Systems and methods for managing data incidents
First Claim
Patent Images
1. A method for managing a data incident, comprising:
- receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment;
automatically generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising;
at least one federal rule;
at least one state rule, each of the rules defining requirements associated with data incident notification laws; and
at least one contractual obligation defining contractual requirements of a breaching party due to the data incident, the breaching party being a party to the at least one contractual obligation;
providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; and
generating a notification schedule when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the at least one contractual obligation, or combinations thereof.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing a data incident are provided herein. Exemplary methods may include receiving data breach data that comprises information corresponding to the data breach, automatically generating a risk assessment from a comparison of data breach data to privacy rules, the privacy rules comprising at least one federal rule, at least one state rule, and at least one contractual obligation, each of the rules defining requirements associated with data breach notification laws, and providing the risk assessment to a display device that selectively couples with the risk assessment server.
48 Citations
32 Claims
-
1. A method for managing a data incident, comprising:
-
receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; automatically generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising; at least one federal rule; at least one state rule, each of the rules defining requirements associated with data incident notification laws; and at least one contractual obligation defining contractual requirements of a breaching party due to the data incident, the breaching party being a party to the at least one contractual obligation; providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; and generating a notification schedule when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the at least one contractual obligation, or combinations thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A risk assessment server for managing a data incident, the server comprising:
-
a memory for storing executable instructions; a processor for executing the instructions; an input module stored in memory and executable by the processor to receive in response to an occurrence of the data incident, data incident data, the data incident data comprising information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; a risk assessment generator stored in memory and executable by the processor to generate a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising; at least one federal rule; at least one state rule, each of the rules defining requirements associated with data incident notification laws; and at least one contractual obligation defining contractual requirements of a breaching party due to the data incident, the breaching party being a party to the at least one contractual obligation; a user interface module stored in memory and executable by the processor to provide the risk assessment to a display device that selectively couples with the risk assessment server; and a notification module generating a notification schedule when the comparison indicates that the data incident violates at least one federal rule, the at least one state rule, the at least one contractual obligation, or combinations thereof. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for managing a data incident, comprising:
-
receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; automatically generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising; at least one federal rule; at least one state rule, each of the rules defining requirements associated with data incident notification laws; and at least one contractual obligation defining contractual requirements of a breaching party due to the data incident, the breaching party being a party to the at least one contractual obligation; providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; receiving one or more selections of one or more states; selecting one or more state statutes based upon the one or more selections; generating at least one state rule based upon a selected state statute; and generating a notification schedule when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the at least one contractual obligation, or combinations thereof. - View Dependent Claims (23, 24, 25)
-
-
26. A risk assessment server for managing a data incident, the server comprising:
-
a memory for storing executable instructions; a processor for executing the instructions; an input module stored in memory and executable by the processor to receive in response to an occurrence of the data incident, data incident data, the data incident data comprising information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; a risk assessment generator stored in memory and executable by the processor to generate a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising; at least one federal rule; at least one state rule, each of the rules defining requirements associated with data incident notification laws; and at least one contractual obligation defining contractual requirements of a breaching party due to the data incident, the breaching party being a party to the at least one contractual obligation; a user interface module stored in memory and executable by the processor to provide the risk assessment to a display device that selectively couples with the risk assessment server; and a rule generator stored in memory and executable by the processor to; generate the at least one federal rule from a federal statute that governs privacy breaches relative to protected health information (PHI);
orgenerate the at least one state rule from a state statute that governs privacy breaches relative to at least one of personally identifiable information (PII), PHI, or combinations thereof; and
further comprising a notification module generating a notification schedule when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the at least one contractual obligation, or combinations thereof.
-
-
27. A method for managing a data incident, comprising:
-
receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment; determining at least one contractual obligation existing between two or more parties, the at least one contractual obligation defining contractual requirements of a breaching party due to the data incident, the breaching party being one of the two or more parties; automatically generating, via the risk assessment server, a risk assessment for the breaching party using a comparison of the data incident data to privacy rules, the privacy rules comprising at least one of; at least one federal rule; at least one state rule, each of the rules defining requirements associated with data incident notification laws; and the at least one contractual obligation; providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; and generating a notification schedule when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the at least one contractual obligation, or combinations thereof. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A method performed by a risk assessment server that comprises a processor and memory for storing instructions, the processor executing the instructions to perform the method, the method comprising:
-
creating an incident record for a data incident, the incident record includes information regarding the data incident; selecting one or more roles for each party involved in the data incident, wherein any party can be assigned two or more roles for the data incident based on a contractual relationship with the party and another party; automatically generating a risk assessment from a comparison of the data incident to privacy rules; and generating a notification schedule for each party to the data incident that is based on the one or more roles for the party when the comparison of the privacy rules to the data incident indicates that the data incident violates at least one of at least one federal rule, at least one state rule, at least one contractual obligation, or combinations thereof.
-
Specification