in columns 1,2,3 may have a propensity to indicate that a value of 7 always appears in column 23.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

This invention relates to a scheme for storage of private information on a cloud computing platform without contravention of territorial privacy laws. A method of anonymising a database of personal data is described whereby data identifiers are assigned to data items and deviation identifiers are assigned to deviations for selected data items derived from reference records. Such information can then be uploaded to a cloud based storage platform. A translation table maps the data items, data identifiers and deviation identifiers to the original data entries. This translation table is stored locally and separate to the anonymised information uploaded to the cloud. The invention further describes a method of decoding the database anonymised according to the above method.

Description

RELATED APPLICATIONS
This application claims the benefit of U.S. Provisional Patent Application Ser. No. 61/417,647, filed Nov. 29, 2010, entitled PRIVATE INFORMATION STORAGE SYSTEM, the entire disclosure of which is herein incorporated by reference.
FIELD OF THE INVENTION
This invention relates to a scheme for storage of private information on a cloud computing platform without contravention of territorial privacy laws.
BACKGROUND OF THE INVENTION
Legal requirements for protection of personal data mean that in many countries restrictions are imposed on where such information can be stored. Even if the content is encrypted many data protection laws prevent such information from being transferred out of the country—there is always the risk of increasingly advanced algorithms or leakage of the passwords or encryption keys meaning that information may ultimately be leaked and accessible. However, it can be useful to have access to such information, even in a restricted form, to allow general trend analysis without needing any link or reference back to individuals the data is associated with.
The rapid and continuous increase in data storage and processing means that more and more companies are moving their storage and processing requirements to cloud based systems, which may be located out of the particular country in question. Furthermore, cloud storage and processing providers typically may distribute or migrate content across multiple geographic sites as a form or redundancy or to assist with load balancing. Even if one were to upload personal content to a cloud in the local territory backups may be made to other clouds throughout the world. Using such cloud based systems for storage and processing is however advantageous due the ability to scale as storage and processing demands increase.
There is therefore a need for a system whereby information can be stored remotely, in particular personal information, whilst still meeting requirements for protection of personal data.
SUMMARY OF THE INVENTION
According to a first aspect of the invention there is provided a method of anonymising a database of personal data, the database comprising a plurality of data records, each data record comprising a plurality of data items, the method comprising; for a subset of data items in said data records, determining a deviation of each of said data items in said data records relative to reference data items in a reference record, and assigning deviation identifiers to each of said determined deviations in said data records to anonymise said data items in said subset of said data items in said data records; generating a translation table mapping said data items in said subset to said deviation identifiers; storing said translation table; and storing said deviation identifiers defining said anonymised data items for said data records remotely to said translation table.
Preferably the method further comprises assigning data identifiers to a second subset of said data items in said data records to anonymise said data items in said second set of said data items in said data records; wherein said generating a translation table further comprises mapping said data items in said second subset to said data identifiers; and further comprising storing said data identifiers remotely to said translation table.
Typically the data identifiers may refer to personal details such as name, contact details and address for example—i.e. alphanumeric data, although it may not be necessary to store data identifiers—instead only deviation identifiers may need to be stored. The deviation identifiers, used to identify data that is recorded as deviations to reference data items in a reference record, typically refer to numerical data such as financial data. Such deviations may provide useful information for statistical and characterising purposes without revealing any association or reference to the actual values or personal data that such numerical information is linked to. Each of the subsets of data may comprise of one or more data items.
The identifiers and the translation table (that links the identifiers to the original personal and numerical data) are stored independent to one another, preferably on different computing machines to ensure the translation table is held and stored securely and only available to authorised persons. The result is that the data is both obfuscated and divided—data allowing an association between the identifiers and the personal information is still held within the local territory to comply with mandated privacy laws, but the identifiers can be stored anywhere. In privacy terms, this is the first privacy enhancing technology (PET) layer. The identifiers contain obfuscated information meaning that even if someone were to obtain the identifier information, no personal information could be determined. This approach differs to encryption techniques such as public key encryption because information is divided and links to personal information are only obtainable by also having the translation table available.
In addition, from a regulatory perspective it may not be lawful to access the real unobscured data even for processing in the statistical analysis method referenced above. Accordingly embodiments of the invention herein described allow such analysis to be performed on the obfuscated data using the identifiers whilst meeting regulatory requirements
Advantageously the translation table may typically be orders of magnitude smaller in size to the identifiers storing the main body of data. This reduces the local storage requirements allowing the mass storage to be pushed out to a cloud computing platform for example without contravening national data protection laws.
Preferably the method further comprises generating the reference record. The reference record, used to enable determination of deviations to data items in the data records may be generated by deriving one or more reference data items defining a characteristic profile of data items in records already stored in the database and thus may be updated and modified over time (consequently the deviations and identifiers will also then need re-computing). The reference records may be determined by analysing of one or more of the data records already stored in the database, alternatively it may be from alternative data gathered independent to the database of data records such as from market analysis, trends or general statistical information related to the nature of the content stored within the database. Each reference record effectively defines the different ‘pools’ into which each of the data records are classified, the deviations for each record determined relative to reference data items in the reference record for that particular pool. Furthermore, as more records are added to the database, the characteristic profile(s) may be dynamically updated dependent on the new records.
Preferably reference data identifiers are assigned to the reference data items in the reference record. These reference data identifiers may then also be stored, preferably remotely to the translation table. The translation table then further stores a mapping of the reference data items to the reference data identifiers so that a during decoding of the anonymised database the content of the reference data record may be determined. In some embodiments the reference data identifiers are stored with the data identifiers and deviation identifiers which are also stored remotely to the translation table. This then allows all the identifiers to be retrieved together from the same location, which may be for example from remote storage within a cloud computing environment.
In some preferred embodiments there may be a plurality of reference records each storing different reference profiles for different characteristic groups of data records (for example different characteristic groups of users who may fit have different types or ranges of financial information). To determine the deviations it may then be necessary to select a reference record by which to derive this deviation. This may be done by generating a deviation for one or more of the data items against each reference record and then comparing the similarity of the record to the referenced records to select the deviation to store one may then compare the similarity of records and then select the closest matching reference record.
In embodiments where multiple reference records are used it may be necessary to further store a marker in a data record so that when the data is later decoded for the data record the appropriate reference record can be retrieved to allow the deviations to be combined with the reference record data to regenerate the original data field value. Alternatively the marker could be to a particular data item in a reference record or may be more generally related to a particular reference record.
Preferably the translation table is stored on a client machine and the data identifiers (if present) and the deviation identifiers are stored on a remote data server. The remote data server for example may be stored on a remote cloud computing platform. As the data identifiers and deviation identifiers contain anonymised information no personal information can be extracted from this data thereby allowing storage of such information anywhere within the world to maintain compliance with territorial privacy laws. In particular with UK and EU privacy laws, for example, the translation table may be stored on computing machines located only within permitted territories thereby ensuring full compliance with local laws. It will be appreciated however that data may still be anonymised according to the methods herein described even if the identifiers are not pushed out to a remote clouding computing platform.
In some preferred embodiments the one or more of the translation table, data identifiers (if present) and deviation identifiers may be encrypted (such as with asymmetric public key encryption for example). More preferably the method further comprises applying one or more further layers of encryption, in particular wherein one of said one or more further layers of encryption is a proprietary format such that further layers of protection (further PET layers) are added to the data stored either locally or remotely on the cloud. This adds further layers of security to the information. It will be appreciated however that the process of obfuscation and dividing described herein differs to encryption techniques such as public key encryption because even if the identifiers stored within the cloud were accessed by an unauthorised person the data contains no information to link it back to personal information (which is held elsewhere in the translation tables). Furthermore, even if multiple PET encryption layers were applied to the identifiers, circumvention of such encryption would still only lead to availability of the obfuscated identifiers thus maintaining at least the first PET layer. Depending on the nature of the encryption methodology, it may be possible to analyse trends in the data, although it will be appreciated that in some circumstances the company storing such information may not wish to perform such analysis and thereby encrypt different elements of the personal data to prevent such analysis. One or more of the PET layers may be a proprietary format, i.e. a unique form of encryption applied by the organisation holding the content.
In embodiments of the invention the data items in the data records are arranged into fields. The process of determining a deviation comprises determining a deviation of each of the data items relative to a data item in a corresponding field in the reference record. For example if a particular numerical field refers to pension financial information the deviation could be compared to similar pension information details in the reference record.
Preferably the first subset of data comprises data defining personal data and the second subset of data comprises financial data linked to the personal data although it will be appreciated that other forms of data may be stored and the invention is not limited to the storage of financial data only. Information stored may include names, addresses, ages, contact details, and financial information include shares and investments, pensions and bank account details. It will be appreciated that further content may also be stored and these are examples only of such content.
Preferably the reference record comprises a common financial profile comprising pre-characterised financial data. Thus the reference record and the data record all typically refer to financial information, including details such as pension information, investments, bank account details and the like. The reference record may be structured in a similar way to the data records for customers to provide a direct mapping for determining deviation of numerical data or alternative may take on a different structure.
According to a second aspect of the invention there is provided a method of decoding a database of personal data anonymised according to the method of the first aspect of the invention, the database comprising a plurality of data records, each data record comprising a plurality of data items, the method comprising; retrieving deviation identifiers for a subset of said data items in remote data record from remote storage, wherein said deviation identifiers define anonymised deviations for each of said data items in said data records relative to reference data items in a reference record; retrieving a translation table from storage, wherein said storage is distinct to said deviation identifiers, and wherein said translation table defines a mapping of said data items in said subset with said deviation identifiers; processing said deviation identifiers using said reference record and said translation table to decode said database of personal data; wherein said processing comprises performing a reverse mapping of said deviation identifiers to deviations of each of said data items in said subset of data items and, using said reference record and said deviations, determining said data items in said subset of data items.
Preferably the method further comprises: retrieving data identifiers for a second subset of said data items in said remote data record from said remote storage (distinct, i.e. separate to the storage of the translation table which may be stored locally to comply with national data protection laws), said data identifiers defining anonymised data items in said remote data record; wherein said translation table further defines a mapping of said data items in said second subset with said data identifiers; wherein said storage of said translation table is distinct to said data identifiers; wherein said processing further comprises processing said data identifiers and said translation table to decode said database of personal data; and wherein said processing further comprises performing a reverse mapping of said data identifiers to said data items in said second subset of data items.
Preferably the translation table further maps the reference data items to the reference data identifiers. This requires retrieving reference data items from remote storage (which may be the same remote storage as the data identifiers (if present) and deviation identifiers). These are then be processed using the translation table (typically stored locally) to perform a reverse mapping of the reference data identifiers to the reference data items for the reference record. By having the reference record (or multiple reference records) then decoded this information can be used in conjunction with the deviations in the subsets of data items to determine the original numerical values of those particular pieces of information.
Portable devices, such as laptops, tablet style devices are particularly suited to use as a tool for decoding the obfuscated data to reassemble the original data set. Given that the translation table may typically be orders of magnitude smaller than the identifiers, even devices with only a nominal amount of storage (for example limited flash storage) such as tablet style devices will have sufficient storage capacity to keep the translation table stored locally. In such systems the process of decoding and reassembly of data may be performed through provision of a web-based application for example, hosted either locally or remotely.
In some preferred embodiments there is a plurality of reference records, therefore the processing further comprises selecting one of the plurality of reference records before using the deviation information to determine the original values.
Given multiple reference records, in preferred embodiments one of the data items in the data record comprises a marker defining the reference record which is used to determine the anonymised deviation. This then enables the relevant reference record to be determined in order to use the particular deviation to decode and derive the original value. The selecting process therefore comprises reading a particular marker to determine which reference record to use. Alternatively in some preferred embodiments the process of selecting comprises determining a difference between the deviations in at least one of the data items in the subset and at least one of the reference data items in the plurality of reference records. The relevant reference record to use is then selected dependent on the difference between the deviations (typically the minimum deviation will be selected to determine the relevant reference record).
Preferably the translation table is stored on a client machine used in the territory in which legal compliance with personal data storage must be maintained. The data identifiers (if present) and the deviation identifiers may also be stored on a remote data server which may be located within a remote cloud computing platform which may be anywhere in the world. Given that the identifiers contain no personal information (they provide only identifiers requiring the locally stored translation table to ascertain the stored information), there are fewer restrictions on where this information can be stored, i.e. cloud based storage is now possible.
In some preferred embodiments the translation table may be stored remotely to the remote data server and downloaded onto the client machine. For example the translation table may be stored on a server for a company within the territories allowed to store personal information and downloaded for example over a secure internet connection to the client computer when an adviser wishes to access such information.
In some preferred embodiments the data identifiers (if present), deviation identifiers and or translation table may have previously have been encrypted, therefore processing further requires decrypting this information in order to decode the database of personal data.
The invention further provides a client computer machine configured to implement the methods as described in the first and second aspects of the invention. It will be appreciated that these may be one and the same computing machine or may be independent computing machines.
According to a further aspect of the invention there is provided a database management system for decoding a subset of data items in data records from a distributed database, the distributed database comprising: a plurality of deviation identifiers storing anonymised references to deviations in a subset of data items in data records, wherein the deviations define deviations of the subset of data item to a reference data item in a reference record; the database management system comprising: a data dictionary comprising a translation table storing mappings from the subset of data items to the deviation identifiers; a transaction engine to retrieve one or more of the plurality of deviation identifiers from remote storage, to retrieve the translation table, and to retrieve the reference record; a query engine to process the deviation identifiers using the reference record and the translation table to decode the distributed database and reconstitute the subset of data items in the data records, wherein the decoding comprises performing a reverse mapping of the deviation identifiers to deviations of each of the data items in the subset of data items and, using the reference record and the deviations, determining the data items in the subset of data items.
The database management system (DBMS) allows conventional database interactions to interface to the distributed storage system, performing the database queries and accessing the cloud storage. In combination with the translation table and any necessary reference data values the original data in its original decoded form can be determined.
In preferred embodiments there is provided a data marshaller to generate the reference record. The generating comprises determining one or more reference data items defining a characteristic profile of data suitable for storing in the database and thus allows the deviations to be derived. In some preferred embodiments the characteristic profile is determined from data items stored in the distributed database, i.e. from existing data by performing an analysis to characterise and identify profiles. Alternatively however it will be appreciated that such profile information may be determined from other sources and added to the system for use as an additional characteristic profile. This may be useful in situations whereby a particular characteristic profile is of interest to the particular system owner. Furthermore, more preferably the data marshaller is further operable to update the deviation identifiers in the distributed database and the data dictionary responsive to the generating of the reference record so that the new reference record/profile is fully integrated and used within the database. The data marshaller manages the structure of the underlying cloud storage facility and enables the reference records to be generated, updated and additional reference records added as and when new profiles are identified and incorporated into the system allowing the remote storage to be updated and adjusted according to newly identifier characteristic trends and profiles in data.
In some preferred embodiments of the database management system one or more of the translation table and the deviation identifiers are encrypted to provide additional layers of privacy enhancing technology (PET)/security to the system. For example, one could want to restrict access to the translation table to prevent unauthorised access to this information. Additionally, with further layers of encryption added, the database management system preferably further comprises an authorisation engine to decrypt the one or more of the translation table and the deviation identifiers according to the encryption layers
The invention further provides processor control code to implement the above-described methods, for example on a general purpose computer system or on a digital signal processor (DSP). The code may be provided on a carrier such as a disk, CD- or DVD-ROM, programmed memory such as read-only memory (Firmware), or on a data carrier such as an optical or electrical signal carrier. Code (and/or data) to implement embodiments of the invention may comprise source, object or executable code in a conventional programming language (interpreted or compiled) such as C, or assembly code. As the skilled person will appreciate such code and/or data may be distributed between a plurality of coupled components in communication with one another.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention description below refers to the accompanying drawings, of which:
FIG. 1 shows the process of deriving the anonymised data;
FIG. 2 shows the process of determining deviations in data items;
FIG. 3 shows the typical system implementing embodiments of the invention; and
FIG. 4 shows an example of the database management system (DBMS).
 DETAILED DESCRIPTION
We describe a scheme by which personal data and personal financial data can be stored in the Cloud and still be complaint with territorial privacy laws, in particular UK and EU privacy law. Although we refer to financial data in the example herein provided it will be appreciated that such discussion is general applicable to many forms of numerical data
The scheme addresses the fundamental issues of storage of data and the legal mechanics of data separation, dispersal, and subsequent reassembly of the data into a meaningful view to an authorised person.
The process operates as a pseudonymising or obfuscation tool, by substituting elements of personal data and turning each of those elements into an identifier, which we call a Unique Identifier (UID). Each UID derives from a basic identifying data element, such as first name, surname, postcode or from financial data such as salary, expenditure, type of investment or value. Further, the UIDs created from the financial data falls into two categories: deviations and non-deviations. Each UID is made up of a multi-layered numerical code.
The process of turning data into initial UIDs is given the name: “domainizing” and results in a sequence of UIDs and a residue. The residue provides a translation table that maps/translates the UIDs to the underlying data, including names, address and financial data. Without this residue/translation data it is not possible to unveil the true identities and financial information within the personal data.
Further layers of encryption of the UIDs can also be added as will be described later. In privacy terms each layer is known as a PET layer—privacy enhancing technology layer. The initial translation to UIDs via domainizing is the first layer of PET.
In this way, the method and system incorporate additional security features and precautions such as multiple levels of non-conventional encryption techniques applied to such coded data prior to transmission both to and from the cloud.
The cloud provider will host data in the form of UID sequence derived from both the demographic data from client financial deviation data. The coded UID data can only be reconstituted through the application in the hands of the authorised users with access to the residue within the translation table.
The residual data is not stored in the Cloud, but instead within an organisation under the same controls for personal data as exists today.
Thus the system provides a mechanism where personal data can be stored in the cloud without territorial restriction in terms of privacy and compliance. Within the UK for example, privacy laws regulate the geographical locality of personal information storage. Personal UK financial data under this scheme can be stored legally in the Cloud. It will be appreciated under similar laws in other countries, information may also be stored in the Cloud. Cloud storage is not possible with standard encryption practices as the data is still stored, albeit in encrypted form potentially in non-permitted jurisdictions. Should any unauthorised person obtain access to the encrypted data, circumvention of the password, or password ‘cracking’ could allow them access to the data and the personal information. By adding the obfuscation and dividing the data as described herein, even with a successful unauthorised access, the data is of no value without the translation table
Furthermore, data storage in the cloud does not negate from the true meaning of the content—statistical analysis can still be performed on the content without any linkage or reference back to the personal information stored within the residue/translation table.
With reference to FIG. 1, the scheme works by ‘domainizing’ (splitting into groups) the personal data and additionally by fitting the financial element of a client's data to a pre-determined/characteristic profile, and recording the deviations from this characteristic profile. Multiple characteristic profiles may also be used as will be described later.
This process yields two distinct group types. The first group contains the UIDs assigned to personal data (herein referred to as data identifiers), plus UID's assigned to each element of the deviation of a client's financial information (herein referred to as deviation identifiers) from that of the closest matching reference profile. There may be a number of reference financial profiles, each customer matched to the most appropriate approximation. The use of reference records allows data to dynamically normalizes itself around specific data content. This is akin to hiding data in a tightly packed cohort of peers.
The second group contains a table of string values and related UID's: a dictionary (or residue) providing the translation table.
It is only by combining the identifiers with the translation table that we get back to the original database of personal data—i.e. only by combining information in both groups (identifiers and translation table) that the original data is reconstructed and any understanding then derived.
Privacy is achieved by separating the two types of data and physically securing the translation table (“stock cube”) data according to standard practices of any organisation today in possessing of such information. The group of identifiers (“water vapour”) grows in direct proportion to the number of customers. The translation table (“stock cube”) is orders of magnitude smaller as strings of data relating to things like name, address, occupation etc will repeat. This translation table is in essence a dictionary of phrases and numerical values and can be stored in any arrangement appropriate for storing such information.
Further, as data grows in volume, profiling will reveal repeating associations of UIDs (identifiers) within the first group of UID sequence data, the result is a level of data normalisation that cannot be achieved by design alone. The greater the number of clients in the database and the greater the attributes known about them the greater the propensity for detailed domain normalisation. This in itself will form a useful level of obfuscation.
This is a dynamic data normalization facility where patterns are recognised in real-time data leading to a level of normalization of data that could not occur using traditional database design techniques.
As new detailed associations of UIDs (identifiers) across slices of data are discovered, the existing group of UIDs data will have the ability to adjust its structure accordingly. The effect is to further compress the cohorts of data, reducing storage volume, data mining dimensions, and more importantly allowing more essence to be extracted from the group of UID sequences (“water vapour”) and deposited into the translation table (“stock cube”). The group of UID sequences providing identifiers (“water vapour” group of data) will be placed in the Cloud and consequently may reside anywhere in the world. This has the commercial advantage that data storage can scale infinitely and quickly, and cloud compute clusters can be leveraged to crunch data.
The translation table (“stock cube” group of data) will be kept within an organisation or on specific devices authorised by the organisation. The devices will be only used inside of the appropriate geographic territory by an authorised person. As the translation table may typically be orders of magnitude smaller in size to the data identifiers storing the main body of data local storage and computer power is reduced, with the increased storage demands pushed out to remote cloud computing platforms. This means that the data that forms the translation table stays within the physical protection of the organisation or on machines that reside within a guaranteed territory with sufficient security to guarantee they are used only by authorised personnel (i.e. reflecting today's privacy laws). Authorised persons may use devices such as desktop computers, corporate servers, tablet style computing devices or even smartphones and the like to store or access the data.
The group of UID sequences providing identifiers (“water vapour” group of data) is combined with the translation table (“stock cube” group of data) on the device residing in the specified territory by an authorised and regulated person.
Data will be first entered by an authorised and regulated person; software on the device will split out the data into the identifiers and translation table. The identifiers are pushed to the Cloud and any addition to the translation table is merged with the existing translation table data on the device.
Where there is a requirement for mass induction of client data, the scheme is defined to place the human data controller in electronic control of the load process such that her interaction with the device initiates the domainization of the data and it's dispersal to the Cloud.
The scheme allows for the translation table group of data to be stored centrally within the standard computing environment of the organisation by allowing data from multiple devices to be synchronised and merged centrally. This means as a domain expands on one device it will subsequently become available to all devices.
Data in both the UID group and translation table group may have unlimited layers of privacy enhancing technology (PET) applied to them. Data in the first group (in its raw form) is a base series of UIDs, plus UID encoding of deviations from a common financial profile (herein referred to as deviation identifiers). Additive PETs provide the mechanism by which further obfuscation and encryption can take place on the UID data.
This scheme is very different from today's traditional one time encryption techniques where all eggs are in one basket. In the traditional model if the cipher is broken then all the content is revealed in plain text. The proposed model has a fundamental principle of data at its core followed by an unlimited number of organisational driven PETs. Each PET obfuscates meaning and places plain text a further step away.
Fundamentally the scheme allows the essence of the data to be stored in a protected environment and distinct from the mass of data globally at large.
One PET for example may be common day encryption techniques: others may be more esoteric like modern day equivalents of the Enigma machine, with many more wheels, extended character sets, and plug boards. The approach of obfuscation and division of data herein described allows for an organisation to apply other forms of PET such as standardised forms of encryption such as public key encryption or their own proprietary standards. This is useful as it provides additional levels of protection against unwanted and illegal attempts to access the data and understand its meaning
Domainization—The following tables show the process of forming the translation tables and UIDs.
Table 1 below shows a typical subset of tables of customer data—the data that is to be anonymised. Three clients are shown: client # 1, client # 2 and client # 3.
Various personal and financial data fields are present for each client that need to be protected/obfuscated before being uploaded to the cloud storage.
TABLE 1
PERSON
client names household
(first, middle, no of spouse monthly family income
surname) Will? children income income expenditure protection
client #
1 homer Will 1 35000 10000 950 67.54
stephen
simpleton
client #
2 donald Nothing 2 45000 2000 1150 55.15
stephen
drake
client #
3 mark Nothing 1 12320 0 950 0
smithers
client names buildings and
(first, middle, contents
surname) protection mortgage debt savings investments pensions
client #
1 homer 235 102300 6000 0 0
stephen
simpleton
client #
2 donald 265 130000 8000 0 20000
stephen
drake
client #
3 mark 0 0 120000 585000 0
smithers
TABLE 2
PROFILES
client names household
(first, middle, no of spouse monthly family income
surname) Will? children income income expenditure protection
income young family Nothing 2 40000 5000 975 60
matches subsistence
earnings
typically 3 young buy to Nothing 0 40000 0 700 0
buy to lets let
typically 7 older buy to let Will 2 but 60000 15000 1200 0
buy to lets LPA left
home
use of sophisticated Will 2 but 100000 20000 2000 0
financial investor LPA left
instruments home
sophisicated complementary Will 2 but 75000 25000 2000 0
but reflects male/female - left
wife looks husband home
after kids
whilst they
grow up
complementary LPA 2 but 25000 75000 2000 0
male/female - left
wife home
has lifestyle content Nothing 0 10000 0 1000 0
‘enough’ to (happy)
take to end
of life
without
little effort
(no
dependents)
client names buildings and
(first, middle, contents
surname) protection mortgage debt savings investments pensions
income young family 250 110000 5000 0 0
matches subsistence
earnings
typically 3 young buy to let 155 100000 5000 0 0
buy to lets 155 150000
155 200000
typically 7 older buy to let 155 10000 60000 100000 80000
buy to lets 155 15000
155 20000
155 25000
155 25000
155 25000
155 25000
use of sophisticated 350 0 120000 750000 1000000
financial investor
instruments
sophisicated complementary 350 0 100000 750000 750000
but reflects male/female -
wife looks husband
after kids
whilst they
grow up
complementary 350 0 30000 250000 250000
male/female -
wife
has ‘enough’ lifestyle content 200 0 80000 500000 120000
to take to (happy)
end of life
without little
effort
(no
dependents)
TABLE 3
PROFILE PERTURBATION
client names household
(first, no of spouse monthly family income
middle, surname) Will? children income income expenditure protection
client #
1 homer Will −1 −5000 5000 −25 7.54
matched to stephen
‘young simpleton
subsistence
income’
client #2 donald 0 5000 −3000 175 −4.85
matched to drake
‘young
subsistence
income’
client #3 mark 1 2320 0 −50 0
matched to smithers
‘lifestyle
content’
buildings and
client names (first, contents mortgage
middle, surname) protection debt savings investments pensions
client #
1 homer −15 −7700 1000 0 0
matched to stephen
‘young simpleton
subsistence
income’
client #2 donald 15 20000 3000 0 20000
matched to drake
‘young
subsistence
income’
client #3 mark −200 0 40000 85000 −120000
matched to smithers
‘lifestyle
content’

At this stage we see 2 rows per person in which one reflects value in orders of magnitude appropriate for the type of data the second rows record the excess or froth.
TABLE 4
PROFILE PERTURBATION
(numbers clipped and represent
order of magnitude)
(quantity normalization)
100s 10s
1000s household family
client names (first, no of 1000s spouse monthly income
middle, surname) Will? children income income expenditure protection
client #1 homer Will −1 −5 5 0 0
matched to stephen
‘young simpleton
subsistence
income’
client #1 homer Will 0 0 0 −25 7.54
matched to stephen
‘young simpleton
subsistence
income’
client #2 donald Nothing 0 5 −3 1 0
matched to drake
‘young
subsistence
income’
client #2 donald Nothing 0 0 0 75 −4.85
matched to drake
‘young
subsistence
income’
client #3 mark Nothing 0 2 0 0 0
matched to smithers
‘lifestyle
content’
client #3 mark Nothing 1 320 0 −50 0
matched to smithers
‘lifestyle
content’
PROFILE PERTURBATION
(numbers clipped and represent order of magnitude)
(quantity normalization)
10s
buildings and 1000s
client names (first, contents mortgage 1000s 1000s 1000s
middle, surname) protection debt savings investments pensions
client #1 homer 0 −7 1 0 0
matched to stephen
‘young simpleton
subsistence
income’
client #1 homer −15 700 0 0 0
matched to stephen
‘young simpleton
subsistence
income’
client #2 donald 0 20 3 0 20
matched to drake
‘young
subsistence
income’
client #2 donald 15 0 0 0 0
matched to drake
‘young
subsistence
income’
client #3 mark −20 0 40 85 −120
matched to smithers
‘lifestyle
content’
client #3 mark 0 0 0 0 0
matched to smithers
‘lifestyle
content’

THE DATA WE STORE FOLLOW BELOW
TABLE 5
(STORED TO CLOUD IN THIS FORM)
PROFILE PERTURBATION
(with string domainization)
client #1 817413026 234164724 930071094 792441855 983704673 422457101 422457101
matched to 757739110
‘young 232754115
subsistence
income’
client #1 0 0 0 −25 7.54
matched to
‘young
subsistence
income’
client #2 245060467 679055516 422457101 983704673 646002909 22658639 422457101
matched to 757739110
‘young 168182192
subsistence
income’
client #2 0 0 0 75 −4.85
matched to
‘young
subsistence
income’
client #3 13540256 679055516 422457101 827516500 422457101 422457101 422457101
matched to 690500610
‘lifestyle
content’
client #3 1 320 0 −50 0
matched to
‘lifestyle
content’
PROFILE PERTURBATION
(with string domainization)
client #1 817413026 422457101 938631754 22658639 422457101 422457101
matched to 757739110
‘young 232754115
subsistence
income’
client #1 −15 700 0 0 0
matched to
‘young
subsistence
income’
client #2 245060467 422457101 599634554 91145402 422457101 599634554
matched to 757739110
‘young 168182192
subsistence
income’
client #2 15 0 0 0 0
matched to
‘young
subsistence
income’
client #3 13540256 963841943 422457101 933100774 324423887 752154942
matched to 690500610
‘lifestyle
content’
client #3 0 0 0 0 0
matched to
‘lifestyle
content’
TABLE-6
(STORED DOMAIN
LOCALLY) TABLE
homer 817413026
stephen 757739110
simpleton 232754115
donald 245060467
drake 168182192
Will 234164724
Nothing 679055516
mark 13540256
smithers 690500610
 −1 930071094
 −5 792441855
   5 983704673
   0 422457101
 −7 938631754
   1 22658639
 −3 646002909
   3 91145402
   20 599634554
   2 827516500
 −20 963841943
   40 933100774
   85 324423887
−120 752154942
Table 2 above shows a set of characteristic profiles, each providing a reference record. Example characteristic profiles include: ‘a young family subsistence’, “lifestyle content’ and ‘young/old buy to let investors’. In both the building/contents protection and mortgage debt columns multiple entries are stored and each relate to a particular property owned by the buy to let investor.
Fitting to a Reference Profile
This is the act of taking personal and financial information and comparing each type to the groups already identified in the database as a whole. As data grows in volume, profiling can become more sophisticated and subtle, leading to groups and subgroups of individuals thereby providing multiple profiles/reference records.
What happens as part of the profiling piece is best described with a simple example. As new details are entered, a person's income, assets, and liabilities are accessed using a rule based decision tree. At the first stage we determine whether they have many assets and little debt, or vice versa. Of the indebted customers then removing the mortgage from the equation may push them into the asset rich group. We then become interested in the asset and debt profiles and the levels. Indebtedness will have a correlation with protections required and protections obtained and so on. From this simple rules based assessment, a person's financial statement is assigned to a pool of most similar people.
At any point in time the pool has a prototype person, the ideal for the pool, such as ‘young family subsistence’ or ‘lifestyle content’ (each being stored as a reference record for example). All real members (client # 1, #2 etc) are measured by their perturbations from the prototype. The pool number and perturbations for each client may be recorded for subsequent decoding of the data. Before storage the pool and perturbation information are domainized as described above, i.e. turned into two groups of data identifiers and translation tables as shown in Tables 3 to 6 above.
FIG. 2 shows an embodiment of how deviations are determined relative to the profile/reference record. Numerical data items pertaining to financial information are each compared to reference values in the reference record (for example data item 3 with reference data item 3), the deviation determined and then output. The deviation is then assigned a deviation identifier and stored within the cloud along with the identifiers for any non deviation data (for example for names, addresses).
In Table 3 the deviation of data fields to the most relevant reference record is determined. The most relevant (closest matching for example) reference record for client # 1 and client # 2 in FIG. 3 is the ‘young family subsistence’ profile and thus deviations for each numerical value are determined relative to this profile/reference record. For example, client # 1 has an income of £35000 and the ‘young family subsistence’ profile defines a reference income of £40000. The resulting profile perturbation calculated is −£5000.
In the following step, shown in Table 4, two rows of data are now shown per person. The first row represents values of the data in orders of magnitude and the second the excess or remainder having determined the orders of magnitude. For example, client #3 has an income of £12320 from table 1, which converts to a deviation from the ‘lifestyle content’ profile of £2320. In table 4, the magnitude value determined is 2 (from £2000), providing an excess of £320.
Tables 5 and 6 show the data finally stored after the processing is complete. The essence of the data (the domain) is stored securely by the organisation and made available to data controllers. This is the translation table (“stock cube” set of data) effectively providing a dictionary. Table 5 shows an example of derived UIDs (data identifiers) stored in cloud storage. This data is now anonymised and this is capable of being remotely stored whilst being in compliance with many different territorial data protection laws. Table 6 shows an example of the translation table (domain table) stored locally that allows the decoding to take place. In this example each alphanumeric data item is assigned a unique ID, and numerical values are also assigned a unique ID. The result is that the data is partitioned so that the bulk of the data is can be stored remotely and only the table that allows the true personal and financial data to be derived needs to be stored in the local jurisdiction.
Reassembly of the Data
Data is reassembled by the data controller using software tools on a device local to the data controller (such as a client machine, which may be a desktop computer, corporate server, tablet style computing device or even smartphones and the like) and within the appropriate geographical territory. Data arrives back from the cloud and onto the device as a sequence of meaningless UIDs/identifiers. The reverse of each PET is applied to the stream to reveal the real underlying and still meaningless sequence of UIDs. The on-device translation table (the “stock cube” of data) is combined with the de-obfuscated UIDs/identifiers (“water vapour set”) on the device and under the control of the data controller. The real data is revealed, the pieces having been reassembled by the data controller on machines local to the data controller.
Role of the Data Controller
The data controller is a person within the organisation who is authorised from a compliance perspective to work on behalf of the organisation with its clients' personal data. Legally it is only a data controller that can dissolve real data into its UIDs/identifiers (“water vapour”) and translation table (“stock”) components, and in turn combines the underlying parts back into real data again.
The data controller uses the software tools to achieve the split, dispersal and reassembly.
FIG. 4 shows an example of the database management system (DBMS) used to enable the new mechanisms described herein. This approach allows for a new style of database whereby the DBMS and distilled data (forming the translation table) are stored locally and the cloud is used as a massively expandable and connected storage ‘disk’. As described herein simply moving storage to a cloud computing environment is not possible without anonymisation/obfuscation due to territorial restrictions on data storage to ensure compliance with data protection requirements.
Anonymous data elements are stored in the cloud database (DB) and are viewed by the DPMS in the same way the bytes on a magnetic disk of a conventional database are viewed. The sequence of UIDs can be considered to be the raw data of the DBMS.
Data is stored as a sequence of UIDs in anonymous tables using anonymous column names, preferably in remote cloud storage as previously described. This is the rawest form for this model—in some configurations there will already be indexing and transaction facilities in place at the hosting cloud provider to allow indexing and transactions to be dealt with within the cloud environment.
By abstracting the approach to data storage into a conventional database type of pattern, the DBMS provides all the benefits of modern data access to our storage scheme and removes the requirement for a given application to encode its data access in a way specific to this invention's storage scheme, i.e. the DBMS performs the abstraction to generate the identifiers to be stored on the cloud computing platform and the translation table to be stored locally.
There are five major elements of the DBMS: Data Dictionary; Query Engine; Authorization; Transaction Control/Engine; and Data Marshaller. These functional capabilities work with the core elements of the domainized data and the sequences of UIDs stored out in the cloud.
The Data Dictionary holds the translation table with information that maps a meaningful logical data model into the structure used to store UIDs in the cloud. For example, a table named t101 could hold Mortgage information and col73 in table t101 could contain the outstanding loan amount.
The Data Dictionary intrinsically supports profile types. The dictionary defines each of the profile types against which an individual client data perturbation is calculated and translated into UIDs, i.e. the subsequent perturbations may be derived from the reference records and reference data items which define the characteristic profile types. Furthermore, the dictionary may support inheritance and so for example investment types ISAs, OEIC, Stocks can be classified as ‘financial assets’.
By using the information contained in the Data Dictionary the Query Engine is able to translate data operations expressed in terms of the full logical data model into operations against both the domain data store (the translation table) and the anonymous UID based data store (the deviation identifiers stored in cloud storage). This allows the Query Engine to process the deviation identifiers, the translation table and any reference records in order to reconstitute/determine the original data entries.
The Dictionary is used to phrase data operations expressed in terms of super types like ‘financial assets’ and further profile types like “young family subsistence living” type. So a query such as ‘find all “young family subsistence living” that do not have a FIB protection’ can be implemented.
The Transaction Engine performs the transmission and retrieval of data to and from the remote cloud storage. Furthermore, it may also be used to retrieve the translation table and reference record(s). The Transaction Engine is important when writing data as it is used to ensure consistency between the cloud store and the domainized data.
In addition this hybrid cloud data store offers the ability to manage audit and authorization (using the Authorization Engine) as well as transaction consistency between the domain data store and the UID cloud store. This enables transaction verification and encryption to be implemented. One or more layers of encryption could be applied, dependent on the requirements of the user.
The Data Marshaller is used to manage the structure of the underlying cloud storage facility. This includes the capability to enable the database to adjust its storage structure as patterns are discovered in the data leading to new profiles and new perturbation structures. For example, a newly added reference record could be identified as a new pattern or general trend is observed. This could be uploaded via the Data Marshaller which then interrogates and updates the entries throughout the system to fully integrate this new reference record—this may include redetermining deviations of one or more data items in the data records based upon this new reference record for example.
Profiles (from which the reference records are derived) are not simply strata of society, but they have a ‘shape’ in terms of the logical normalized data structures we would expect to see example of within the profile. Further, the profile would need a base set of a data. The example profile of “young family subsistence living” contains the following products: mortgage of around 140 k; FIB for a family of two adults and two children; house buildings and contents insurance; a salary of around 35 k per annum; a small amount of savings. The cloud storage structures represent the UID encoded perturbations from such a profile. Data mining will reveal adjustments to the profiles and new profiles also, causing the raw cloud storage structures to be rebalanced. The Data Marshaller takes care of this, whilst the rest of the DBMS abstracts any application from this dynamic adjustment via the Data Dictionary.
PETs
Careful choice of PETs will still leave the UIDs/identifiers (“water vapour” data) in a state that is meaningful for data mining and predictive analysis. Further, the numerical nature of the data and the dynamic normalisation capability facilitates efficient mining processes.
Practical Implementation
The device containing the capabilities to store the translation table and receive the identifiers is in a specific territory (e.g. UK), further containing an application code to process the translation table and identifiers. Access to the device is restricted to the human data controller. Whilst containing the application, in our example, the device is never taken out of the UK. In the UK, these levels of device security are no different to those required today in respect of the Financial Services Authority (FSA) and the data controller's organisation.
The translation table (“stock cube” group of data) is resident on the device and is synchronised with the master copy on servers within the organisation. This data is small in size and easy fits into the memory of a portable device, such as a table style computer. FIG. 3 shows an example of a typical system including client computers held within the relevant geographical state (UK for example) so as to comply with national data protection and privacy laws. The local server is also stored within the same geographical state and may optionally store a master copy of the translation table which can be transferred to the client computing machines as and when the information is needed thereby maintaining a master copy. Alternatively the individual computing machines may permanently store a copy and update the server copy if content is modified. Each client computing machine may download data from the remote server within the cloud computing environment either directly or via the local server (should the provider of the information wish to track and log who is downloading the information for example) to obtain a copy of the identifiers necessary to decode the data.
The application then freely works with the UIDs (“water vapour” group of data) in the cloud using a secure (SSL) connection to push and pull UIDs at a set number of levels of PET. Searches can be performed and meaningless streams of UIDs are returned to the device.
On the device, layers of PETs are removed by applying the antidote to each layer in turn, to reveal the underlying real set of UIDs. UIDs are then translated on the device into actual data using the on-device translation table (“stock cube”) data set.
Dynamic Normalization
The discussion has set out a scheme where a person's financial story is represented as a sequence of UIDs/identifiers in the cloud.
From this position the data will then be subject to a pipeline of numerical and predictive analysis techniques. As such patterns in the data will be detected at various stages in the pipeline. For example, values x,y,z in columns 1,2,3 may have a propensity to indicate that a value of 7 always appears in column 23.
Discoveries of this form leads to a further refactoring of the data—traditionally this would be called data normalization when applied to the review of a database structure by a “data analyst”. What we are doing here is quite different, we are normalising based on the discovery of patterns in real-time and within real datasets.
This is in part facilitated by today's dynamic schema-less storage structures which provide the mechanism for the programmatic adjustment of the storage structure.
It will be appreciated that although the examples herein described refer particularly to financial information such as pensions, shares and banking data and the like that the system is application to any forms of data, in particular any information containing personal information (such as store cards, inland revenue data, medical data and home office/government data) that must comply with national data protection laws.
No doubt many other effective alternatives will occur to the skilled person. It will be understood that the invention is not limited to the described embodiments and encompasses modifications apparent to those skilled in the art lying within the spirit and scope of the claims appended hereto.

Claims (25)

What is claimed is:
1. A computer-implemented method of anonymising a database of personal data, the database comprising a plurality of data records, each data record comprising a plurality of data items, the method comprising;
for a subset of data items in said data records, determining a deviation of each of said data items in said data records relative to reference data items in a plurality of reference records,
wherein one of said plurality of reference records is selected for each one of said data items or subset of data items dependent on a similarity of a said data record to said reference records, wherein determining said similarity comprises:
categorizing said data items in said data records into a plurality of pools based on classification profiles defined by said reference records, wherein a data item similarity of data items in a said pool is above a threshold; and
comparing calculated perturbation profiles of one or more of said data items in a said pool with one or more of said reference data items of said reference records,
wherein each of said data items in said data records has a corresponding said reference data item in a said selected reference record according to a said classification profile to determine a said deviation of a said data item relative to a said reference data item in a said selected reference record,
assigning deviation identifiers to each of said determined deviations in said data records to identify a said data item being recorded as a said determined deviation to a said reference data item and to anonymise said data items in said subset of data items in said data records;
generating a translation table mapping said data items in said subset and said determined deviations to said deviation identifiers;
storing said translation table; and
storing said deviation identifiers defining said anonymised data items for said data records remotely to said translation table.
2. The method as claimed in claim 1 further comprising:
assigning data identifiers to a second subset of said data items in said data records to anonymise said data items in said second subset of said data items in said data records;
wherein said generating said translation table further comprises mapping said data items in said second subset to said data identifiers; and
further comprising storing said data identifiers remotely to said translation table.
3. The method as claimed in claim 1 further comprising generating said reference record, wherein said generating comprises determining one or more reference data items defining a characteristic profile of data suitable for storing in said database.
4. The method as claimed in claim 3, wherein said characteristic profile is dependent on one or more of said plurality of data records and wherein said characteristic profile is dynamically updated dependent on a further one or more of said plurality of data records.
5. The method as claimed in claim 1, further comprising:
assigning reference data identifiers to said reference data items; and
storing said reference data identifiers remotely to said translation table;
wherein said translation table further stores a mapping of said reference data items to said reference data identifiers.
6. The method as claimed in claim 1 wherein one of said data items in said data record comprises a marker, wherein said marker defines said reference record used to determine said deviation.
7. The method as claimed in claim 1 wherein said translation table is stored on a client machine, and said deviation identifiers are stored on a remote data server; and
wherein said data identifiers are stored on said remote data server and/or wherein said remote data server is located within a remote cloud computing platform.
8. The method as claimed in claim 1 further comprising encrypting one or more of said translation table and said deviation identifiers; and
wherein said storing comprises storing said encrypted one or more of said translation table and said deviation identifiers.
9. The method as claimed in claim 2 further comprising encrypting said data identifiers and
wherein said storing comprises storing said encrypted data identifiers.
10. The method as claimed in claim 8 further comprising applying one or more further layers of encryption, in particular
wherein one of said one or more further layers of encryption is a proprietary format.
11. The method as claimed in claim 1, wherein said data items in said data records are arranged into fields; and
said determining a deviation comprises determining a deviation of each of said data items relative to a data item in a corresponding field in said reference record.
12. The method as claimed in claim 2, wherein said second subset of data comprises data defining personal data and said subset of data comprises financial data linked to said personal data, and
wherein a said reference record comprises a common financial profile comprising pre-characterized financial data.
13. A computer-implemented method of decoding a database of personal data, wherein said database of personal data is anonymised, the database comprising a plurality of data records, each data record comprising a plurality of data items, the method comprising:
retrieving deviation identifiers for a subset of said data items in remote data record from remote storage, wherein said deviation identifiers define anonymised deviations for each of said data items in said data records relative to reference data items in a plurality of reference records, wherein one of said plurality of reference records is selected for each one of said data items or subset of data items dependent on a similarity of a said record to said data record to said reference records, wherein determining said similarity comprises:
categorizing said data items in said data records into a plurality of pools based on classification profiles defined by said reference records, wherein a data item similarity of data items in a said pool is above a threshold; and
comparing calculated perturbation profiles of one or more of said data items in a said pool with one or more of said reference data items of said reference records;
wherein each of said data items in said data records has a corresponding, said reference data item in a said selected reference record according to a said classification profile to determine a said deviation of a said data item relative to a said reference data item in a said selected reference record;
retrieving a translation table from storage, wherein said storage is distinct to said deviation identifiers, and wherein said translation table defines a mapping of said data items in said subset and said determined deviations with said deviation identifiers;
processing said deviation identifiers using said selected reference record and said translation table to decode said database of personal data;
wherein said processing comprises performing a reverse mapping of said deviation identifiers to deviations of each of said data items in said subset of data items and, using said selected reference record and said deviations, determining said data items in said subset of data items.
14. The method as claimed in claim 13 further comprising:
retrieving data identifiers for a second subset of said data items in said remote data record from said remote storage, said data identifiers defining anonymised data items in said remote data record;
wherein said translation table further defines a mapping of said data items in said second subset with said data identifiers;
wherein said storage of said translation table is distinct to said data identifiers;
wherein said processing further comprises processing said data identifiers and said translation table to decode said database of personal data; and
wherein said processing further comprises performing a reverse mapping of said data identifiers to said data items in said second subset of data items.
15. The method as claimed in claim 13, wherein said translation table further maps said reference data items to reference data identifiers;
the method further comprising:
retrieving said reference data identifiers from remote storage; and
processing said reference data identifiers using said translation table to perform a reverse mapping of said reference data identifiers to said reference data items for said reference record.
16. The method as claimed in claim 13 wherein one of said data items in said data record comprises a marker defining said selected reference record used to determine said anonymised deviation, and wherein said processing further comprises determining said selected reference record from said plurality of reference records by reading said marker.
17. The method as claimed in claim 13 wherein said processing comprises determining said selected reference record from said plurality of reference records based on a difference determined between said deviations in at least one of said data items in said subset and at least one of said reference data items in said plurality of reference records.
18. The method as claimed in claim 13, wherein said translation table is stored on a client machine and said deviation identifiers are stored on a remote data server.
19. The method as claimed in claim 14, wherein said data identifiers are stored on a remote data server; and
wherein said remote data server is located within a remote cloud computing platform and/or
wherein said translation table is stored remotely to said remote data server and downloaded to said client machine during said retrieving of said translation table from said storage.
20. The method as claimed in claim 13 wherein one or more of said translation table and said deviation identifiers are encrypted, and wherein said processing further comprises decrypting said one or more of said translation table and said deviation identifiers prior to decoding said database of personal data.
21. The method as claimed in claim 14 wherein said data identifiers are encrypted, and wherein said processing further comprises decrypting said data identifiers prior to decoding said database of personal data.
22. A database management system for decoding a subset of data items in data records from a distributed database, said database management system comprising a distributed storage system, wherein said distributed storage system comprises a memory which stores said distributed database,
the distributed database comprising:
a plurality of deviation identifiers storing anonymised references to deviations in a subset of data items in data records, wherein said deviation identifiers define anonymised deviations of said subset of data items relative to reference data items in a plurality of reference records;
the database management system further comprising a processor configured to select one of said plurality of reference records for each one of said data items or subset of data items dependent on a similarity of a said data record to said reference records, wherein said processor is further configured to determine said similarity, wherein said determination of said similarity comprises:
categorizing said data items in said data records into a plurality of pools based on classification profiles defined by said reference records, wherein a date item similarity of data items in a said pool is above a threshold;and
comparing calculated perturbation profiles of one or more of said data items in a said pool with one or more of said reference data items of said reference records,
and wherein each of said data items in said data records has a corresponding said reference data item in a said selected reference according to a said classification profile to determine a said deviation of a said data item relative to a said reference data item in a said selected reference record;
the database management system further comprising:
a data dictionary comprising a translation table storing mappings from said subset of data items and said determined deviations to said deviation identifiers;
a transaction engine to retrieve one or more of said plurality of deviation identifiers from remote storage, to retrieve said translation table, and to retrieve said selected reference record, wherein said storage of said deviation identifiers is distinct to said translation table;
a query engine to process said deviation identifiers using said selected reference record and said translation table to decode said distributed database and reconstitute said subset of data items in said data records,
wherein said decoding comprises performing a reverse mapping of said deviation identifiers to deviations of each of said data items in said subset of data items and, using said selected reference record and said deviations, determining said data items in said subset of data items.
23. The database management system as claimed in claim 22, further comprising a data marshaller to generate said reference records, wherein said generating comprises determining one or more reference data items defining a characteristic profile of data suitable for storing in said database; and
wherein said characteristic profile is determined from data items stored in said distributed database.
24. The database management system as claimed in claim 23, wherein said data marshaller is further operable to update said deviation identifiers in said distributed database and said data dictionary responsive to said generating of said reference records.
25. The database management system as claimed in claim 22, wherein one or more of said translation table and said deviation identifiers are encrypted, and
wherein said database management system further comprises an authorization engine to decrypt said one or more of said translation table and said deviation identifiers.
US13/302,561 2010-11-23 2011-11-22 Private information storage system Active 2033-08-23 US9202085B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/302,561 US9202085B2 (en) 2010-11-23 2011-11-22 Private information storage system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB1019825.7 2010-11-23
GB1019825.7A GB2485783A (en) 2010-11-23 2010-11-23 Method for anonymising personal information
US41764710P 2010-11-29 2010-11-29
US13/302,561 US9202085B2 (en) 2010-11-23 2011-11-22 Private information storage system

Publications (2)

Publication Number Publication Date
US20120131075A1 US20120131075A1 (en) 2012-05-24
US9202085B2 true US9202085B2 (en) 2015-12-01

Family

ID=43467156

Family Applications (1)

Application Number Title Priority Date Filing Date
US13/302,561 Active 2033-08-23 US9202085B2 (en) 2010-11-23 2011-11-22 Private information storage system

Country Status (2)

Country Link
US (1) US9202085B2 (en)
GB (1) GB2485783A (en)

Cited By (189)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9851966B1 (en) 2016-06-10 2017-12-26 OneTrust, LLC Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design
US9858439B1 (en) 2017-06-16 2018-01-02 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US9882935B2 (en) 2016-06-10 2018-01-30 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US9892443B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems for modifying privacy campaign data via electronic messaging systems
US9892477B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and methods for implementing audit schedules for privacy campaigns
US9892442B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US9892444B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US9898769B2 (en) 2016-04-01 2018-02-20 OneTrust, LLC Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications
US10013577B1 (en) 2017-06-16 2018-07-03 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US10019597B2 (en) 2016-06-10 2018-07-10 OneTrust, LLC Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design
US10026110B2 (en) 2016-04-01 2018-07-17 OneTrust, LLC Data processing systems and methods for generating personal data inventories for organizations and other entities
US10032172B2 (en) 2016-06-10 2018-07-24 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10102533B2 (en) 2016-06-10 2018-10-16 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10104103B1 (en) 2018-01-19 2018-10-16 OneTrust, LLC Data processing systems for tracking reputational risk via scanning and registry lookup
US10169609B1 (en) 2016-06-10 2019-01-01 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10176502B2 (en) 2016-04-01 2019-01-08 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US10176503B2 (en) 2016-04-01 2019-01-08 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10181019B2 (en) 2016-06-10 2019-01-15 OneTrust, LLC Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design
US10181051B2 (en) 2016-06-10 2019-01-15 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US10204154B2 (en) 2016-06-10 2019-02-12 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10235534B2 (en) 2016-06-10 2019-03-19 OneTrust, LLC Data processing systems for prioritizing data subject access requests for fulfillment and related methods
US10242228B2 (en) 2016-06-10 2019-03-26 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10275614B2 (en) 2016-06-10 2019-04-30 OneTrust, LLC Data processing systems for generating and populating a data inventory
US20190130129A1 (en) * 2017-10-26 2019-05-02 Sap Se K-Anonymity and L-Diversity Data Anonymization in an In-Memory Database
US10284604B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US10282692B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10282700B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10282559B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10289866B2 (en) 2016-06-10 2019-05-14 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10289870B2 (en) 2016-06-10 2019-05-14 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10289867B2 (en) 2014-07-27 2019-05-14 OneTrust, LLC Data processing systems for webform crawling to map processing activities and related methods
US10318761B2 (en) 2016-06-10 2019-06-11 OneTrust, LLC Data processing systems and methods for auditing data request compliance
US10346637B2 (en) 2016-06-10 2019-07-09 OneTrust, LLC Data processing systems for the identification and deletion of personal data in computer systems
US10346638B2 (en) 2016-06-10 2019-07-09 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US10353674B2 (en) 2016-06-10 2019-07-16 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10353673B2 (en) 2016-06-10 2019-07-16 OneTrust, LLC Data processing systems for integration of consumer feedback with data subject access requests and related methods
US10416966B2 (en) 2016-06-10 2019-09-17 OneTrust, LLC Data processing systems for identity validation of data subject access requests and related methods
US10423996B2 (en) 2016-04-01 2019-09-24 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US10430740B2 (en) 2016-06-10 2019-10-01 One Trust, LLC Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US10438017B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Data processing systems for processing data subject access requests
US10437412B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Consent receipt management systems and related methods
US10440062B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Consent receipt management systems and related methods
US10454973B2 (en) 2016-06-10 2019-10-22 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10452864B2 (en) 2016-06-10 2019-10-22 OneTrust, LLC Data processing systems for webform crawling to map processing activities and related methods
US10452866B2 (en) 2016-06-10 2019-10-22 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10467432B2 (en) 2016-06-10 2019-11-05 OneTrust, LLC Data processing systems for use in automatically generating, populating, and submitting data subject access requests
US10496846B1 (en) 2016-06-10 2019-12-03 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10496803B2 (en) 2016-06-10 2019-12-03 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10503926B2 (en) 2016-06-10 2019-12-10 OneTrust, LLC Consent receipt management systems and related methods
US10510031B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10509894B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10509920B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing systems for processing data subject access requests
US10565161B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for processing data subject access requests
US10565236B1 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10565397B1 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10572686B2 (en) 2016-06-10 2020-02-25 OneTrust, LLC Consent receipt management systems and related methods
US10581808B2 (en) 2017-03-23 2020-03-03 Microsoft Technology Licensing, Llc Keyed hash contact table
US10585968B2 (en) 2016-06-10 2020-03-10 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10586075B2 (en) 2016-06-10 2020-03-10 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US10592648B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Consent receipt management systems and related methods
US10592692B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Data processing systems for central consent repository and related methods
US10607028B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US10606916B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing user interface monitoring systems and related methods
US10614247B2 (en) 2016-06-10 2020-04-07 OneTrust, LLC Data processing systems for automated classification of personal information from documents and related methods
US10642870B2 (en) 2016-06-10 2020-05-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US10678945B2 (en) 2016-06-10 2020-06-09 OneTrust, LLC Consent receipt management systems and related methods
US10685140B2 (en) 2016-06-10 2020-06-16 OneTrust, LLC Consent receipt management systems and related methods
US10708305B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Automated data processing systems and methods for automatically processing requests for privacy-related information
US10706447B2 (en) 2016-04-01 2020-07-07 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US10706131B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10706379B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems for automatic preparation for remediation and related methods
US10706176B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data-processing consent refresh, re-prompt, and recapture systems and related methods
US10706174B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems for prioritizing data subject access requests for fulfillment and related methods
US10713387B2 (en) 2016-06-10 2020-07-14 OneTrust, LLC Consent conversion optimization systems and related methods
US10726158B2 (en) 2016-06-10 2020-07-28 OneTrust, LLC Consent receipt management and automated process blocking systems and related methods
US10740487B2 (en) 2016-06-10 2020-08-11 OneTrust, LLC Data processing systems and methods for populating and maintaining a centralized database of personal data
US10762236B2 (en) 2016-06-10 2020-09-01 OneTrust, LLC Data processing user interface monitoring systems and related methods
US10769301B2 (en) 2016-06-10 2020-09-08 OneTrust, LLC Data processing systems for webform crawling to map processing activities and related methods
US10776518B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Consent receipt management systems and related methods
US10776514B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Data processing systems for the identification and deletion of personal data in computer systems
US10776517B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US10783256B2 (en) 2016-06-10 2020-09-22 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US10798133B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10796260B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Privacy management systems and methods
US10803200B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US10803202B2 (en) 2018-09-07 2020-10-13 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US10839104B2 (en) 2018-06-08 2020-11-17 Microsoft Technology Licensing, Llc Obfuscating information related to personally identifiable information (PII)
US10839102B2 (en) 2016-06-10 2020-11-17 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US10848523B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10846433B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing consent management systems and related methods
US10853501B2 (en) 2016-06-10 2020-12-01 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10873606B2 (en) 2016-06-10 2020-12-22 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10878127B2 (en) 2016-06-10 2020-12-29 OneTrust, LLC Data subject access request processing systems and related methods
US10885225B2 (en) 2018-06-08 2021-01-05 Microsoft Technology Licensing, Llc Protecting personally identifiable information (PII) using tagging and persistence of PII
US10885485B2 (en) 2016-06-10 2021-01-05 OneTrust, LLC Privacy management systems and methods
US10896394B2 (en) 2016-06-10 2021-01-19 OneTrust, LLC Privacy management systems and methods
US10909488B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US10909265B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Application privacy scanning systems and related methods
US10944725B2 (en) 2016-06-10 2021-03-09 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US10949565B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10949170B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for integration of consumer feedback with data subject access requests and related methods
US10997315B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10997318B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US11004125B2 (en) 2016-04-01 2021-05-11 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US11023842B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11025675B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11038925B2 (en) 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11057356B2 (en) 2016-06-10 2021-07-06 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US11074367B2 (en) 2016-06-10 2021-07-27 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US11087260B2 (en) 2016-06-10 2021-08-10 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11100444B2 (en) 2016-06-10 2021-08-24 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11134086B2 (en) 2016-06-10 2021-09-28 OneTrust, LLC Consent conversion optimization systems and related methods
US11138299B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11138242B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11144622B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Privacy management systems and methods
US11146566B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11144675B2 (en) 2018-09-07 2021-10-12 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US11151233B2 (en) 2016-06-10 2021-10-19 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11157600B2 (en) 2016-06-10 2021-10-26 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11188615B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Data processing consent capture systems and related methods
US11188862B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Privacy management systems and methods
US11200341B2 (en) 2016-06-10 2021-12-14 OneTrust, LLC Consent receipt management systems and related methods
US11210420B2 (en) 2016-06-10 2021-12-28 OneTrust, LLC Data subject access request processing systems and related methods
US11222309B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11222142B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for validating authorization for personal data collection, storage, and processing
US11222139B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems and methods for automatic discovery and assessment of mobile software development kits
US11227247B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11228620B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11238390B2 (en) 2016-06-10 2022-02-01 OneTrust, LLC Privacy management systems and methods
US11244367B2 (en) 2016-04-01 2022-02-08 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US11277448B2 (en) 2016-06-10 2022-03-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
GB202201068D0 (en) 2022-01-27 2022-03-16 Anzen Tech Systems Limtied Secure distributed private data storage systems
US11295316B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US11294939B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11301796B2 (en) 2016-06-10 2022-04-12 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11328092B2 (en) 2016-06-10 2022-05-10 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US11336697B2 (en) 2016-06-10 2022-05-17 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11341447B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Privacy management systems and methods
US11343284B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11354435B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US11354434B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11366786B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing systems for processing data subject access requests
US11366909B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11392720B2 (en) 2016-06-10 2022-07-19 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11397819B2 (en) 2020-11-06 2022-07-26 OneTrust, LLC Systems and methods for identifying data processing activities based on data discovery results
US11403377B2 (en) 2016-06-10 2022-08-02 OneTrust, LLC Privacy management systems and methods
US11410106B2 (en) 2016-06-10 2022-08-09 OneTrust, LLC Privacy management systems and methods
US11416798B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11416109B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US11418492B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US11416589B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11416590B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11438386B2 (en) 2016-06-10 2022-09-06 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11436373B2 (en) 2020-09-15 2022-09-06 OneTrust, LLC Data processing systems and methods for detecting tools for the automatic blocking of consent requests
US11442906B2 (en) 2021-02-04 2022-09-13 OneTrust, LLC Managing custom attributes for domain objects defined within microservices
US11444976B2 (en) 2020-07-28 2022-09-13 OneTrust, LLC Systems and methods for automatically blocking the use of tracking tools
US11461500B2 (en) 2016-06-10 2022-10-04 OneTrust, LLC Data processing systems for cookie compliance testing with website scanning and related methods
US11475165B2 (en) 2020-08-06 2022-10-18 OneTrust, LLC Data processing systems and methods for automatically redacting unstructured data from a data subject access request
US11475136B2 (en) 2016-06-10 2022-10-18 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US11481710B2 (en) 2016-06-10 2022-10-25 OneTrust, LLC Privacy management systems and methods
US11494515B2 (en) 2021-02-08 2022-11-08 OneTrust, LLC Data processing systems and methods for anonymizing data samples in classification analysis
US11520928B2 (en) 2016-06-10 2022-12-06 OneTrust, LLC Data processing systems for generating personal data receipts and related methods
US11526624B2 (en) 2020-09-21 2022-12-13 OneTrust, LLC Data processing systems and methods for automatically detecting target data transfers and target data processing
US11533315B2 (en) 2021-03-08 2022-12-20 OneTrust, LLC Data transfer discovery and analysis systems and related methods
US11546661B2 (en) 2021-02-18 2023-01-03 OneTrust, LLC Selective redaction of media content
US11544667B2 (en) 2016-06-10 2023-01-03 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11544409B2 (en) 2018-09-07 2023-01-03 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US11562078B2 (en) 2021-04-16 2023-01-24 OneTrust, LLC Assessing and managing computational risk involved with integrating third party computing functionality within a computing system
US11562097B2 (en) 2016-06-10 2023-01-24 OneTrust, LLC Data processing systems for central consent repository and related methods
US11586700B2 (en) 2016-06-10 2023-02-21 OneTrust, LLC Data processing systems and methods for automatically blocking the use of tracking tools
US11601464B2 (en) 2021-02-10 2023-03-07 OneTrust, LLC Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system
US11620142B1 (en) 2022-06-03 2023-04-04 OneTrust, LLC Generating and customizing user interfaces for demonstrating functions of interactive user environments
US11625502B2 (en) 2016-06-10 2023-04-11 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US11636171B2 (en) 2016-06-10 2023-04-25 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11651402B2 (en) 2016-04-01 2023-05-16 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of risk assessments
US11651106B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11651104B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Consent receipt management systems and related methods
US11675929B2 (en) 2016-06-10 2023-06-13 OneTrust, LLC Data processing consent sharing systems and related methods
US11687528B2 (en) 2021-01-25 2023-06-27 OneTrust, LLC Systems and methods for discovery, classification, and indexing of data in a native computing system
US11727141B2 (en) 2016-06-10 2023-08-15 OneTrust, LLC Data processing systems and methods for synching privacy-related user consent across multiple computing devices
US11775348B2 (en) 2021-02-17 2023-10-03 OneTrust, LLC Managing custom workflows for domain objects defined within microservices
US11797528B2 (en) 2020-07-08 2023-10-24 OneTrust, LLC Systems and methods for targeted data discovery
US12045266B2 (en) 2016-06-10 2024-07-23 OneTrust, LLC Data processing systems for generating and populating a data inventory
US12052289B2 (en) 2016-06-10 2024-07-30 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US12118121B2 (en) 2016-06-10 2024-10-15 OneTrust, LLC Data subject access request processing systems and related methods
US12136055B2 (en) 2016-06-10 2024-11-05 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US12153704B2 (en) 2021-08-05 2024-11-26 OneTrust, LLC Computing platform for facilitating data exchange among computing environments
US12265896B2 (en) 2020-10-05 2025-04-01 OneTrust, LLC Systems and methods for detecting prejudice bias in machine-learning models
US12277232B2 (en) 2024-01-24 2025-04-15 OneTrust, LLC Systems and methods for identifying data processing activities based on data discovery results

Families Citing this family (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9154942B2 (en) * 2008-11-26 2015-10-06 Free Stream Media Corp. Zero configuration communication between a browser and a networked media device
US8930896B1 (en) 2010-07-23 2015-01-06 Amazon Technologies, Inc. Data anonymity and separation for user computation
US9361479B2 (en) 2011-04-29 2016-06-07 Stephen Lesavich Method and system for electronic content storage and retrieval using Galois fields and geometric shapes on cloud computing networks
US9037564B2 (en) 2011-04-29 2015-05-19 Stephen Lesavich Method and system for electronic content storage and retrieval with galois fields on cloud computing networks
US9569771B2 (en) 2011-04-29 2017-02-14 Stephen Lesavich Method and system for storage and retrieval of blockchain blocks using galois fields
US9137250B2 (en) 2011-04-29 2015-09-15 Stephen Lesavich Method and system for electronic content storage and retrieval using galois fields and information entropy on cloud computing networks
GB201112665D0 (en) * 2011-07-22 2011-09-07 Vodafone Ip Licensing Ltd Data anonymisation
US9087212B2 (en) * 2012-01-25 2015-07-21 Massachusetts Institute Of Technology Methods and apparatus for securing a database
JP5895782B2 (en) * 2012-09-14 2016-03-30 富士通株式会社 COMMUNICATION SYSTEM, COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM
WO2014080297A2 (en) * 2012-11-12 2014-05-30 EPI-USE Systems, Ltd. Secure data copying
US10025840B2 (en) * 2012-12-10 2018-07-17 Koninklijke Philips N.V. Method and system for making multisite performance measure anonymous and for controlling actions and re-identification of anonymous data
US9159028B2 (en) 2013-01-11 2015-10-13 International Business Machines Corporation Computing regression models
US20140280513A1 (en) * 2013-03-13 2014-09-18 Deja.io, Inc. Pro-buffering proxy for seamless media object navigation
CN104065623B (en) 2013-03-21 2018-01-23 华为终端(东莞)有限公司 Information processing method, trust server and Cloud Server
WO2015073349A1 (en) * 2013-11-14 2015-05-21 3M Innovative Properties Company Systems and methods for obfuscating data using dictionary
EP3069287A4 (en) * 2013-11-14 2017-05-17 3M Innovative Properties Company Obfuscating data using obfuscation table
US9230132B2 (en) 2013-12-18 2016-01-05 International Business Machines Corporation Anonymization for data having a relational part and sequential part
US9607171B2 (en) 2014-11-10 2017-03-28 International Business Machines Corporation Preventing sharing of sensitive information through code repositories
WO2016122513A1 (en) * 2015-01-29 2016-08-04 Hewlett Packard Enterprise Development Lp Data analytics on encrypted data elements
CN108351945A (en) * 2015-10-16 2018-07-31 德国电信股份有限公司 method and system for protecting confidential electronic data
US10412168B2 (en) * 2016-02-17 2019-09-10 Latticework, Inc. Implementing a storage system using a personal user device and a data distribution device
US20200014727A1 (en) * 2016-06-10 2020-01-09 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
JP6780428B2 (en) * 2016-10-06 2020-11-04 富士通株式会社 Coding program, coding method, coding device, decoding program, decoding method and decoding device
US11314713B2 (en) 2018-06-22 2022-04-26 Rubrik, Inc. Data discovery in relational databases
US11144938B2 (en) 2018-08-08 2021-10-12 Adp, Llc Method and system for predictive modeling of consumer profiles
CN110210246B (en) * 2019-05-31 2022-01-07 创新先进技术有限公司 Personal data service method and system based on safety calculation
US11120160B2 (en) * 2019-05-31 2021-09-14 Advanced New Technologies Co., Ltd. Distributed personal data storage and encrypted personal data service based on secure computation
US11404167B2 (en) 2019-09-25 2022-08-02 Brilliance Center Bv System for anonymously tracking and/or analysing health in a population of subjects
WO2021059032A1 (en) 2019-09-25 2021-04-01 Brilliance Center B.V. Methods and systems for anonymously tracking and/or analysing individual subjects and/or objects
GB2604246A (en) * 2019-09-25 2022-08-31 Brilliance Center B V Methods and systems for anonymously tracking and/or analysing web and/or internet visitors
GB2603368B (en) 2019-10-04 2023-08-23 Indivd Ab Methods and systems for anonymously tracking and/or analysing individuals based on biometric data
US11301464B2 (en) * 2020-01-14 2022-04-12 Videoamp, Inc. Electronic multi-tenant data management system
AU2021201071B2 (en) 2020-02-19 2022-04-28 Harrison-Ai Pty Ltd Method and system for automated text anonymisation
AU2022399453A1 (en) 2021-12-01 2024-05-16 Videoamp, Inc. Symmetric data clean room
CN114968989B (en) * 2021-12-31 2025-02-07 华能信息技术有限公司 A data exchange method
WO2024123204A1 (en) * 2022-12-09 2024-06-13 Публичное Акционерное Общество "Сбербанк России" Method and system for anonymizing confidential data

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6397224B1 (en) * 1999-12-10 2002-05-28 Gordon W. Romney Anonymously linking a plurality of data records
US20060059189A1 (en) 2004-09-15 2006-03-16 Peter Dunki Generation of updatable anonymized data records for testing and developing purposes
US20060080554A1 (en) 2004-10-09 2006-04-13 Microsoft Corporation Strategies for sanitizing data items
EP1688860A1 (en) 2005-02-07 2006-08-09 Microsoft Corporation Method and system for obfuscating data structures by deterministic natural data substitution
US20070027807A1 (en) * 2005-07-29 2007-02-01 Alexandre Bronstein Protecting against fraud by impersonation
EP1909211A1 (en) 2005-07-22 2008-04-09 Sophia Co., Ltd. Data management device, data management method, data processing method, and program
US20080229394A1 (en) * 2006-07-10 2008-09-18 Sci Group Method and System For Securely Protecting Data During Software Application Usage
US7587368B2 (en) * 2000-07-06 2009-09-08 David Paul Felsher Information record infrastructure, system and method
US20110010563A1 (en) * 2009-07-13 2011-01-13 Kindsight, Inc. Method and apparatus for anonymous data processing
US7974942B2 (en) * 2006-09-08 2011-07-05 Camouflage Software Inc. Data masking system and method
US20110307486A1 (en) * 2010-06-15 2011-12-15 International Business Machines Corporation Managing Sensitive Data in Cloud Computing Environments
US8478765B2 (en) * 2008-12-29 2013-07-02 Plutopian Corporation Method and system for compiling a multi-source database of composite investor-specific data records with no disclosure of investor identity

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6397224B1 (en) * 1999-12-10 2002-05-28 Gordon W. Romney Anonymously linking a plurality of data records
US7587368B2 (en) * 2000-07-06 2009-09-08 David Paul Felsher Information record infrastructure, system and method
US20060059189A1 (en) 2004-09-15 2006-03-16 Peter Dunki Generation of updatable anonymized data records for testing and developing purposes
EP1637955A1 (en) 2004-09-15 2006-03-22 Ubs Ag Generation of anonymized data sets for testing and developping applications
US20060080554A1 (en) 2004-10-09 2006-04-13 Microsoft Corporation Strategies for sanitizing data items
EP1688860A1 (en) 2005-02-07 2006-08-09 Microsoft Corporation Method and system for obfuscating data structures by deterministic natural data substitution
EP1909211A1 (en) 2005-07-22 2008-04-09 Sophia Co., Ltd. Data management device, data management method, data processing method, and program
US20070027807A1 (en) * 2005-07-29 2007-02-01 Alexandre Bronstein Protecting against fraud by impersonation
US20080229394A1 (en) * 2006-07-10 2008-09-18 Sci Group Method and System For Securely Protecting Data During Software Application Usage
US7974942B2 (en) * 2006-09-08 2011-07-05 Camouflage Software Inc. Data masking system and method
US8478765B2 (en) * 2008-12-29 2013-07-02 Plutopian Corporation Method and system for compiling a multi-source database of composite investor-specific data records with no disclosure of investor identity
US20110010563A1 (en) * 2009-07-13 2011-01-13 Kindsight, Inc. Method and apparatus for anonymous data processing
US20110307486A1 (en) * 2010-06-15 2011-12-15 International Business Machines Corporation Managing Sensitive Data in Cloud Computing Environments

Cited By (318)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10289867B2 (en) 2014-07-27 2019-05-14 OneTrust, LLC Data processing systems for webform crawling to map processing activities and related methods
US9892442B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10026110B2 (en) 2016-04-01 2018-07-17 OneTrust, LLC Data processing systems and methods for generating personal data inventories for organizations and other entities
US9892443B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems for modifying privacy campaign data via electronic messaging systems
US10956952B2 (en) 2016-04-01 2021-03-23 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US10176502B2 (en) 2016-04-01 2019-01-08 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US9892444B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US9892441B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns
US9898769B2 (en) 2016-04-01 2018-02-20 OneTrust, LLC Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications
US11244367B2 (en) 2016-04-01 2022-02-08 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US11004125B2 (en) 2016-04-01 2021-05-11 OneTrust, LLC Data processing systems and methods for integrating privacy information management systems with data loss prevention tools or other tools for privacy design
US9892477B2 (en) 2016-04-01 2018-02-13 OneTrust, LLC Data processing systems and methods for implementing audit schedules for privacy campaigns
US10853859B2 (en) 2016-04-01 2020-12-01 OneTrust, LLC Data processing systems and methods for operationalizing privacy compliance and assessing the risk of various respective privacy campaigns
US10706447B2 (en) 2016-04-01 2020-07-07 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US10423996B2 (en) 2016-04-01 2019-09-24 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US11651402B2 (en) 2016-04-01 2023-05-16 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of risk assessments
US10176503B2 (en) 2016-04-01 2019-01-08 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10169789B2 (en) 2016-04-01 2019-01-01 OneTrust, LLC Data processing systems for modifying privacy campaign data via electronic messaging systems
US10169788B2 (en) 2016-04-01 2019-01-01 OneTrust, LLC Data processing systems and communication systems and methods for the efficient generation of privacy risk assessments
US10169790B2 (en) 2016-04-01 2019-01-01 OneTrust, LLC Data processing systems and methods for operationalizing privacy compliance via integrated mobile applications
US11023842B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US10754981B2 (en) 2016-06-10 2020-08-25 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10165011B2 (en) 2016-06-10 2018-12-25 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10181019B2 (en) 2016-06-10 2019-01-15 OneTrust, LLC Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design
US10181051B2 (en) 2016-06-10 2019-01-15 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US10204154B2 (en) 2016-06-10 2019-02-12 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10235534B2 (en) 2016-06-10 2019-03-19 OneTrust, LLC Data processing systems for prioritizing data subject access requests for fulfillment and related methods
US10242228B2 (en) 2016-06-10 2019-03-26 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10275614B2 (en) 2016-06-10 2019-04-30 OneTrust, LLC Data processing systems for generating and populating a data inventory
US12216794B2 (en) 2016-06-10 2025-02-04 OneTrust, LLC Data processing systems and methods for synching privacy-related user consent across multiple computing devices
US10284604B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US10282692B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10282700B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10282559B2 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10282370B1 (en) 2016-06-10 2019-05-07 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10289866B2 (en) 2016-06-10 2019-05-14 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10289870B2 (en) 2016-06-10 2019-05-14 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10158676B2 (en) 2016-06-10 2018-12-18 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10318761B2 (en) 2016-06-10 2019-06-11 OneTrust, LLC Data processing systems and methods for auditing data request compliance
US10348775B2 (en) 2016-06-10 2019-07-09 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10346598B2 (en) 2016-06-10 2019-07-09 OneTrust, LLC Data processing systems for monitoring user system inputs and related methods
US10346637B2 (en) 2016-06-10 2019-07-09 OneTrust, LLC Data processing systems for the identification and deletion of personal data in computer systems
US10346638B2 (en) 2016-06-10 2019-07-09 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US10353674B2 (en) 2016-06-10 2019-07-16 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10353673B2 (en) 2016-06-10 2019-07-16 OneTrust, LLC Data processing systems for integration of consumer feedback with data subject access requests and related methods
US10354089B2 (en) 2016-06-10 2019-07-16 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10417450B2 (en) 2016-06-10 2019-09-17 OneTrust, LLC Data processing systems for prioritizing data subject access requests for fulfillment and related methods
US10416966B2 (en) 2016-06-10 2019-09-17 OneTrust, LLC Data processing systems for identity validation of data subject access requests and related methods
US10419493B2 (en) 2016-06-10 2019-09-17 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US12204564B2 (en) 2016-06-10 2025-01-21 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US10430740B2 (en) 2016-06-10 2019-10-01 One Trust, LLC Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US10438017B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Data processing systems for processing data subject access requests
US10438016B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10438020B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US10437860B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10437412B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Consent receipt management systems and related methods
US10440062B2 (en) 2016-06-10 2019-10-08 OneTrust, LLC Consent receipt management systems and related methods
US10445526B2 (en) 2016-06-10 2019-10-15 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10454973B2 (en) 2016-06-10 2019-10-22 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10452864B2 (en) 2016-06-10 2019-10-22 OneTrust, LLC Data processing systems for webform crawling to map processing activities and related methods
US10452866B2 (en) 2016-06-10 2019-10-22 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10467432B2 (en) 2016-06-10 2019-11-05 OneTrust, LLC Data processing systems for use in automatically generating, populating, and submitting data subject access requests
US10496846B1 (en) 2016-06-10 2019-12-03 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10496803B2 (en) 2016-06-10 2019-12-03 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10498770B2 (en) 2016-06-10 2019-12-03 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10503926B2 (en) 2016-06-10 2019-12-10 OneTrust, LLC Consent receipt management systems and related methods
US10510031B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10509894B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10509920B2 (en) 2016-06-10 2019-12-17 OneTrust, LLC Data processing systems for processing data subject access requests
US10558821B2 (en) 2016-06-10 2020-02-11 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10565161B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for processing data subject access requests
US10567439B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US10564936B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for identity validation of data subject access requests and related methods
US12190330B2 (en) 2016-06-10 2025-01-07 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US10565236B1 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10564935B2 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for integration of consumer feedback with data subject access requests and related methods
US10565397B1 (en) 2016-06-10 2020-02-18 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10572686B2 (en) 2016-06-10 2020-02-25 OneTrust, LLC Consent receipt management systems and related methods
US10574705B2 (en) 2016-06-10 2020-02-25 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US12164667B2 (en) 2016-06-10 2024-12-10 OneTrust, LLC Application privacy scanning systems and related methods
US10586072B2 (en) 2016-06-10 2020-03-10 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10585968B2 (en) 2016-06-10 2020-03-10 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10586075B2 (en) 2016-06-10 2020-03-10 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US10594740B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10592648B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Consent receipt management systems and related methods
US10592692B2 (en) 2016-06-10 2020-03-17 OneTrust, LLC Data processing systems for central consent repository and related methods
US10599870B2 (en) 2016-06-10 2020-03-24 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US11062051B2 (en) 2016-06-10 2021-07-13 OneTrust, LLC Consent receipt management systems and related methods
US10606916B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing user interface monitoring systems and related methods
US10614247B2 (en) 2016-06-10 2020-04-07 OneTrust, LLC Data processing systems for automated classification of personal information from documents and related methods
US10614246B2 (en) 2016-06-10 2020-04-07 OneTrust, LLC Data processing systems and methods for auditing data request compliance
US10642870B2 (en) 2016-06-10 2020-05-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US10678945B2 (en) 2016-06-10 2020-06-09 OneTrust, LLC Consent receipt management systems and related methods
US10685140B2 (en) 2016-06-10 2020-06-16 OneTrust, LLC Consent receipt management systems and related methods
US10692033B2 (en) 2016-06-10 2020-06-23 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10708305B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Automated data processing systems and methods for automatically processing requests for privacy-related information
US10705801B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems for identity validation of data subject access requests and related methods
US10102533B2 (en) 2016-06-10 2018-10-16 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10706131B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems and methods for efficiently assessing the risk of privacy campaigns
US10706379B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems for automatic preparation for remediation and related methods
US10706176B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data-processing consent refresh, re-prompt, and recapture systems and related methods
US10706174B2 (en) 2016-06-10 2020-07-07 OneTrust, LLC Data processing systems for prioritizing data subject access requests for fulfillment and related methods
US10713387B2 (en) 2016-06-10 2020-07-14 OneTrust, LLC Consent conversion optimization systems and related methods
US10726158B2 (en) 2016-06-10 2020-07-28 OneTrust, LLC Consent receipt management and automated process blocking systems and related methods
US11070593B2 (en) 2016-06-10 2021-07-20 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11068618B2 (en) 2016-06-10 2021-07-20 OneTrust, LLC Data processing systems for central consent repository and related methods
US10762236B2 (en) 2016-06-10 2020-09-01 OneTrust, LLC Data processing user interface monitoring systems and related methods
US10769301B2 (en) 2016-06-10 2020-09-08 OneTrust, LLC Data processing systems for webform crawling to map processing activities and related methods
US10769302B2 (en) 2016-06-10 2020-09-08 OneTrust, LLC Consent receipt management systems and related methods
US10769303B2 (en) 2016-06-10 2020-09-08 OneTrust, LLC Data processing systems for central consent repository and related methods
US10776515B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10776518B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Consent receipt management systems and related methods
US10776514B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Data processing systems for the identification and deletion of personal data in computer systems
US10776517B2 (en) 2016-06-10 2020-09-15 OneTrust, LLC Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US10783256B2 (en) 2016-06-10 2020-09-22 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US10791150B2 (en) 2016-06-10 2020-09-29 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US10796020B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Consent receipt management systems and related methods
US10798133B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10796260B2 (en) 2016-06-10 2020-10-06 OneTrust, LLC Privacy management systems and methods
US10803199B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing and communications systems and methods for the efficient implementation of privacy by design
US10803200B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US10803097B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10803198B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems for use in automatically generating, populating, and submitting data subject access requests
US12158975B2 (en) 2016-06-10 2024-12-03 OneTrust, LLC Data processing consent sharing systems and related methods
US10805354B2 (en) 2016-06-10 2020-10-13 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US12147578B2 (en) 2016-06-10 2024-11-19 OneTrust, LLC Consent receipt management systems and related methods
US10839102B2 (en) 2016-06-10 2020-11-17 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US10848523B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10846433B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing consent management systems and related methods
US10846261B2 (en) 2016-06-10 2020-11-24 OneTrust, LLC Data processing systems for processing data subject access requests
US10853501B2 (en) 2016-06-10 2020-12-01 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US10032172B2 (en) 2016-06-10 2018-07-24 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10867007B2 (en) 2016-06-10 2020-12-15 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10867072B2 (en) 2016-06-10 2020-12-15 OneTrust, LLC Data processing systems for measuring privacy maturity within an organization
US10873606B2 (en) 2016-06-10 2020-12-22 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US10878127B2 (en) 2016-06-10 2020-12-29 OneTrust, LLC Data subject access request processing systems and related methods
US12136055B2 (en) 2016-06-10 2024-11-05 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US10885485B2 (en) 2016-06-10 2021-01-05 OneTrust, LLC Privacy management systems and methods
US10896394B2 (en) 2016-06-10 2021-01-19 OneTrust, LLC Privacy management systems and methods
US10909488B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US10909265B2 (en) 2016-06-10 2021-02-02 OneTrust, LLC Application privacy scanning systems and related methods
US10929559B2 (en) 2016-06-10 2021-02-23 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US10944725B2 (en) 2016-06-10 2021-03-09 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US10949565B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10949170B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for integration of consumer feedback with data subject access requests and related methods
US10949567B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10949544B2 (en) 2016-06-10 2021-03-16 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US10019597B2 (en) 2016-06-10 2018-07-10 OneTrust, LLC Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design
US12118121B2 (en) 2016-06-10 2024-10-15 OneTrust, LLC Data subject access request processing systems and related methods
US10972509B2 (en) 2016-06-10 2021-04-06 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US10970371B2 (en) 2016-06-10 2021-04-06 OneTrust, LLC Consent receipt management systems and related methods
US10970675B2 (en) 2016-06-10 2021-04-06 OneTrust, LLC Data processing systems for generating and populating a data inventory
US10984132B2 (en) 2016-06-10 2021-04-20 OneTrust, LLC Data processing systems and methods for populating and maintaining a centralized database of personal data
US10997315B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10997542B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Privacy management systems and methods
US10997318B2 (en) 2016-06-10 2021-05-04 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US12086748B2 (en) 2016-06-10 2024-09-10 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US11023616B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US9851966B1 (en) 2016-06-10 2017-12-26 OneTrust, LLC Data processing systems and communications systems and methods for integrating privacy compliance systems with software development and agile tools for privacy design
US11025675B2 (en) 2016-06-10 2021-06-01 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11030274B2 (en) 2016-06-10 2021-06-08 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11030327B2 (en) 2016-06-10 2021-06-08 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11030563B2 (en) 2016-06-10 2021-06-08 OneTrust, LLC Privacy management systems and methods
US11038925B2 (en) 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11036674B2 (en) 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for processing data subject access requests
US11036882B2 (en) 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US11036771B2 (en) 2016-06-10 2021-06-15 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11057356B2 (en) 2016-06-10 2021-07-06 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US10607028B2 (en) 2016-06-10 2020-03-31 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US10169609B1 (en) 2016-06-10 2019-01-01 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US10740487B2 (en) 2016-06-10 2020-08-11 OneTrust, LLC Data processing systems and methods for populating and maintaining a centralized database of personal data
US11074367B2 (en) 2016-06-10 2021-07-27 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US11087260B2 (en) 2016-06-10 2021-08-10 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11100444B2 (en) 2016-06-10 2021-08-24 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11100445B2 (en) 2016-06-10 2021-08-24 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US11113416B2 (en) 2016-06-10 2021-09-07 OneTrust, LLC Application privacy scanning systems and related methods
US11120161B2 (en) 2016-06-10 2021-09-14 OneTrust, LLC Data subject access request processing systems and related methods
US11122011B2 (en) 2016-06-10 2021-09-14 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US11120162B2 (en) 2016-06-10 2021-09-14 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US11126748B2 (en) 2016-06-10 2021-09-21 OneTrust, LLC Data processing consent management systems and related methods
US11134086B2 (en) 2016-06-10 2021-09-28 OneTrust, LLC Consent conversion optimization systems and related methods
US11138299B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11138318B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US11138336B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11138242B2 (en) 2016-06-10 2021-10-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11144622B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Privacy management systems and methods
US11144670B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US11146566B2 (en) 2016-06-10 2021-10-12 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US12052289B2 (en) 2016-06-10 2024-07-30 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11151233B2 (en) 2016-06-10 2021-10-19 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US12045266B2 (en) 2016-06-10 2024-07-23 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11157600B2 (en) 2016-06-10 2021-10-26 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11182501B2 (en) 2016-06-10 2021-11-23 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11188615B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Data processing consent capture systems and related methods
US11188862B2 (en) 2016-06-10 2021-11-30 OneTrust, LLC Privacy management systems and methods
US11195134B2 (en) 2016-06-10 2021-12-07 OneTrust, LLC Privacy management systems and methods
US11200341B2 (en) 2016-06-10 2021-12-14 OneTrust, LLC Consent receipt management systems and related methods
US11210420B2 (en) 2016-06-10 2021-12-28 OneTrust, LLC Data subject access request processing systems and related methods
US11222309B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11222142B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems for validating authorization for personal data collection, storage, and processing
US11222139B2 (en) 2016-06-10 2022-01-11 OneTrust, LLC Data processing systems and methods for automatic discovery and assessment of mobile software development kits
US11227247B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11228620B2 (en) 2016-06-10 2022-01-18 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11240273B2 (en) 2016-06-10 2022-02-01 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US11238390B2 (en) 2016-06-10 2022-02-01 OneTrust, LLC Privacy management systems and methods
US11244072B2 (en) 2016-06-10 2022-02-08 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US9882935B2 (en) 2016-06-10 2018-01-30 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11244071B2 (en) 2016-06-10 2022-02-08 OneTrust, LLC Data processing systems for use in automatically generating, populating, and submitting data subject access requests
US11256777B2 (en) 2016-06-10 2022-02-22 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11277448B2 (en) 2016-06-10 2022-03-15 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US12026651B2 (en) 2016-06-10 2024-07-02 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11295316B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems for identity validation for consumer rights requests and related methods
US11294939B2 (en) 2016-06-10 2022-04-05 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US11301796B2 (en) 2016-06-10 2022-04-12 OneTrust, LLC Data processing systems and methods for customizing privacy training
US11301589B2 (en) 2016-06-10 2022-04-12 OneTrust, LLC Consent receipt management systems and related methods
US11308435B2 (en) 2016-06-10 2022-04-19 OneTrust, LLC Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques
US11328092B2 (en) 2016-06-10 2022-05-10 OneTrust, LLC Data processing systems for processing and managing data subject access in a distributed environment
US11328240B2 (en) 2016-06-10 2022-05-10 OneTrust, LLC Data processing systems for assessing readiness for responding to privacy-related incidents
US11334681B2 (en) 2016-06-10 2022-05-17 OneTrust, LLC Application privacy scanning systems and related meihods
US11336697B2 (en) 2016-06-10 2022-05-17 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11334682B2 (en) 2016-06-10 2022-05-17 OneTrust, LLC Data subject access request processing systems and related methods
US11341447B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Privacy management systems and methods
US11343284B2 (en) 2016-06-10 2022-05-24 OneTrust, LLC Data processing systems and methods for performing privacy assessments and monitoring of new versions of computer code for privacy compliance
US11347889B2 (en) 2016-06-10 2022-05-31 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11354435B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US11354434B2 (en) 2016-06-10 2022-06-07 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11361057B2 (en) 2016-06-10 2022-06-14 OneTrust, LLC Consent receipt management systems and related methods
US11366786B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing systems for processing data subject access requests
US11366909B2 (en) 2016-06-10 2022-06-21 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11960564B2 (en) 2016-06-10 2024-04-16 OneTrust, LLC Data processing systems and methods for automatically blocking the use of tracking tools
US11392720B2 (en) 2016-06-10 2022-07-19 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11921894B2 (en) 2016-06-10 2024-03-05 OneTrust, LLC Data processing systems for generating and populating a data inventory for processing data access requests
US11403377B2 (en) 2016-06-10 2022-08-02 OneTrust, LLC Privacy management systems and methods
US11409908B2 (en) 2016-06-10 2022-08-09 OneTrust, LLC Data processing systems and methods for populating and maintaining a centralized database of personal data
US11410106B2 (en) 2016-06-10 2022-08-09 OneTrust, LLC Privacy management systems and methods
US11416634B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Consent receipt management systems and related methods
US11416576B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing consent capture systems and related methods
US11418516B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Consent conversion optimization systems and related methods
US11416798B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for providing training in a vendor procurement process
US11416109B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Automated data processing systems and methods for automatically processing data subject access requests using a chatbot
US11416636B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing consent management systems and related methods
US11418492B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing systems and methods for using a data model to select a target data asset in a data migration
US11416589B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11416590B2 (en) 2016-06-10 2022-08-16 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11438386B2 (en) 2016-06-10 2022-09-06 OneTrust, LLC Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US11868507B2 (en) 2016-06-10 2024-01-09 OneTrust, LLC Data processing systems for cookie compliance testing with website scanning and related methods
US11847182B2 (en) 2016-06-10 2023-12-19 OneTrust, LLC Data processing consent capture systems and related methods
US11727141B2 (en) 2016-06-10 2023-08-15 OneTrust, LLC Data processing systems and methods for synching privacy-related user consent across multiple computing devices
US11449633B2 (en) 2016-06-10 2022-09-20 OneTrust, LLC Data processing systems and methods for automatic discovery and assessment of mobile software development kits
US11461500B2 (en) 2016-06-10 2022-10-04 OneTrust, LLC Data processing systems for cookie compliance testing with website scanning and related methods
US11461722B2 (en) 2016-06-10 2022-10-04 OneTrust, LLC Questionnaire response automation for compliance management
US11468196B2 (en) 2016-06-10 2022-10-11 OneTrust, LLC Data processing systems for validating authorization for personal data collection, storage, and processing
US11468386B2 (en) 2016-06-10 2022-10-11 OneTrust, LLC Data processing systems and methods for bundled privacy policies
US11675929B2 (en) 2016-06-10 2023-06-13 OneTrust, LLC Data processing consent sharing systems and related methods
US11475136B2 (en) 2016-06-10 2022-10-18 OneTrust, LLC Data processing systems for data transfer risk identification and related methods
US11481710B2 (en) 2016-06-10 2022-10-25 OneTrust, LLC Privacy management systems and methods
US11488085B2 (en) 2016-06-10 2022-11-01 OneTrust, LLC Questionnaire response automation for compliance management
US11651104B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Consent receipt management systems and related methods
US11520928B2 (en) 2016-06-10 2022-12-06 OneTrust, LLC Data processing systems for generating personal data receipts and related methods
US11651106B2 (en) 2016-06-10 2023-05-16 OneTrust, LLC Data processing systems for fulfilling data subject access requests and related methods
US11645353B2 (en) 2016-06-10 2023-05-09 OneTrust, LLC Data processing consent capture systems and related methods
US11544405B2 (en) 2016-06-10 2023-01-03 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11645418B2 (en) 2016-06-10 2023-05-09 OneTrust, LLC Data processing systems for data testing to confirm data deletion and related methods
US11544667B2 (en) 2016-06-10 2023-01-03 OneTrust, LLC Data processing systems for generating and populating a data inventory
US11636171B2 (en) 2016-06-10 2023-04-25 OneTrust, LLC Data processing user interface monitoring systems and related methods
US11551174B2 (en) 2016-06-10 2023-01-10 OneTrust, LLC Privacy management systems and methods
US11550897B2 (en) 2016-06-10 2023-01-10 OneTrust, LLC Data processing and scanning systems for assessing vendor risk
US11556672B2 (en) 2016-06-10 2023-01-17 OneTrust, LLC Data processing systems for verification of consent and notice processing and related methods
US11558429B2 (en) 2016-06-10 2023-01-17 OneTrust, LLC Data processing and scanning systems for generating and populating a data inventory
US11625502B2 (en) 2016-06-10 2023-04-11 OneTrust, LLC Data processing systems for identifying and modifying processes that are subject to data subject access requests
US11562097B2 (en) 2016-06-10 2023-01-24 OneTrust, LLC Data processing systems for central consent repository and related methods
US11586700B2 (en) 2016-06-10 2023-02-21 OneTrust, LLC Data processing systems and methods for automatically blocking the use of tracking tools
US11586762B2 (en) 2016-06-10 2023-02-21 OneTrust, LLC Data processing systems and methods for auditing data request compliance
US11609939B2 (en) 2016-06-10 2023-03-21 OneTrust, LLC Data processing systems and methods for automatically detecting and documenting privacy-related aspects of computer software
US10581808B2 (en) 2017-03-23 2020-03-03 Microsoft Technology Licensing, Llc Keyed hash contact table
US11373007B2 (en) 2017-06-16 2022-06-28 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US11663359B2 (en) 2017-06-16 2023-05-30 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US10013577B1 (en) 2017-06-16 2018-07-03 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US9858439B1 (en) 2017-06-16 2018-01-02 OneTrust, LLC Data processing systems for identifying whether cookies contain personally identifying information
US20190130129A1 (en) * 2017-10-26 2019-05-02 Sap Se K-Anonymity and L-Diversity Data Anonymization in an In-Memory Database
US10565398B2 (en) * 2017-10-26 2020-02-18 Sap Se K-anonymity and L-diversity data anonymization in an in-memory database
US10104103B1 (en) 2018-01-19 2018-10-16 OneTrust, LLC Data processing systems for tracking reputational risk via scanning and registry lookup
US10839104B2 (en) 2018-06-08 2020-11-17 Microsoft Technology Licensing, Llc Obfuscating information related to personally identifiable information (PII)
US10885225B2 (en) 2018-06-08 2021-01-05 Microsoft Technology Licensing, Llc Protecting personally identifiable information (PII) using tagging and persistence of PII
US10963591B2 (en) 2018-09-07 2021-03-30 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US11144675B2 (en) 2018-09-07 2021-10-12 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US11947708B2 (en) 2018-09-07 2024-04-02 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US11593523B2 (en) 2018-09-07 2023-02-28 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US10803202B2 (en) 2018-09-07 2020-10-13 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US11544409B2 (en) 2018-09-07 2023-01-03 OneTrust, LLC Data processing systems and methods for automatically protecting sensitive data within privacy management systems
US11157654B2 (en) 2018-09-07 2021-10-26 OneTrust, LLC Data processing systems for orphaned data identification and deletion and related methods
US11797528B2 (en) 2020-07-08 2023-10-24 OneTrust, LLC Systems and methods for targeted data discovery
US11444976B2 (en) 2020-07-28 2022-09-13 OneTrust, LLC Systems and methods for automatically blocking the use of tracking tools
US11968229B2 (en) 2020-07-28 2024-04-23 OneTrust, LLC Systems and methods for automatically blocking the use of tracking tools
US11475165B2 (en) 2020-08-06 2022-10-18 OneTrust, LLC Data processing systems and methods for automatically redacting unstructured data from a data subject access request
US11704440B2 (en) 2020-09-15 2023-07-18 OneTrust, LLC Data processing systems and methods for preventing execution of an action documenting a consent rejection
US11436373B2 (en) 2020-09-15 2022-09-06 OneTrust, LLC Data processing systems and methods for detecting tools for the automatic blocking of consent requests
US11526624B2 (en) 2020-09-21 2022-12-13 OneTrust, LLC Data processing systems and methods for automatically detecting target data transfers and target data processing
US12265896B2 (en) 2020-10-05 2025-04-01 OneTrust, LLC Systems and methods for detecting prejudice bias in machine-learning models
US11615192B2 (en) 2020-11-06 2023-03-28 OneTrust, LLC Systems and methods for identifying data processing activities based on data discovery results
US11397819B2 (en) 2020-11-06 2022-07-26 OneTrust, LLC Systems and methods for identifying data processing activities based on data discovery results
US11687528B2 (en) 2021-01-25 2023-06-27 OneTrust, LLC Systems and methods for discovery, classification, and indexing of data in a native computing system
US12259882B2 (en) 2021-01-25 2025-03-25 OneTrust, LLC Systems and methods for discovery, classification, and indexing of data in a native computing system
US11442906B2 (en) 2021-02-04 2022-09-13 OneTrust, LLC Managing custom attributes for domain objects defined within microservices
US11494515B2 (en) 2021-02-08 2022-11-08 OneTrust, LLC Data processing systems and methods for anonymizing data samples in classification analysis
US11601464B2 (en) 2021-02-10 2023-03-07 OneTrust, LLC Systems and methods for mitigating risks of third-party computing system functionality integration into a first-party computing system
US11775348B2 (en) 2021-02-17 2023-10-03 OneTrust, LLC Managing custom workflows for domain objects defined within microservices
US11546661B2 (en) 2021-02-18 2023-01-03 OneTrust, LLC Selective redaction of media content
US11533315B2 (en) 2021-03-08 2022-12-20 OneTrust, LLC Data transfer discovery and analysis systems and related methods
US11816224B2 (en) 2021-04-16 2023-11-14 OneTrust, LLC Assessing and managing computational risk involved with integrating third party computing functionality within a computing system
US11562078B2 (en) 2021-04-16 2023-01-24 OneTrust, LLC Assessing and managing computational risk involved with integrating third party computing functionality within a computing system
US12153704B2 (en) 2021-08-05 2024-11-26 OneTrust, LLC Computing platform for facilitating data exchange among computing environments
GB2610452B (en) * 2022-01-27 2023-09-06 Anzen Tech Systems Limited Secure distributed private data storage systems
WO2023144013A1 (en) 2022-01-27 2023-08-03 Anzen Technology Systems Limited Secure distributed private data storage systems
GB202201068D0 (en) 2022-01-27 2022-03-16 Anzen Tech Systems Limtied Secure distributed private data storage systems
GB2610452A (en) 2022-01-27 2023-03-08 Anzen Tech Systems Limited Secure distributed private data storage systems
US11620142B1 (en) 2022-06-03 2023-04-04 OneTrust, LLC Generating and customizing user interfaces for demonstrating functions of interactive user environments
US12277232B2 (en) 2024-01-24 2025-04-15 OneTrust, LLC Systems and methods for identifying data processing activities based on data discovery results

Also Published As

Publication number Publication date
GB201019825D0 (en) 2011-01-05
US20120131075A1 (en) 2012-05-24
GB2485783A (en) 2012-05-30

Similar Documents

Publication Publication Date Title
US9202085B2 (en) Private information storage system
US11874947B1 (en) System of managing data across disparate blockchains
Brennen et al. Digitalization
CN111149332B (en) System and method for implementing centralized privacy control in decentralized systems
US9965644B2 (en) Record level data security
US9858426B2 (en) Computer-implemented system and method for automatically identifying attributes for anonymization
CN112632567A (en) Multi-data-source full-flow encrypted big data analysis method and system
Tasnim et al. Crab: Blockchain based criminal record management system
US20220141034A1 (en) Tracking provenance of digital data
US20210157797A1 (en) Method and system for data storage and retrieval
Grishin et al. Accelerating genomic data generation and facilitating genomic data access using decentralization, privacy-preserving technologies and equitable compensation
CA2587758A1 (en) Systems and methods for controlling access to electronic records in an archives system
US11392714B1 (en) Hierarchically encrypted data management system
Mattsson A monograph of the genus Vulpicida (Parmeliaceae, Ascomycetes)
Yinka et al. Improving the data access control using blockchain for healthcare domain
Mbah Data privacy and the right to be forgotten
KP Critical analysis of the protection of Traditional Knowledge Bill, 2022
Engelbrecht et al. Does TDWG Need an API Design Guideline?
Filippin et al. New Perspectives for Access to Archival Heritage in Italy between Privacy, Copyright, and Protection Rules
Boettcher et al. Government Data as Intellectual Property: Is Public Domain the Same as Open Access?
Karimi et al. Concept development of self appraisal of caregiving in family caregivers of older adults with dementia: A convergent parallel mixed methods design: Dementia care research (research projects; nonpharmacological)/Family/lay caregiving
Lillywhite et al. Accuracy of a computer‐based anaesthetic audit system
Rizvi et al. Role of Serine 263 in the Human Choline Transporter 1 and Congenital Myasthenic Syndrome
Rodgers et al. Reduction of risk of development of Alzheimer’s disease and related dementias in patients with type 2 diabetes by drugs to treat hyperglycemia
Manwatkar Comparing the Efficacy of Conventional Immunosuppression and Rituximab in Anti-SRP Myositis: Insights from a Tertiary Care Centre Experience

Legal Events

Date Code Title Description
AS Assignment

Owner name: KUBE PARTNERS LIMITED, UNITED KINGDOM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MAWDSLEY, GARY, MR.;MEYFROIDT, STEVEN, MR.;REEL/FRAME:027476/0853

Effective date: 20111222

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: ANZEN DATA LIMITED, UNITED KINGDOM

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KUBE PARTNERS LIMITED;REEL/FRAME:043320/0461

Effective date: 20170726

AS Assignment

Owner name: ANZEN TECHNOLOGY SYSTEMS LIMITED, GREAT BRITAIN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ANZEN DATA LIMITED;REEL/FRAME:047004/0001

Effective date: 20180924

FEPP Fee payment procedure

Free format text: SURCHARGE FOR LATE PAYMENT, SMALL ENTITY (ORIGINAL EVENT CODE: M2554); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2552); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 8

OSZAR »