Systems and Methods for Managing Data Incidents
First Claim
1. A method for managing a data incident, comprising:
- receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional compromise, disclosure or release of personal data or personally identifiable information to an untrusted or unauthorized environment;
automatically generating, via the risk assessment server, a risk assessment and decision-support guidance whether the data incident is reportable from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one European General Data Privacy Regulation (GDPR) rule, each rule defining requirements associated with data incident notification obligations; and
providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server.
4 Assignments
0 Petitions
Accused Products
Abstract
According to some exemplary embodiments, the present technology is directed to methods for managing a data incident, including receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional compromise, disclosure or release of personal data or personally identifiable information to an untrusted or unauthorized environment, automatically generating, via the risk assessment server, a risk assessment and decision-support guidance whether the data incident is reportable from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one European General Data Privacy Regulation (GDPR) rule, each rule defining requirements associated with data incident notification obligations, and providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server.
17 Citations
22 Claims
-
1. A method for managing a data incident, comprising:
-
receiving, via a risk assessment server, in response to an occurrence of the data incident, data incident data that comprises information corresponding to the data incident, the data incident further comprising intentional or unintentional compromise, disclosure or release of personal data or personally identifiable information to an untrusted or unauthorized environment; automatically generating, via the risk assessment server, a risk assessment and decision-support guidance whether the data incident is reportable from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one European General Data Privacy Regulation (GDPR) rule, each rule defining requirements associated with data incident notification obligations; and providing, via the risk assessment server, the risk assessment to a display device that selectively couples with the risk assessment server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 20, 21)
-
-
14. A risk assessment server for managing a data incident, the server comprising:
-
a memory for storing executable instructions; a processor for executing the instructions; an input module stored in memory and executable by the processor to receive in response to an occurrence of the data incident, data incident data, the data incident data comprising information corresponding to the data incident, the data incident further comprising intentional or unintentional compromise, disclosure or release of personal data, personally identifiable information, or protected health information to an untrusted or unauthorized environment; a risk assessment generator stored in memory and executable by the processor to generate a risk assessment from a comparison of the data incident data to privacy rules, the privacy rules comprising at least one federal rule, at least one state rule, and at least one European General Data Privacy Regulation (GDPR) rule, each of the rules defining requirements associated with data incident notification laws; and a user interface module stored in memory and executable by the processor to provide the risk assessment to a display device that selectively couples with the risk assessment server. - View Dependent Claims (15, 16, 17, 18, 19, 22)
-
Specification