Patent Issued for Systems and methods for identification and management of compliance-related information associated with enterprise it networks (USPTO 11568285): Canopy Software Inc.

2023 FEB 22 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent by the inventors Nickl, Ralph (Reston, VA, US), Sears, Oran (Reston, VA, US), filed on August 9, 2021, was published online on January 31, 2023, according to news reporting originating from Alexandria, Virginia, by NewsRx correspondents.

Patent number 11568285 is assigned to Canopy Software Inc. (Reston, Virginia, United States).

The following quote was obtained by the news editors from the background information supplied by the inventors:

“According to Statista.com, in 2019, 1,473 data breaches were reported in the United States, which exposed over 164.68 million sensitive records. In the first half of 2020, 540 data breaches were reported. As would be appreciated, a data breach occurs when a cybercriminal (a/k/a “hacker”) exfiltrates private data from a network, device, or system. This can be done by the hacker’s accessing of a computer or a device to expropriate stored thereon or by bypassing network security remotely to gain access to the data files stored in or associated with the network. While most reported data breaches can be attributed to hacking or malware attacks by third parties with nefarious intentions, other breaches can be attributed to insider leaks, payment card fraud, loss or theft of a physical hard drive of files, and human error. Data breaches can be quite expensive to organizations that own or are responsible for the data involved in the data breach event. Costs associated with addressing data breaches typically include tangible costs related to regulatory compliance (e.g., notification of affected individuals/organizations/regulatory agencies), remediation (e.g., repairing/hardening the network, providing security to affected individuals/organization), and liability payments (e.g., damages paid to affected individuals/organizations, penalties/penalties paid to regulatory agencies) investigation. Indirect costs (reputational damages, providing cyber security to victims of compromised data, etc.) often also result.

“The subject matters of data files involved in data breaches will vary according to the business use case for the enterprise IT network that is breached by the data hack. To this end, data breach events may be associated with personal or company financial information such as credit card or bank details, an individual’s personal health information (“PHI”), an individual’s personally identifiable information (“PII”), or intellectual property, among other things.

“A familiar example of a data breach is when a hacker gains unauthorized access into a corporate network and exfiltrates sensitive data out of one or more databases accessible via the hacker’s point of entry. However, not all breaches are associated with bad intent. If an unauthorized hospital employee views a patient’s health information on a computer screen over the shoulder of an authorized employee, that also constitutes a data breach as defined by the regulatory frameworks associated with private health information.

“Data breaches can occur when employees use weak passwords, when known software errors are exploited and when computers and mobile devices that are associated with a network are lost or stolen. Users’ connections to rogue wireless networks that capture login credentials or other sensitive information in transit can also lead to unauthorized exposures. Social engineering-especially attacks carried out via email phishing-can lead to users providing their login credentials directly to attackers or through subsequent malware infections. Criminals can then use the credentials they obtained to gain entry to sensitive systems and records-access which often can go undetected for months, or even indefinitely. Threat actors can also target third-party business partners in order to gain access to large organizations; such incidents typically involve hackers compromising less secure businesses to obtain access to the primary target on which networks valuable information resides.

“In the US, there is no comprehensive federal law that regulates the rights of data owners and the attendant obligations of those organizations or enterprises that are fully or partly responsible for a data breach. A wide variety of industry guidelines and government compliance regulations mandate strict control of sensitive data types with a goal of preventing unauthorized access thereto that constitutes a data breach. Within a corporate environment, for example, the Payment Card Industry Data Security Standard (“PCIDSS”) defines who may handle and use PII, such as credit card numbers when available in conjunction with the cardholders’ names and addresses. Within a healthcare environment, the Health Insurance Portability and Accountability Act (“HIPAA”) regulates who may see and use PHI, such as a patient’s name, date of birth, and healthcare diagnoses and treatments. There are also specific requirements for the reporting of data breaches via HIPAA-and its Health Information Technology for Economic and Clinical Health (HITECH) Act and Omnibus Rule-as well as the various state breach notification laws. The consequences of intellectual property data breaches can lead to significant legal disputes, as well as business losses if the breach is made public.

“In the absence of comprehensive US federal government regulation, many states have enacted data breach notification laws that require both private and public entities to notify individuals, whether customers, consumers or users, of breaches involving certain types of data, such as PII. The deadline to notify individuals affected by breaches can vary from state to state, and the specific notification requirements of each jurisdiction can differ markedly, thus making it somewhat onerous for those bearing compliance-related responsibilities associated with data breaches to meet their notification obligations. This is especially true since most companies that are susceptible to data breaches engage in internet commerce, which means that their customers should be considered to be located in each of the 50 states. It follows that it may be necessary to perform individualized compliance activities for every state and, as such, compliance with the various regulatory obligations associated with a single data breach event can be quite complex. Moreover, given the short time deadlines associated with some of the jurisdictions (e.g., Colorado and Florida have 30 day provisions), time is of the essence in identifying those affected by a data breach and determining the nature and content of the data that may have been associated with the data breach.

“In the US, the California Consumer Privacy Act (“CCPA”) came into effect in early 2020. This law is the most stringent in the US today and since many, if not most, companies that transact business in the US will likely interact with California residents, the provisions of this law are of intense interest. Broadly, the CCPA gives consumers more control over the personal information that businesses collect about them by providing persons with a number of rights:”

In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “Aspects of the present disclosure are related to identification and management of compliance-related information associated with data breach events. In one aspect, among others, a method of managing compliance-related activities after a data breach associated with an enterprise IT network comprises receiving, by at least one computer, a first data file collection associated with a first data breach event. The first data file collection can be generated by analysis of the first data breach event and derived from a bulk data file collection stored on or associated with a first enterprise IT network of interest for monitoring for an occurrence of data breach events; the first data file collection can comprise at least some of structured, unstructured, and semi-structured data file types; and at least some of the first data file collection can comprise protected information having compliance-related activities associated therewith. The method further comprises generating, by the at least one computer, information associated with presence or absence of protected information elements of all or part of the first data file collection and, if the generated information indicates that a data file in the first data file collection includes the protected information elements, incorporating that data file in a second data file collection; analyzing, by at least one human reviewer, a subset of individual data files selected from the second data file collection to validate that each data file in the subset of individual data files comprises one or more of the protected information elements; and incorporating, by the at least one computer, the information associated with the analysis of the subset of individual data files into machine learning information configured for subsequent analysis of either or both of the first and second data file collections. If it is determined that the one or more protected information elements are not present in a data file, that data file can be removed, by the at least one human reviewer, from the second data file collection and re-incorporating that data file into the first data file collection; or if it is determined that the one or more protected information elements are present in a data file: at least one entity identification can be derived, by either or both of the at least one human reviewer or the at least one computer, for an entity associated with each of the one or more protected information elements in that data file, wherein the entity comprises an individual, a group of individuals, an organization, or a company; and information associated with each of the one or more protected information elements and the associated entity can be generated by either or both of the at least one human reviewer or the at least one computer.

“In various aspects, the unstructured data file type in the first data file collection can comprise image files. The method can further comprise selecting, by the at least one computer, a subset of image files from either or both of the first and second data file collections; configuring, by the at least one computer, the subset of image files for display and selection on a user device associated with the at least one human reviewer; displaying, by the at least one computer, a plurality of the image files from the subset of image files on the user device; selecting, by the at least one human reviewer, a displayed image when the at least one human reviewer identifies that the displayed image is associated with the one or more protected information elements; and recording, by the at least one computer, information associated with the at least one human reviewer’s selection of the displayed image, thereby providing identification information for the presence or absence of the one or more protected information elements in at least some image files in the subset of image files selected from either or both of the first and second data file collections. The method can further comprise incorporating, by the at least one computer, the identification information into machine learning training information; and analyzing, by the at least one computer, image files in the first and second data file collections for the presence of the one or more protected information elements.

“In one or more aspects, the method can further comprise identifying, by the at least one computer, some or all of the one or more protected information elements and the at least one entity identification in the image files; and extracting, by the at least one computer, the identified protected information elements and the at least one entity identification from the image files for incorporation in a database. The method can further comprise recording, by the at least one computer, information associated with the analysis by the at least one human reviewer of each of the subset of individual data files in the second collection of data files; and incorporating, by the at least one computer, the at least one human reviewer’s analysis information as training information for use in subsequent analysis of one or more of: data files in the first data file collection; data files in the second data file collection that are not included in the subset of individual data files; data files in the subset of individual data files that have not yet been reviewed by the at least one human reviewer; a third data file collection derived from a bulk data file collection stored on or associated with the first enterprise IT network, wherein the third data file collection is generated after a second data breach event associated with the first enterprise IT network; or a fourth data file collection derived from a bulk data file collection stored on or associated with a second enterprise IT network that is different from the first enterprise IT network, wherein the fourth data file collection is generated after a data breach event occurring on the second enterprise IT network.

“In some aspects, the method can further comprise determining, by the at least one computer, whether one or more second collection data files of the second data file collection are associated with the at least one identified entity and, if other second collection data files are associated with that identified entity, generating linkages between the entity-associated files, thereby providing a linked data file collection linked with one or more entity identifications having the one or more protected information elements associated therewith. Each of the second data file collection can be arranged for display and selection on a display device associated with the at least one human reviewer as one or more of: a plurality of defined categories of the protected information elements; a count of data files comprising the protected information elements; and a count of data file categories comprising the protected information elements. The method can further comprise displaying, by the at least one computer, text summaries extracted from a data file in the second data file collection on a device display of the at least one human reviewer; selecting, by the at least one human reviewer, some or all of the highlighted protected information elements and entity identifications, thereby providing human reviewer validation of the protected information elements and entity identifications in the data file; and adding, by the at least one computer, the selected protected information elements and entity identifications to the database. The displayed text summaries can comprise each of a protected information element and an entity identification in the data file; the text summaries can each be provided on the display with highlighting generated by the at least one computer; and the text summaries can be configured to allow the at least one human reviewer to select all or part of each of the protected information element and entity identification.

“In various aspects, when the second data file collection is identified by either or both of the at least one human reviewer or the at least one computer as comprising a plurality of protected information elements associated with one or more entity identifications, each of the plurality of protected information elements can be linked to each of the one more entity identifications. The second data file collection can comprise an unstructured data file and the plurality of protected information data elements associated with the one or more entity identifications are included as tabular data in the unstructured data file. The identification of protected information in the first data file collection can be associated with a generated confidence level. When a determination that a data file in the first data file collection meets or exceeds the generated confidence level, that data file can be included in the second data file collection. The compliance-related activities can be defined by one or more of laws, regulations, policies, procedures, and contractual obligations associated with the protected information. The compliance-related activities can comprise one or more of: notifying, by the at least one computer or by a manager of the first enterprise IT network, each identified entity of the protected information associated with that entity that was involved with the first data breach event; and notifying, by the at least one computer or the first enterprise IT network manager, a regulatory authority of the first network breach event and providing the regulatory authority with information associated with the identified entities having the protected information involved in the first data breach event.”

The claims supplied by the inventors are:

“1. A method of identifying protected information elements associated with unique entities in data file collections comprising: a. receiving, by a computer, a first data file collection comprising a plurality of data files stored on or associated with an enterprise IT network, wherein; i. the first data file collection includes the plurality of data files comprising structured, unstructured, and semi-structured file types; and ii. at least a portion of the plurality of data files comprises one or more protected information elements associated with one or more unique entities having one or more entity identifications; b. analyzing, by the computer, the plurality of data files to identify a presence of protected information elements; c. generating, by the computer, information about the first data file collection comprising: i. a count of data files; ii. a listing of data file types; iii. a listing of protected information element types in the plurality of data files; iv. a count of protected information element types; v. a count of protected information elements in the plurality of data files; vi. a count of protected information elements in each data file; vii. a count of protected information elements per each data file type; viii. a count of data files including at least one protected information element; and ix. an entity count, wherein the entity count includes more than one entity identification associated with some unique entities; and d. configuring, by the computer, the generated information about the first data file collection for use in machine learning information for use in evaluating additional data file collections; e. generating, by the computer, a second data file collection comprising each first collection data file identified by the computer as including one or more protected information elements; f. configuring, by the computer, a plurality of identified data files in the second data file collection for display and selection on a user device; g. displaying, by the computer, one or more of the plurality of identified data files on the user device; h. analyzing, by a human reviewer, the one or more displayed data files to confirm computer identification of the one or more protected information elements in each of the one or more displayed data files, wherein: i. if the human reviewer confirms that the one or more protected information elements are not present in the displayed data file, the method further comprises: 1. electing, by the human reviewer, that displayed data file for removal from the second data file collection; and 2. removing, by the computer, that displayed data file from the second data file collection; or ii. if the human reviewer confirms that the one or more protected information elements are present in the displayed data file, the method further comprises: 1. selecting, by the human reviewer, that displayed data file to remain in the second data file collection; and 2. linking, by either or both the human reviewer or the computer, each of the one or more protected information elements with a unique entity having one or more entity identifications; and i. recording, by the computer, information associated with the human reviewer’s actions; and j. incorporating, by the computer, information derived from the human reviewer’s actions into the machine learning information for use in subsequent data file analyses.

“2. The method of claim 1 further comprising generating a data file review plan associated with human review of at least a portion of the plurality of data files in the first data file collection for identification, by one or more human reviewers, of protected information element types associated with the one or more unique entities having one or more entity identifications.

“3. The method of claim 1, wherein the generated information about the first data file collection is configured for use in a dashboard, and wherein the dashboard is configured for display of at least the following generated information on a user device: a. the count of data files; b. the listing of data file types; c. the listing of protected information element types in the plurality of data files; d. the count of protected information element types; e. the count of protected information elements; f. the count of protected information elements in each data file; g. the count of protected information elements per each data file type; h. the count of data files including at least one protected information element; and i. the entity count.

“4. The method of claim 1, further comprising: a. identifying, by the computer, additional data files in either or both of the first and second data file collections having a presence of: i. one or more protected information elements associated with one or more unique entities having one or more entity identifications; or ii. one or more entity identifications associated with a unique entity; b. determining, by the computer or by the human reviewer, whether one or more identified protected information elements or one or more entity identifications are associated with a unique entity; c. generating, by the computer, data file linkage information for each protected information element determined to be associated with a unique entity; and d. configuring, by the computer, the data file linkage information for use in one or more of: i. a user notification; ii. a report; iii. a dashboard; or iv. the machine learning information for use in subsequent data file analyses.

“5. The method of claim 1, wherein the first and second data file collections include data files comprising tabular data associated with a plurality of unique entities having one or more entity identifications, and the method further comprises: a. identifying, by the computer, a first data file comprising tabular data having one or more rows or columns including either or both of one or more protected information elements and one or more entity identifications associated with a unique entity; b. configuring, by the computer, the first data file for display and selection on the user device; c. displaying, by the computer, the first data file on the user device; d. identifying, by the human reviewer, one or more columns or rows on the displayed first data file as corresponding to a protected information element type or an entity identification; e. generating, by the computer, linkage information for the protected information element type and a corresponding entity identification; f. recording, by the computer, information derived from the human reviewer’s actions in: i. identifying the protected information element type; ii. identifying the entity identification; and iii. generating the linkage information; and g. incorporating, by the computer, the recorded information into the machine learning information for use in subsequent data file analyses.

“6. The method of claim 1, wherein a plurality of entity identifications for a unique entity are present in at least a portion of the data files of the first and second data file collections and the method further comprises performing, by the computer, an entity resolution step, thereby generating resolved unique entity identifications for at least a portion of the unique entities in the first and second data file collections.

“7. The method of claim 6, wherein each resolved unique entity identification is linked to one or more protected information elements, and wherein linkage information for the resolved unique entity identification and the one or more protected information elements is configured for use in one or more of: a. a user notification; b. a report; c. a dashboard; d. the machine learning information for use in subsequent data file analyses; or e. a notification to a unique entity having one or more protected information elements present in one or more data files in the first or second data file collections.

“8. The method of claim 1, wherein the generated information about the first data file collection is derived from analysis, by the computer, of the enterprise IT network after receipt of a notification of a data breach event.

“9. The method of claim 1, wherein at least a portion of the one or more protected information elements is associated with one or more compliance-related activities defined by one or more of laws, regulations, policies, procedures, and contractual obligations associated with the protected information elements.”

There are additional claims. Please visit full patent to read further.

URL and more information on this patent, see: Nickl, Ralph. Systems and methods for identification and management of compliance-related information associated with enterprise it networks. U.S. Patent Number 11568285, filed August 9, 2021, and published online on January 31, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11568285)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)