| CPC G06F 21/6254 (2013.01) [G06F 16/125 (2019.01); G06F 16/2379 (2019.01); H04L 63/105 (2013.01)] | 18 Claims |
|
1. A system for use of embedded metadata for data privacy compliance, comprising:
a data store configured to maintain self-managed data, the self-managed data including metadata specifying retention policy data, the retention policy data indicating a first timeframe for scrubbing personally identifiable information (PII) from the self-managed data, and a second timeframe for deleting the self-managed data from the data store; and
one or more servers, including one or more hardware processors, programmed to receive the self-managed data from a client device;
bind the self-managed data to the retention policy data by embedded the retention policy data into metadata of the self-managed data;
store the self-managed data including the embedded retention policy data to the data store;
responsive to a self-update being indicated by the first timeframe of the embedded retention policy data to scrub the PII from the self-managed data, remove the PII from the self-managed data maintained by the data store,
responsive to a self-update being indicated by the second timeframe of the embedded retention policy data to delete the self-managed data from the self-managed data, remove the self-managed data from the data store,
provide a first level of access to a first client device configured to access a data portal via an internal communications network, the data portal providing access to the data store to client devices, and
provide a second level of access to a second client device configured to access the data portal via an external communications network,
wherein the self-managed data indicates a first active period during which the self-managed data is in use and editable, and a second period once the self-managed data is no longer active, in which the self-managed data is accessible to internal client devices but not to external client devices.
|