DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-4, 7-11 and 14-18 are allowed.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/20/21 and 11/30/21 are being considered by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Scott Brient on 12/16/21.
The application has been amended as follows: 

1.	(Currently Amended) A method comprising:
	receiving, by computing hardware, information for a data breach incident, wherein the information identifies an affected jurisdiction;
generating, by the computing hardware, a questionnaire comprising a plurality of questions, wherein the plurality of questions included in the questionnaire is based on an ontology comprising a mapping of the plurality of questions to a plurality of activities to address the data breach incident;
causing, by the computing hardware, a request for an answer to each of the plurality of questions in the questionnaire from a user;
receiving, by the computing hardware, information indicating respective answers to each of the plurality of questions in the questionnaire originating from the user; 
determining, by the computing hardware and based on the respective answers to the plurality of questions, a plurality of required activities to address the data breach incident for the affected jurisdiction, wherein the plurality of required activities is a subset of the plurality of activities from the ontology to address the data breach incident;
generating, by the computing hardware, a graphical user interface by configuring a mechanism for each of the plurality of required activities 
providing, by the computing hardware, the graphical user interface for display on a computing device to a user;
	receiving, by the computing hardware, the indication via the mechanism for at least one of the plurality of required activities, wherein the indication corresponds to a progress of completion of the at least one of the plurality of required activities; and
	responsive to receiving the indication: 
generating, by the computing hardware, data breach response data identifying the progress of completion of the at least one of the plurality of required activities; and
customizing, by the computing hardware, the graphical user interface based on the data breach response data by:
configuring the graphical user interface to display at least one of (i) a readiness indicator representing a readiness of an entity to address the data breach incident for the affected jurisdiction or (ii) a plurality of comparison readiness indicators in which each comparison readiness indicator of the plurality of comparison readiness indicators represents a readiness of a different entity to address the data breach incident for the affected jurisdiction and a relative ranking of each comparison readiness indicator of the plurality of comparison readiness indicators and the readiness indicator of the entity.

2.	(Original) The method of Claim 1, wherein customizing the graphical user interface comprises reconfiguring the mechanism for at least one of the plurality of required activities based on the data breach response data. 

3.	(Original) The method of Claim 1, wherein the data breach response data indicates an urgency of addressing the data breach incident for the affected jurisdiction.

4.	(Original) The method of Claim 3, wherein: 
the information further identifies a second affected jurisdiction,
generating the graphical user interface is performed by configuring a second mechanism for each of a plurality of second required activities identified based on the information as a requirement for addressing the data breach incident in the second affected jurisdiction, the second mechanism being configured so that a second indication can be provided for a corresponding second required activity of the plurality of second required activities, and 
the method further comprises:

	responsive to receiving the second indication: 
generating, by the computing hardware, second data breach response data based on the progress of completion of the at least one of the plurality of second required activities, wherein the second data breach response data indicates an urgency of addressing the data breach incident for the second affected jurisdiction; and
customizing, by the computing hardware, the graphical user interface based on the second data breach response data, wherein the graphical user interface is customized to display the urgency of addressing the data breach incident for the second affected jurisdiction is higher than the urgency of addressing the data breach incident for the first affected jurisdiction. 

5.	(Cancelled) 

6.	(Cancelled) 

7.	(Currently Amended) The method of Claim 1, wherein the data breach response data comprises 


	a non-transitory computer-readable medium storing instructions; and
	a processing device communicatively coupled to the non-transitory computer-readable medium,
	wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: 
	generating a questionnaire comprising a plurality of questions, wherein the plurality of questions is included in the questionnaire based on an ontology mapping the plurality of questions to a plurality of activities to address a data breach incident;
	causing a request for an answer to each of the plurality of questions in the questionnaire from a user;
	receiving information indicating respective  answers originating from the user to each of the plurality of questions in the questionnaire;
	determining, based on the respective answers, a plurality of required activities to address the data breach incident for an affected jurisdiction, wherein the plurality of required activities is a subset of the plurality of activities from the ontology to address the data breach incident;
generating a graphical user interface by configuring a mechanism for each of the a computing device

	responsive to receiving the indication:
generating data breach response data based on the indication identifying the progress of completion of the at least one of the plurality of required activities; and 
customizing the graphical user interface based on the data breach response data by: 
configuring the graphical user interface to display at least one of (i) a readiness indicator representing a readiness of an entity to address the data breach incident for the affected jurisdiction or (ii) a plurality of comparison readiness indicators in which each comparison readiness indicator of the plurality of comparison readiness indicators represents a readiness of a different entity to address the data breach incident for the affected jurisdiction and a relative ranking of each comparison readiness indicator of the plurality of comparison readiness indicator and the readiness indicator of the entity.

9.	(Original) The system of Claim 8, wherein customizing the graphical user interface comprises reconfiguring the mechanism for at least one of the plurality of required activities based on the data breach response data. 

10.	(Original) The system of Claim 8, wherein the data breach response data indicates an urgency of addressing the data breach incident for the affected jurisdiction.


the information further identifies a second affected jurisdiction,
the operation for generating the graphical user interface comprises configuring a second mechanism for each of a plurality of second required activities identified based on the information as a requirement for addressing the data breach incident in the second affected jurisdiction, the second mechanism being configured so that a second indication can be provided for a corresponding second required activity of the plurality of second required activities, and 
the operations further comprises:
	receiving the second indication via the second mechanism for at least one of the plurality of second required activities, wherein the second indication corresponds to a progress of completion of the at least one of the plurality of second required activities; and
	responsive to receiving the second indication: 
generating second data breach response data based on the progress of completion of the at least one of the plurality of second required activities, wherein the second data breach response data indicates an urgency of addressing the data breach incident for the second affected jurisdiction; and
customizing the graphical user interface based on the second data breach response data, wherein the graphical user interface is customized to display the urgency of addressing the data breach incident for the second affected jurisdiction is higher than the urgency of addressing the data breach incident for the first affected jurisdiction. 

12.	(Cancelled) 

13.	(Cancelled) 

14.	(Currently Amended) The system of Claim 8, wherein the data breach response data comprises

15.	(Currently Amended) A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising:
	generating a questionnaire comprising a plurality of questions, wherein the plurality of questions included in the questionnaire is based on an ontology comprising a mapping of the plurality of questions to a plurality of activities to address a data breach incident;
	causing a request for an answer to each of the plurality of questions from a user;
	receiving information indicating respective answers to each of the plurality of questions in the questionnaire originating from the user; 
	determining, based on the respective answers to the plurality of questions, a plurality of required activities to address the data breach incident for the affected jurisdiction as a subset of the plurality of activities to address the data breach incident found in the ontology based on the answer to each of the plurality of questions indicated in the information;
generating a graphical user interface by configuring a mechanism for each of the
	providing the graphical user interface for display on a computing device;
receiving the indication via the mechanism for at least one of the plurality of required activities, wherein the indication corresponds to a progress of completion of the at least one of the plurality of required activities; and
	responsive to receiving the indication:
generating data breach response data based on the indication identifying the progress of completion of the at least one of the plurality of required activities; and 
customizing the graphical user interface based on the data breach response data by: 
configuring the graphical user interface to display at least one of (i) a readiness indicator representing a readiness of an entity to address the data breach incident for the affected jurisdiction or (ii) a plurality of comparison readiness indicators in which each comparison readiness indicator of the plurality of comparison readiness indicators represents a readiness of a different entity to address the data breach incident for the affected jurisdiction and a relative ranking of each comparison readiness indicator of the plurality of comparison readiness indicators and the readiness indicator of the entity.

16.	(Original) The non-transitory computer-readable medium of Claim 15, wherein customizing the graphical user interface comprises reconfiguring the mechanism for at least one of the plurality of required activities based on the data breach response data. 



18.	(Original) The non-transitory computer-readable medium of Claim 17, wherein: 
the information further identifies a second affected jurisdiction,
the operation for generating the graphical user interface comprises configuring a second mechanism for each of a plurality of second required activities identified based on the information as a requirement for addressing the data breach incident in the second affected jurisdiction, the second mechanism being configured so that a second indication can be provided for a corresponding second required activity of the plurality of second required activities, and 
the operations further comprises:
	receiving the second indication via the second mechanism for at least one of the plurality of second required activities, wherein the second indication corresponds to a progress of completion of the at least one of the plurality of second required activities; and
	responsive to receiving the second indication: 
generating second data breach response data based on the progress of completion of the at least one of the plurality of second required activities, wherein the second data breach response data indicates an urgency of addressing the data breach incident for the second affected jurisdiction; and
customizing the graphical user interface based on the second data breach response data, wherein the graphical user interface is customized to display the urgency of addressing the data breach incident for the second affected jurisdiction is higher than the urgency of addressing the data breach incident for the first affected jurisdiction. 



20.	(Cancelled) 

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: 
Prior art of record Belfiore, Jr. et al.  U.S. Pub. No. 20180146004, discloses method for cybersecurity risk assessment of an organization’s technology infrastructure includes identifying features of the technology infrastructure and automatically generating a threat profile relevant to both the technology infrastructure and the organization’s business, where the threat profile includes potential threat actors and threat scenarios applicable to the technology infrastructure.
Bell et al. U.S. Pub. No. 20160246991 discloses a method for automated data privacy compliance that involves a data operations server receiving information via a web server regarding an initiative and packaging the initiative information for assessment by a data privacy legal compliance function.
The prior art of record, individually or in combination, does not explicitly disclose the specific steps recited in independent claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 

Maung U.S. Pub. No. 20180285887 discloses computing systems for heterogeneous regulatory control compliance monitoring and auditing.
Federgreen et al. U.S. Pub. No. 20150154520 discloses automated data breach notification.
Driscoll et al. U.S. Pat. No. 10373119 discloses checklist generation.
Chieu et al. U.S. Pub. No. 20200092179 discloses compliance validation for services based on user selection.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHIN HON (ERIC) CHEN whose telephone number is (571)272-3789.  The examiner can normally be reached on Monday to Thursday 9am- 7pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 






/SHIN-HON (ERIC) CHEN/Primary Examiner, Art Unit 2431