Systems and methods for managing data incidents
First Claim
Patent Images
1. A method for managing a data incident, comprising:
- providing an external entity interface that receives;
external entity information comprising;
a contract between a first party and at least one additional party;
notification obligations that specify when the first party or the at least one additional party notifies entities that a data incident has occurred; and
properties that trigger an assessment of the notification obligations;
receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment by the first party or the at least one additional party;
comparing the data incident data to the properties that trigger an assessment;
wherein if the properties indicate that an assessment is required, generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising;
at least one federal rule;
at least one state rule, each of the rules defining requirements associated with data incident notification laws; and
the contract;
providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server;
generating a risk assessment guidance interface when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the contract, or combinations thereof; and
wherein the risk assessment guidance interface comprises an impact summary that indicates which state or federal rule was violated and one or more external entities implicated or impacted in the data incident.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing a data incident are provided herein. Exemplary methods may include providing an external entity interface that receives external entity information including a contract between a first party and at least one additional party, notification obligations that specify when the first party or the at least one additional party notifies entities that a data incident has occurred, and properties that trigger an assessment of the notification obligations. When an incident occurs, an assessment is completed and the results thereof are displayed on a risk assessment guidance interface.
-
Citations
23 Claims
-
1. A method for managing a data incident, comprising:
-
providing an external entity interface that receives; external entity information comprising; a contract between a first party and at least one additional party; notification obligations that specify when the first party or the at least one additional party notifies entities that a data incident has occurred; and properties that trigger an assessment of the notification obligations; receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional release of personally identifiable information to an untrusted environment by the first party or the at least one additional party; comparing the data incident data to the properties that trigger an assessment; wherein if the properties indicate that an assessment is required, generating, via the risk assessment server, a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising; at least one federal rule; at least one state rule, each of the rules defining requirements associated with data incident notification laws; and the contract; providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server; generating a risk assessment guidance interface when the comparison indicates that the data incident violates at least one of the at least one federal rule, the at least one state rule, the contract, or combinations thereof; and
wherein the risk assessment guidance interface comprises an impact summary that indicates which state or federal rule was violated and one or more external entities implicated or impacted in the data incident. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification