US 10,891,393 B2
System and method for enterprise privacy information compliance
Michael J. Currier, Cornelius, NC (US); Duanhua Tu, Southbury, CT (US); Sunil Joshi, Marietta, GA (US); Murthy V. Rallapalli, Alpharetta, GA (US); and Lisa N. Schenkewitz, Raleigh, NC (US)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by Michael J. Currier, Cornelius, NC (US); Duanhua Tu, Southbury, CT (US); Sunil Joshi, Marietta, GA (US); Murthy V. Rallapalli, Alpharetta, GA (US); and Lisa N. Schenkewitz, Raleigh, NC (US)
Filed on Nov. 10, 2008, as Appl. No. 12/268,053.
Prior Publication US 2010/0121773 A1, May 13, 2010
Int. Cl. G06F 21/62 (2013.01); G06F 21/57 (2013.01); G06Q 30/02 (2012.01); G06Q 30/00 (2012.01)
CPC G06F 21/6245 (2013.01) [G06F 21/577 (2013.01); G06Q 30/00 (2013.01); G06Q 30/0282 (2013.01)] 27 Claims
OG exemplary drawing
 
1. A computer implemented method for determining privacy compliance comprising:
automatically scanning, using an enterprise privacy compliance (EPIC) tool, one or more websites that have one or more privacy requirements with a web based tool using only server side code to automatically verify compliance with the one or more privacy requirements by ensuring that required privacy practices are in place on the one or more websites, wherein the one or more privacy requirements include a backout statement;
the method further comprising:
identifying, by the scanning and using the EPIC tool, at least one website associated with a uniform resource locator (URL);
determining, by a processor and using the EPIC tool, whether the at least one website is compliant with the one or more privacy requirements, wherein the determining includes analyzing configuration details of a server by restricting encryption ciphers that the server is capable of using;
generating, by the EPIC tool, a report indicating which of the one or more privacy requirements are met and which of the one or more privacy requirements are unmet based on the determining; and
outputting, by the EPIC tool, the report, wherein the report provides immediate feedback on whether the at least one website is compliant, and guidance on modifying the at least one website to meet the one or more privacy requirements to reduce a probability that the at least one website will fail compliance.