US 11,816,247 B2
Method for a multi-country data pipeline to protect personally identifying information
Leo Woessner, Centennial, CO (US); Jeffrey DeYoung, Parker, CO (US); Ritu Saxena, Parker, CO (US); and Chadwick Reimers, Larkspur, CO (US)
Assigned to PEARSON EDUCATION, INC., Bloomington, MN (US)
Filed by Pearson Education, Inc., Bloomington, MN (US)
Filed on Apr. 12, 2022, as Appl. No. 17/719,139.
Application 17/719,139 is a continuation of application No. 16/522,512, filed on Jul. 25, 2019, granted, now 11,334,683.
Prior Publication US 2022/0237324 A1, Jul. 28, 2022
Int. Cl. G06F 21/00 (2013.01); G06F 21/62 (2013.01); G06F 21/60 (2013.01)
CPC G06F 21/6254 (2013.01) [G06F 21/602 (2013.01); G06F 21/604 (2013.01); G06F 21/6263 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for transmitting data, comprising:
a multi-country data pipeline configured to protect Personally Identifying Information (PII) for each user in a plurality of users, comprising:
a plurality of publisher methods, wherein the plurality of publisher methods comprises a Java published software development kit and a REST API,
a data ingestion unit configured to:
i) receive and archive data from the plurality of publisher methods,
ii) tag the data with a producer, a message-type, a version and a timestamp, and
iii) validate the data is in conformance with a schema containing a privacy policy for a first country, and
a web services unit configured to provide the data to a plurality of different consumer services;
physically located in the first country:
a first application configured to:
receive entered data from a user, wherein the entered data and the user are physically located in the first country and the entered data comprises non-personal data and PII,
receive the schema from a third country containing the privacy policy for the first country,
identify the non-personal data and the PII in the entered data using the schema, and
transmit an anonymized data through the multi-country data pipeline from the first country to an analytic functions in a second country;
a deidentification system configured to:
generate, using a one-way hash, an Identification (ID) tag for the PII, and
create the anonymized data by replacing the PII, in the entered data, with the ID tag for the PII,
an identity store configured to:
store the ID tag and the PII, and
return the PII when the ID tag is received,
a second application configured to:
upon authenticating the user, transmit the ID tag to a reidentification system,
combine the PII received from the reidentification system with the results to create an identified results, and
perform an action for the user based on the identified results,
the reidentification system configured to:
receive the ID tag from the second application,
transmit the ID tag to the Identify data store,
receive from the identity data store the PII associated with the ID tag, and
transmit the PII to the second application;
physically located in the second country:
the analytic functions configured to:
generate a results based on the anonymized data,
create an anonymized results by adding the ID tag to the results, wherein the anonymized results contain no PII, and
transmit the anonymized results through the multi-country data pipeline from the second country to the second application in the first country; and
physically located in the third country:
a PII Schema Service comprising a plurality of schemas stored in a database, wherein each schema in the plurality of schemas identifies a privacy policy for a different country or region.