Assessing PII Incidents
PII—personally identifiable information—is entrusted to financial services organizations, insurance companies, and many other businesses for safekeeping. But the privacy, security, and data breach notification regulations associated with this data are strict.
As a result, privacy or security incidents that compromise PII can be disastrous. For instance, a 2014 Ponemon Institute survey found that the average cost of a data breach to be $3.5 million—a 15 percent increase from last year.
GLBA and state breach notification laws
Financial services organizations are subject to compliance with the Gramm-Leach-Bliley Act (GLBA), via its Safeguards Rule, which is enforced by the Federal Trade Commission (FTC). Recently, the FTC has been more aggressive in enforcing these regulations. In addition, all organizations that hold PII are subject to 47 state breach notification laws—laws that are inconsistent and can be confusing to navigate. Achieving regulatory compliance and avoiding costly fines and lawsuits—and protecting customers’ financial and reputational health—has never been more complex.
Rely on RADAR® for compliant, efficient incident response management
RADAR is patented, award-winning software that simplifies the complexities of incident response management for financial services companies and other businesses—to help ensure GLBA and state-law compliance, and reduce data breach risks.
RADAR has helped numerous enterprises successfully manage their response to privacy or security incidents involving PII. RADAR provides:
- Breach guidance using the latest breach notification laws, including GLBA and state laws.
- A consistent, defensible, and repeatable method for incident risk assessments as required by law.
- “Burden of proof” for state Attorneys General, and other regulators or auditors.
- Collaborative workflow and recommended actions for a compliant response.