US Patent 11263335 Integrated system and method for sensitive data security

A system and a method are provided for integrating a sensitive data discovery engine (SDDE), a data anonymization engine (DAE), a data monitoring module (DMM), and a data retirement module (DRM) and managing sensitive data security across its lifecycle. The SDDE determines sensitive data in similar and variant data sources and applications, identifies their operating application codes, and generates sensitive data discovery intelligence (SDDI). The system generates and distributes one or more templates including the SDDI with metadata, discovery results, and data security rules to the DAE, the DMM, and the DRM deployed on each data source. Based on the templates, the DAE flexibly and consistently masks, encrypts, or tokenizes the sensitive data for static, dynamic, blended, and hybrid anonymization based on different data classifications and application environments; the DMM continuously monitors sensitive data access by users and applications; and the DRM retires inactive sensitive data without removing transactional data.