×

Systems and methods for managing data incidents

  • US 10,204,238 B2
  • Filed: 10/31/2016
  • Issued: 02/12/2019
  • Est. Priority Date: 02/14/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for managing a data incident, comprising:

  • receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional compromise, disclosure or release of personal data or personally identifiable information to an untrusted or unauthorized environment;

    automatically generating, via the risk assessment server, a risk assessment and decision-support guidance whether the data incident is reportable from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one European General Data Privacy Regulation (GDPR) rule, each rule defining requirements associated with data incident notification obligations;

    generating a risk assessment guidance interface when the comparison indicates that the data incident violates at least one of the privacy rules;

    wherein the risk assessment guidance interface comprises an impact summary that indicates which of the privacy rules was violated and one or more entities implicated or impacted in the data incident; and

    wherein the receiving data incident data further comprises;

    providing, in response to a determination of a violation of at least one of the privacy rules, one or more questions to a display device that elicits information corresponding to the data incident, the one or more questions tailored to specific criteria of the at least one of the privacy rules; and

    receiving responses to the one or more questions; and

    generating a notification schedule when the comparison indicates that the data incident violates and triggers a notification obligation according to the at least one European General Data Privacy Regulation (GDPR) rule; and

    wherein the notification schedule comprises notification dates that are based upon a violated European General Data Privacy Regulation (GDPR) rule, along with notification requirements that describe information that is to be provided to a regulatory agency or to an affected individual whose personal data has been compromised, disclosed or released as a result of the data incident.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×