LEGAL HOLD AND RELATED DATA ACCESS CONTROLS USING STATIC CONTENT-BASED DATASETS

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 09/02/2025. Claims 1-10, 13, and 18-20 are cancelled. Claims 11, and 14 are amended. Claims 11-12, and 14-17 are pending in this examination. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This examination is in response to US Patent Application No. 17/975,832. Examiner Note Applicant’s amendment to claim 14 obviates previously raised claim 14, claim objections. Response to Argument Applicant submits on pages 6-7 of remarks filed on 09/02/2025 regarding 35 USC 101 abstract idea for claims 11-12, and 14-17 have been fully considered but they are not persuasive. Applicant amendment to claim 11: Such as search engine and backup server process do not include additional elements that are sufficient to amount to significantly more than the judicial exception (see below Claim Rejections – 35 USC § 101 section for more detail). Applicant submits on pages 7-8 of remarks filed on 09/02/2025 that None of the cited reference discloses storing metadata including pointers to content data in a scanning database, and executing a query against the metadata to generate defined datasets, or creating a protection policy including legal hold "incorporating the legal hold procedure" and composed of the query, as recited in amended claim 11. Examiner respectfully disagrees with applicant argument filed on 09/02/2025 on pages 7-8 of remarks. Nouard discloses: [¶¶ 11, 14, 16-17, 19, 22, 25-26, 28, 34, 36, 46-47, 49, 57, 105], to review the content of these paragraph please refer below 35USC 103 rejection section. Examiner maintains the rejection. Claim Rejections – 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 11-12, and 14-17 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. The claim 11, recites A computer-implemented method of enforcing a legal hold procedure in a data system comprising: deploying a search engine for finding and retrieving data responsive to one or more queries input by a user; storing metadata including pointers to content data from multiple data sources in a scanning database; executing a query through the search engine against the metadata in the scanning database to generate the defined datasets using metadata selectors including modification timestamps. file size and location, or one or more identifiers; scanning the multiple data sources to identify data objects for processing as a unitary group with respect to common access and control processes of the legal hold procedure that preserves the data objects to be retained under legal hold rules and protected against modification and unauthorized access; storing metadata of the identified data objects in a static dataset that defines a single data access unit for the referenced data objects; restricting access to the data objects by prohibiting access by unauthorized persons or entities, wherein authorization is provided by one of access control list (ACL) or role-based access control (RBAC) procedures, wherein each data object has an assigned access rule that is assigned to the data object, and an inherited access rule that is automatically assigned to the data object based on its dataset; implementing a priority policy to resolve conflicts between data objects with both inherited and assigned access rules to give priority to rules that deny access; processing the query regarding a data object of the identified data objects, wherein the query accesses the referenced data objects through the dataset as a single unit based on data content rather than data location in a file directory of the system; generating, upon processing the query, the data catalog storing metadata including file information and tags of the data objects; processing the dataset in the data catalog to generate a protection policy incorporating the legal hold procedure to protect the data objects as the unitary group based on the metadata and tags of the data objects; returning the dataset to the user through a user interface of the search engine to satisfy the query; and executing the protection policy in a backup server to enforce the protection policy composed of the query representing data to be protected by the protection policy and including backup, restore, migration, or archiving operations. The limitations above cite performing deploying search engine for user input query , data restriction operations including legal holds, scanning multiple data access to identify data objects, storing the metadata, restricting access base on ACL or RBAC, applying protection policy processes, and processing user query to access one or more of the data objects, generating a data category, processing dataset and returning the data” as drafted, are a process that, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components.. This is a mental process as described in MPEP 2601.04(a)(2)(III). If a claim limitation, under its broadest reasonable interpretation, covers performance of the limitation in the mind but for the recitation of generic computer components, then it falls within the “Mental Processes” grouping of abstract ideas. Accordingly, the claim recites an abstract idea. This judicial exception is not integrated into a practical application. In particular, the claim only recites one additional element – using a computer implemented method to perform the steps mentioned above. A computer implemented method cited for the steps mentioned above is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea. See MPEP 2106.04(d). The claim is directed to an abstract idea. The claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. As discussed above with respect to integration of the abstract idea into a practical application, the additional element of using a p a computer implemented method to perform the steps mentioned above amounts to no more than mere instructions to apply the exception using a generic computer component. Mere instructions to apply an exception using a generic computer component cannot provide an inventive concept. (See MPEP § 2106.05(d)). The claim is not patent eligible. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 11, and 14-17, rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2023/0185961) issued to Nouard, and in view of WEI YAN (CN101674334 B). Regarding claim 11, Nouard discloses A computer-implemented method of enforcing a legal hold procedure in a data system comprising: deploying a search engine for finding and retrieving data responsive to one or more queries input by a user; storing metadata including pointers to content data from multiple data sources in a scanning database; executing a query through the search engine against the metadata in the scanning database to generate the defined datasets using metadata selectors including modification timestamps, file size and location, or one or more identifiers [¶11, Example methods and systems are directed to protecting privacy for data. A first user may generate a report (implementing search engine) that includes multiple data values (based on user query). A second user may be granted access to some of the data values but not others. To accommodate the partial access permission, an application server may generate a version of the report that includes only the data values the second user is permitted to access. The data values that the second user is not permitted to access may be replaced by randomly generated character strings. A blurring effect may be applied to the replacement data values, providing a visual indication that the replacement data values are not the actual data values], and [¶19, Any of the machines, databases, or devices shown in FIG. 1 may be implemented in a general-purpose computer modified (e.g., configured or programmed) by software to be a special-purpose computer to perform the functions described herein for that machine, database, or device. For example, a computer system able to implement any one or more of the methodologies described herein is discussed below with respect to FIG. 8. As used herein, a “database” is a data storage resource and may store data structured as a text file, a table, a spreadsheet, a relational database (e.g., an object-relational database), a triple store, a hierarchical data store, a document-oriented NoSQL database, a file store, or any suitable combination thereof. The database may be an in-memory database. Moreover, any two or more of the machines, databases, or devices illustrated in FIG. 1 may be combined into a single machine, database, or device, and the functions described herein for any single machine, database, or device may be subdivided among multiple machines, databases, or devices], and [¶16, A database of the database server 130 stores data for use by the application server 120. For example, user data (e.g., name, address, phone number, account number (unchanged over time), birthdate, social security number (unchanged over time), or any suitable combination thereof), accounting data (e.g., revenue, profits, expenses, credits, debits, or any suitable combination thereof), or any suitable combination thereof may be stored in the database. The network-based application may provide a user interface to the client devices 180 that allow users to generate or view reports that are based on the data stored in the database. For example,] a user report may show information about users (e.g., all users, users with addresses in a particular geographic region, users with demographic data matching specified criteria, or any suitable combination thereof). As another example, a financial report may show information about finances of an individual, a business, or a business unit (equated to metadata including pointer), and [¶17, The reports may be presented to different users with different data in the report protected by data blurring. For example, a leader of a business unit may be permitted to see all data in a report for the business unit, but only a subset of data in a report for the overall business. An employee of the business unit may be permitted to view only a subset of the data in the report for the business unit, and not permitted to view the report for the overall business at all. One method of generating the different versions of the reports is to generate the full report and then to manually black out the protected data to create a redacted version. This process is repeated for each different redacted version, and repeated each time an updated version of the report is generated (e.g., to include more recent data) (equated to modification timestamp], and [¶34, The user interface 400 may be used to receive selections of data values to be blurred. For example, a presented data value (e.g., the $15,000 income in the first row of the report) may be selected. In response, a menu is presented allowing the user to select an option to protect the corresponding data value. The application server 120 accesses a document template for the presented report and, based on the document template and the selected portion of the user interface 400, determines the data value to be blurred], and[¶28, Each row of the income table 310 stores record identifier (ID), name, income, and city for a user (equated to location and more identifiers) The record ID field stores a unique identifier for the user. Thus, the row 330A indicates that Moe Howard has an income of $15,000 and lives in Austin; the row 330B indicates that Shemp Howard has an income of $25,000 and lives in Dallas; and the row 330C indicates that Ron Howard has an income of $30,000 and lives in Houston], and [¶105, While the machine-readable medium 822 is shown in FIG. 8 to be a single medium, the term “machine-readable medium” may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions 824 or data structures], and[see FIG 3 and corresponding text for more details], and [¶46, In operation 640, the privacy module 230 of FIG. 2 of the application server 120 of FIG. 1 determines a length of a first string for the first data value (equated to file size). For example, the string representation of “Moe Howard” is ten characters long. As another example, the string representation of $70,000 is seven characters long], and [ ¶¶ 47, 49, 57]; and scanning the multiple data sources to identify data objects for processing as a unitary group with respect to common access and control processes of the legal hold procedure that preserves the data objects to be retained under legal hold rules and protected against modification and unauthorized access [¶16, A database of the database server 130 stores data for use by the application server 120. For example, user data (e.g., name, address, phone number, account number (protecting against modification and unauthorized access), birthdate, social security number (protecting against modification and unauthorized access) or any suitable combination thereof), accounting data (e.g., revenue, profits, expenses, credits, debits, or any suitable combination thereof), or any suitable combination thereof may be stored in the database. The network-based application may provide a user interface to the client devices 180 that allow users to generate or view reports that are based on the data stored in the database. For example, a user report may show information about users (e.g., all users, users with addresses in a particular geographic region, users with demographic data matching specified criteria, or any suitable combination thereof). As another example, a financial report may show information about finances of an individual, a business, or a business unit], and [¶17, The reports may be presented to different users with different data in the report protected by data blurring. For example, a leader of a business unit may be permitted to see all data in a report for the business unit, but only a subset of data in a report for the overall business (restricting access/ deny access). An employee of the business unit may be permitted to view only a subset of the data in the report for the business unit, and not permitted to view the report for the overall business at all (restricting access/deny access). One method of generating the different versions of the reports is to generate the full report and then to manually black out the protected data to create a redacted version. This process is repeated for each different redacted version, and repeated each time an updated version of the report is generated (e.g., to include more recent data)], and [¶¶11, 18, 25-26, 37]; and storing metadata of the identified data objects in a static dataset that defines a single data access unit for the referenced data objects [¶16, A database of the database server 130 stores data for use by the application server 120. For example, user data (e.g., name, address, phone number, account number (protecting against modification and unauthorized access), birthdate, social security number (protecting against modification and unauthorized access) or any suitable combination thereof), accounting data (e.g., revenue, profits, expenses, credits, debits, or any suitable combination thereof), or any suitable combination thereof may be stored in the database. The network-based application may provide a user interface to the client devices 180 that allow users to generate or view reports that are based on the data stored in the database. For example, a user report may show information about users (e.g., all users, users with addresses in a particular geographic region, users with demographic data matching specified criteria, or any suitable combination thereof). As another example, a financial report may show information about finances of an individual, a business, or a business unit], and [¶105, While the machine-readable medium 822 is shown in FIG. 8 to be a single medium, the term “machine-readable medium” may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions 824 or data structures], and restricting access to the data objects by prohibiting access by unauthorized persons or entities, wherein authorization is provided by one of access control list (ACL) or role-based access control (RBAC) procedures, wherein each data object has an assigned access rule that is assigned to the data object, and an inherited access rule that is automatically assigned to the data object based on its dataset [¶17, The reports may be presented to different users with different data in the report protected by data blurring. For example, a leader of a business unit may be permitted to see all data in a report for the business unit, but only a subset of data in a report for the overall business (restricting access/ deny access). An employee of the business unit may be permitted to view only a subset of the data in the report for the business unit, and not permitted to view the report for the overall business at all (restricting access/deny access). One method of generating the different versions of the reports is to generate the full report and then to manually black out the protected data to create a redacted version. This process is repeated for each different redacted version, and repeated each time an updated version of the report is generated (e.g., to include more recent data)], and [¶25, The privacy module 230 accesses data from the database server 130 and, based on the accessed data and permissions of the user account for which the data is being accessed, generates substitute values for display. For example, a user that does not have access to the social security numbers of other users but does have access to other data in a report, may receive a version of the report in which the social security numbers of the other users are replaced with random nine-digit numbers. Thus, the results provided are similar to the actual results, keeping the overall appearance of the report the same, but the recipient does not actually access the protected data values. As a further visual effect, the user interface module 220 or the privacy module 230 may visually blur the substitute data values. The storage module 240 stores the permission metadata that controls which users may access data and other data used by the privacy module 230 to modify data to protect privacy], and [¶¶11, 18, 37], and processing the query regarding a data object of the identified data objects, wherein the query accesses the referenced data objects through the dataset as a single unit based on data content rather than data location in a file directory of the system ; generating, upon processing the query, data catalog storing metadata including file information and tags of the data objects; processing the dataset in the data catalog to generate a protection policy incorporating the legal hold procedure to protect the data objects as the unitary group based on the metadata and tags of the data objects ; returning the dataset to the user through a user interface of the search engine to satisfy the user query [¶16, A database of the database server 130 stores data for use by the application server 120. For example, user data (e.g., name, address, phone number, account number (protecting against modification and unauthorized access), birthdate, social security number (protecting against modification and unauthorized access) or any suitable combination thereof), accounting data (e.g., revenue, profits, expenses, credits, debits, or any suitable combination thereof), or any suitable combination thereof may be stored in the database. The network-based application may provide a user interface to the client devices 180 that allow users to generate or view reports (user query) that are based on the data stored in the database. For example, a user report may show information about users (e.g., all users, users with addresses in a particular geographic region, users with demographic data matching specified criteria, or any suitable combination thereof). As another example, a financial report may show information about finances of an individual, a business, or a business unit], and [¶17, The reports may be presented to different users with different data in the report protected by data blurring. For example, a leader of a business unit may be permitted to see all data in a report for the business unit, but only a subset of data in a report for the overall business (restricting access/ deny access). An employee of the business unit may be permitted to view only a subset of the data in the report for the business unit, and not permitted to view the report for the overall business at all (restricting access/deny access). One method of generating the different versions of the reports is to generate the full report and then to manually black out the protected data to create a redacted version. This process is repeated for each different redacted version, and repeated each time an updated version of the report is generated (e.g., to include more recent data)], and [¶¶11, 18, 25-26, 37], [ see FIG. 3 and corresponding text for more detail]; and executing the protection policy in a backup server to enforce the protection policy composed of the query representing data to be protected by the protection policy and including backup, restore, migration, or archiving operations. [¶14, FIG. 1 is a network diagram illustrating an example network environment 100 suitable for providing privacy for data. The network environment 100 includes a cloud-based execution environment 150, client devices 180A and 180B, and a network 190. The cloud-based execution environment 150 includes an application server 120 and a database server 130…], and [see FIG 2, ¶22, The application server 120( equated to backup server) is shown as including a communication module 210, a user interface module 220, a privacy module 230, and a storage module 240…], and [¶¶25-26, The privacy module 230 accesses data from the database server 130 and, based on the accessed data and permissions of the user account for which the data is being accessed, generates substitute values for display. For example, a user that does not have access to the social security numbers of other users but does have access to other data in a report, may receive a version of the report in which the social security numbers of the other users are replaced with random nine-digit numbers. Thus, the results provided are similar to the actual results, keeping the overall appearance of the report the same, but the recipient does not actually access the protected data values. As a further visual effect, the user interface module 220 or the privacy module 230 may visually blur the substitute data values. The storage module 240 stores the permission metadata that controls which users may access data and other data used by the privacy module 230 to modify data to protect privacy], and [¶36, Thus, in this example, the selected value of $15,000 was generated from the source code $Income[1], which is the Income field of the row 330A of the income table 310 of FIG. 3. In response, the privacy module 230 modifies the privacy table 340 to protect the selected data. As another example, the total income value ($70,000) of the data 440 may be selected for protection. The underlying source code shows that the total income value was generated from $Income [1], $Income [2], and $Income [3]. In response to this selection, the privacy module 230 may modify the privacy table 340 to protect all three of the underlying data value]. Nouard does not explicitly disclose, however, WEI YAN discloses implementing a priority policy to resolve conflicts between data objects with both inherited and assigned access rules to give priority to rules that deny access [ Page 10, 3rd paragraph, One access control list may include both an access control item of a user and an access control item of a role to which the user belongs, and at the same time, the access control list of the object itself may include an access control item of a certain user or role, and the parent object inherited by the object may also include an access control item of the same user or role. In these cases, there may be an authorization conflict problem with access control items. Therefore, the priority of the access control item is defined: the priority of the access control item of the object is higher than that of the inheritance access control item, and the priority of the access control item of the user is higher than the priority of the access control item of the group or the role. In other words, after the corresponding access control item is found in the object self-contained access control list, the inheritance access control item is no longer searched (if the inheritance flag is valid), and the user access control item is taken as the control item under the condition that the user access control item and the role access control item to which the user belongs are included. In the case that one user belongs to a plurality of roles, the access control item is determined according to the priority of the role, the access control item can be accessed according to the access control item of the role with high priority, and the priority definition of the role is determined by the specific application system], and [ Page 8, 1st paragraph, The process of the object operation step is shown in FIG. 8. When the object storage device receives the object operation request of the user, the object storage device first reads the control area of the object access control list requested by the user ; If the role access control item corresponding to the role to which the user belongs does not exist, if the role access control item corresponding to the role of the user request object does not exist, and the inheritance flag of the access control list header of the user request object is valid, the access control is performed in the inheritance region of the parent object access control list, and so on until the access control list inheritance flag of a certain parent object is invalid, the user operation request is rejected]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Nouard by incorporating “an access control method for a network storage device”, as taught by WEI YAN. One could have been motivated to do so in order to, which solves the problems that an existing access control method is maintained and managed by a security and policy manager in a centralized access control list to form a performance bottleneck, which affects the performance and scalability of the network storage system and provides a more flexible and effective access control mechanism for the storage system. [ WEI YAN, Page 3, 3rd paragraph]. Regarding claim 14, Nouard discloses wherein the static dataset receives at least some of the data objects from a dynamic dataset that can receives periodic changes to the metadata based on at least one of addition of one or more additional data objects in the unitary group, or a change in characteristics of a data object referenced by the dataset, and wherein data objects from the dynamic dataset are then no longer modifiable and are subject to the strict access and process controls of the static dataset[¶26, The storage module 240 stores the permission metadata that controls which users may access data and other data used by the privacy module 230 to modify data to protect privacy. The storage module 240 may store programming instructions for the communication module 210, the user interface module 220, the privacy module 230, or any suitable combination thereof], and [¶36, Thus, in this example, the selected value of $15,000 was generated from the source code $Income [1], which is the Income field of the row 330A of the income table 310 of FIG. 3. In response, the privacy module 230 modifies the privacy table 340 to protect the selected data. As another example, the total income value ($70,000) of the data 440 may be selected for protection. The underlying source code shows that the total income value was generated from $Income [1], $Income [2], and $Income [3]. In response to this selection, the privacy module 230 may modify Fserachthe displayed data in the example of FIG. 5 is a two-step process. First, the actual data values are replaced with similar randomized strings. For example, the name “Moe Howard” may be replaced with a random 10-character string that comprises alphabetic characters and spaces only. As another example, the name “Moe Howard” may be replaced by a 3-character string and a 7-character string, both of which comprise alphabetic characters, with the two strings separated by a space. As still another example, the income “$30,000” may be replaced by a similarly formatted five-digit value, such that the dollar sign and comma remain in place. After the actual data values are replaced with randomized strings, the replacement values are modified with a blurring effect], and [¶107, Although specific examples are described herein, it will be evident that various modifications and changes may be made to these examples without departing from the broader spirit and scope of the disclosure. Accordingly, the specification and drawings are to be regarded in an illustrative rather than a restrictive sense]. Regarding claim 15, Nouard discloses wherein data objects are sourced by multiple data sources comprising data stored in multiple storage devices, including network attached storage (NAS), object storage, local storage, or cloud networks, and wherein the data provided by each data source is compiled by a different entity in the system [¶105, While the machine-readable medium 822 is shown in FIG. 8 to be a single medium, the term “machine-readable medium” may include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more instructions 824 or data structures], and [¶19], Any of the machines, databases, or devices shown in FIG. 1 may be implemented in a general-purpose computer modified (e.g., configured or programmed) by software to be a special-purpose computer to perform the functions described herein for that machine, database, or device. For example, a computer system able to implement any one or more of the methodologies described herein is discussed below with respect to FIG. 8. As used herein, a “database” is a data storage resource and may store data structured as a text file, a table, a spreadsheet, a relational database (e.g., an object-relational database), a triple store, a hierarchical data store, a document-oriented NoSQL database, a file store, or any suitable combination thereof. The database may be an in-memory database. Moreover, any two or more of the machines, databases, or devices illustrated in FIG. 1 may be combined into a single machine, database, or device, and the functions described herein for any single machine, database, or device may be subdivided among multiple machines, databases, or devices]. Regarding claim 16, Nouard discloses further comprising producing the dataset by gathering the identified metadata for storage in the data catalog, and executing a user entered query comprising metadata selectors as dataset tags for matching against the cataloged metadata to generate the dataset, and further wherein the metadata selectors comprise tags consisting of alphanumeric strings applied to respective data objects based on user-defined rules [ ¶¶26-29] , and [ see FIG.3 and corresponding text for a block diagram of an example database schema suitable for storing data and privacy metadata for use in providing privacy for data]. Regarding claim 17, Nouard discloses wherein the tags define at least one of a file type, name, location, creation time, or characteristic, and further wherein the dataset is organized into collection information and per file and object information, and wherein collection information comprises a dataset creation time, the query, role-based access control (RBAC) for the dataset, and first metadata, and wherein the per file and object information comprises location of data of the dataset, unstructured metadata information, and second metadata [ ¶¶ 16-17, 26-29] , and [ see FIG.3 and corresponding text for a block diagram of an example database schema suitable for storing data and privacy metadata for use in providing privacy for data]. Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US2023/0185961) issued to Nouard, and in view of WEI YAN (CN101674334 B), further and in view of US Patent No. (US10204380) issued to Moore. Regarding claim 12, Nouard discloses: wherein the data objects comprise sensitive data comprising at least one of. legal documents, medical records, proprietary information, trade secret information, and secret financial information, [ [¶16, A database of the database server 130 stores data for use by the application server 120. For example, user data (e.g., name, address, phone number, account number, birthdate, social security number or any suitable combination thereof), accounting data (e.g., revenue, profits, expenses, credits, debits, or any suitable combination thereof), or any suitable combination thereof may be stored in the database. The network-based application may provide a user interface to the client devices 180 that allow users to generate or view reports that are based on the data stored in the database. For example, a user report may show information about users (e.g., all users, users with addresses in a particular geographic region, users with demographic data matching specified criteria, or any suitable combination thereof). As another example, a financial report may show information about finances of an individual, a business, or a business unit]. Nouard, and WEI YAN do not explicitly disclose however, Moore discloses: wherein the legal hold procedure is implemented as defined by court rules in accordance with Federal Rules of Civil Procedure [Col.10 lines 37-53, In embodiments, the invention may be implemented in an electronic system organizes large, potentially divergent or loosely organized, sets of financial transaction data using specific taxonomies such that the data entry associated with each data point of a certain type is done in a homogenous and consistent way without direct human involvement. Accordingly, unique identification tags are ascribed to certain levels of a given taxonomy allowing financial data points to be grouped according to the nature of the expense, income or purchase they represent via algorithmically assigned categories where each successive category delineates an additional layer of specificity. Embodiments are superior to existing financial transaction organization and accounting systems as they rely on defining granular financial transaction information according to an individual assigned to the transaction; for example, a customer or vendor], and [Col.12 lines 8-12, … In embodiments, accounts which can pulled from may extend to checking accounts, savings accounts, credit accounts, mortgage accounts, brokerage accounts, loan accounts and other accounts], and [ Col.50 lines 17-21… The Magistrate Judge enforced Federal Rule of Civil Procedures 34(B)(2)(E)(ii) which required the prosecutors to render the Voicebox and IPRO files (financial in nature) in a portable document format which could be better searched and organized], and [see FIG. 1A-B, and corresponding text for more details]. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Nouard, and WEI YAN by incorporating “Categorically Inductive Taxonomy System (CITS) which relates to Financial Investigation and Financial Analysis”, as taught by Moore. One could have been motivated to do so in order to, enforce Federal Rule of Civil Procedures and If the data associated with IPRO files, which was financial in nature, the files could have been extracted and organized per the CITS system it would have been prepared, for both the prosecution and defense, in an organized fashion according to an Identified Taxonomy which could be developed for a particular case or cases of this nature, and which could be better searched and organized. [ Moore, Col 49 lines 25-40, Col. 50 lines 1-29]. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: See 892 form submitted with this office action for more relevant references. Amarendram (US2021/0026982) [0148] A reference copy may comprise copy(ies) of selected objects from backed up data, typically to help organize data by keeping contextual information from multiple sources together, and/or help retain specific data for a longer period of time, such as for legal hold needs], and [ 0228] Compliance copy rule set 164 is only associated with the email sub client 168, and not the file system sub client 166. Compliance copies generated according to compliance copy rule set 164 will therefore not include primary data 112A from the file system sub client 166. For instance, the organization may be under an obligation to store and maintain copies of email data for a particular period of time (e.g., 10 years) to comply with state or federal regulations, while similar regulations do not apply to file system data.]. Madhavan (US2022/0198053) [0107] … when the entity is required by applicable law or regulation to retain the data of users in their data stores or systems for at least a defined period of time, when retaining the data of the user is determined to be necessary for public health interests or in the public interest, when retaining the data of the user is determined to be necessary to perform preventative or occupational medicine, or when the data of the user is being used to exercise legal claims or establish a legal defense to a legal claim]. Sarferaz (US2020/0380155) [ 0003] In some cases, data must be maintained for particular time periods, whether as “active” data or as archived data. These time periods can be specified by an organizational policy or by various laws, regulations, contractual obligations, and the like]. Sharifi (US2018/0285592) [ [0088] At a first time, PMI 126 of computing device 110 may determine a privacy level for various portions of information to be output by computing device 110. In some examples, computing device 110 may initially output the information without obscuring private portions of the information. For example, computing device 110 may output the information and may temporarily refrain from obscuring any of the private information. As illustrated in FIG. 4A, UI graphical user interface 414A may include health information 402 and 404, address information 406, personally identifiable information 408 and 410, and financial information 412. In some instances, UI module 120 of computing device 110 may cause PSD 112 to display the information and a notification 462 indicating that the private portions of the information will be obscured after a predetermined amount of time (e.g., 3 seconds). As a result, user 130 may briefly consume the private information while reducing the likelihood that unauthorized individuals are likely to be able to consume the information. Responsive to outputting the information without obscuring the private portions of the information, PMM 126 may start a timer to determine the amount of elapsed time since outputting the unobscured information]. Shah (US2022/0092212) [0144] Once sensitive data within one or more databases DB and/or within one or more files F is discovered, the system 10 next may protect the sensitive data using one or more associated policies (e.g., privacy policies or the like). The protecting of the sensitive data may be triggered by a database administrator, automatically at predetermined time intervals, or by other triggering methods]. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached at 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHAHRIAR ZARRINEH/Primary Examiner, Art Unit 2496