Abstract: An exemplary embodiment of the present invention includes a method to enforce privacy preferences on exchanges of personal data of a data-subject. The method comprises the steps of: specifying data-subject authorization rule sets having subject constraints, receiving a request message from a requester and a requester privacy statement, comparing the requester privacy statement to the subject constraints, and releasing the data-subject data in a response message to the requester only if the subject constraints are satisfied. The requester privacy statement includes purpose, retention, recipient, and access information, wherein the purpose information specifies the purpose for which the requested data is acquired, the retention information specifies a retention policy for the requested data, the recipient information specifies the recipients of the requested data, and the access information specifies whether the requested data should be accessing to the data-subject after the data has been released.

Abstract: A customer relationship management (CRM) system in which customer data can be dynamically controlled by the customer. The CRM system may reside on a server that is accessible by a plurality of customers of a business and a customer service representative (CSR) of the business, and comprise: a database for storing data for each of the plurality of customers related to interactions with the business; a customer interface that allows each customer to access customer specific data; a data subset identification system that allows the customer to identify a subset of the customer specific data; and a CSR interface that allows the CSR to view only the subset of customer specific data.

Abstract: A system, method, and business method is used to enforce privacy preferences on exchanges of personal data over a computer network. There are one or more data-subject (subject) rule sets that have one or more subject constraints on one or more private, subject data releases. A receiving process receives a request message from a data-requester (requester) over a network interfaces. The request message has one or more requests for one or more of the private, subject data releases pertaining to a subject, and a requester privacy statement for each of the respective private data. A release process compares the requester privacy statement to the subject constraints (authorization rules) and releases the private, subject data release in a response message to the requester only if the subject constraints are satisfied.