| 摘要 |
Computer-implemented methods and systems for data breach compliance are disclosed. Organization related information may be received. Breach information relating to a data breach event of the organization may be received. The breach information may include, for example, breach event description information, compromised personally identifiable information, and remediation action information. A breach report may be generated based on the breach information, the organization related information, and one or more rules related to data breach. At least one reporting entity may be determined based on the organization related information, the breach information, and the one or more rules. The breach report may be output. |
| 主权项 |
1. A computer-implemented method for data breach compliance, comprising:
receiving information related to an organization; receiving breach information relating to a data breach event of the organization, the breach information including breach event description information, compromised personally identifiable information (PII), and remediation action information; generating a breach report based on the breach information, the organization related information, and one or more rules related to data breach; determining, based on a comparison of the organization related information, the breach information, and one or more of the following: state rules, federal rules, international rules, industry standards, and rules applicable to the breach event, whether the breach report is in the proper format; modifying the breach report, if it is determined that the proper format is an entity specific format, to include predetermined data entry fields; selecting one or more reporting entities based on one or more geographic locations associated with the data breach event, where the one or more geographical locations are determined based on the organization related information, the breach information, and the one or more rules, the selecting comprising the steps of:
determining, if the one or more geographic locations are in the United States, any applicable attorney general reporting rules and applicable long reach rules associated with the one or more geographical locations,selecting one or more reporting entities based on the applicable attorney general reporting rules and the applicable long reach rules, andselecting, if the breach information indicates the breach is related to an international jurisdiction, one or more reporting entities based on rules associated with the international jurisdiction; selecting one or more reporting entities based on one or more types of breached data, where the one or more types of breached data are determined based on the compromised PII, the selecting comprising the steps of:
selecting, if the breached data includes health care related information, at least one reporting entity associated with health care,selecting, if the breached data includes credit card related information, at least one credit card related entity, andselecting a reporting entity based on one or more of rules, regulations, and laws associated with the compromised PII; outputting, if the breach information indicates the breach is related to the United States, the breach report to a United States agency; and outputting the breach report to the one or more reporting entities. |
