Systems and methods for managing data incidents
First Claim
Patent Images
1. A method for managing a data incident, comprising:
- receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment;
automatically generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one federal rule and at least one state rule, each of the rules defining requirements associated with data incident notification laws;
providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; and
wherein the receiving data incident data further comprises;
providing, in response to a determination of at least one of the privacy rules, one or more questions to the display device that elicits information corresponding to the data incident, the one or more questions tailored to specific criteria of the at least one of the privacy rules; and
receiving responses to the one or more questions.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing a data incident are provided herein. Exemplary methods may include receiving data breach data that comprises information corresponding to the data breach, automatically generating a risk assessment from a comparison of data breach data to privacy rules, the privacy rules comprising at least one federal rule and at least one state rule, each of the rules defining requirements associated with data breach notification laws, and providing the risk assessment to a display device that selectively couples with the risk assessment server.
37 Citations
23 Claims
-
1. A method for managing a data incident, comprising:
-
receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; automatically generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one federal rule and at least one state rule, each of the rules defining requirements associated with data incident notification laws; providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; and
wherein the receiving data incident data further comprises;providing, in response to a determination of at least one of the privacy rules, one or more questions to the display device that elicits information corresponding to the data incident, the one or more questions tailored to specific criteria of the at least one of the privacy rules; and receiving responses to the one or more questions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A risk assessment server for managing a data incident, the server comprising:
-
a memory for storing executable instructions; a processor for executing the instructions; an input module stored in memory and executable by the processor to receive in response to an occurrence of the data incident, data incident data, the data incident data comprising information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; a risk assessment generator stored in memory and executable by the processor to generate a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one federal rule and at least one state rule, each of the rules defining requirements associated with data incident notification laws; a user interface module stored in memory and executable by the processor to provide the risk assessment to a display device that selectively couples with the risk assessment server; and
wherein the receiving data incident data further comprises;to provide, in response to a determination of at least one of the privacy rules, one or more questions to the display device that elicits information corresponding to the data incident, the one or more questions tailored to specific criteria of the at least one of the privacy rules; and to receive responses to the one or more questions. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification