RadarFirst Blog

Action Item: Benchmark-based Planning for 2020

This series written for The IAPP Privacy Advisor by the team at RadarFirst is about establishing program metrics and benchmarking your privacy incident management program. 

Read more

Overwhelmed by CCPA Compliance? 4 Best Practices to Keep You On Track

The buzz around the California Consumer Privacy Act (CCPA) is a lot, well, buzzier these days, and for good reason. The January 1, 2020, effective date is little more than a month away, and security and privacy teams want guidance on CCPA compliance requirements. Rather than spend your valuable time reviewing just what those requirements are—which most of us are all too familiar with by now—it might be helpful to look at best practices for overall compliance. After all, the CCPA isn’t the only regulatory challenge organizations face. 

Read more

Highlights from the IAPP DPC Conference: Global Regulatory Challenges in Privacy

Here in the US, the winter holidays kick off with Thanksgiving. And as I digest my turkey dinner, I'll also be digesting the many issues and ideas presented at the 2019 IAPP-Europe Data Protection Congress in Brussels. 

Read more

Healthcare Privacy Concerns: Balancing Patient Care and Compliance

Last week during the regional Health Care Compliance Association (HCCA) conference in Nashville, I was lucky enough to host a gathering of executives from privacy and compliance for a private executive dinner with Adam Greene, an influential thought leader in privacy and partner with Davis Wright Tremaine. Adam moderated a robust discussion that explored HIPAA and OCR enforcement trends, the growing divide between state consumer protection laws and Federal regulations, and speculation on what the future holds for healthcare companies in an increasingly fractured consumer protection landscape.

Read more

Amid a Flurry of Amendments and AG Guidance, the CCPA Deadline Looms Near

For better or for worse, the California Consumer Privacy Act (CCPA) will finally go into effect on January 1, 2020, and the Internet is ablaze with advice on how to meet the regulatory requirements of what some are calling “the beginning of ‘America’s GDPR.’” Last-minute amendments and late-issued guidance from the California Attorney General make compliance a real challenge, however.

Read more

RadarFirst Launches Incident Risk Assessment Simulator

The simulator illustrates the power of Radar’s patented Breach Guidance Engine™, leveraging automation and innovative technology to streamline compliance with data breach notification regulations, cutting incident response efforts in half.

Read more

The Pitfalls of Over-reporting Under the GDPR

After much fanfare, the EU's General Data Protection Regulation (GDPR) went into effect in May of 2018. In May 2019, the European Data Protection Board (EDPB) issued its 1-year assessment of the GDPR. In the first year, over 89,000 data breaches had been logged by EEA Supervisory Authorities. 

Read more

On Our Radar: November 15, 2019

Something we discuss pretty frequently around here at RadarFirst is the idea of sensitive data: what we call protected health information, personally identifiable information, or just personal data. We are constantly considering what qualifies as protected data under specific regulations, what risk the data may pose to individuals should it be disclosed in some way ... basically, what do we qualify as data we must protect as privacy professionals? 

Read more

On Our Radar: November 8, 2019

Around the office, we talk a lot about how cyber attacks affect companies across many industries. We also often end up discussing the privacy industry itself. In a nutshell: it’s growing. And not just for the known players in the space. The industry is also seeing the introduction and proliferation of start ups and fresh faces.

Read more

5 Hot Topics from the PrivSec Conference in New York

Traditionally, privacy and security have been poles apart. We’ve seen an increased effort in the industry to align these two functions, especially as heavyweight regulations like GDPR and CCPA become effective. This week’s 2019 PrivSec Conference at Columbia University in New York seeks to further unite privacy and security with two days of inspiration and instruction from industry leaders. 

Read more

On Our Radar: November 1, 2019

How is it already November? Halloween is behind us, and thank goodness for that! Privacy professionals have more than enough to scare and trick us in our professional lives already–did you read my colleague Dorothy’s recent post about the rise in heart attacks following a ransomware data breach

Read more

Evaluate Your Privacy Incident Response Program: Introducing New Quarterly Benchmarking Metrics

If you’ve ever participated in an organized sport, you’re likely well aware of the importance of context when it comes to evaluating your performance as a player. Say, for example, I play soccer every weekend (which I do). Let’s imagine I’m arguably the best defender on my team - or even across all the recreational players involved (it’s fun to pretend). I might start feeling pretty good about myself, and how I perform on the pitch. Now imagine I’m suddenly pulled into an MLS game, playing against professionals in the field. I might be a good player on a limited bench - on weekends, playing against other amateur enthusiasts, but in a larger scale I cannot rank or make the cut.

Read more

On Our Radar: October 24, 2019

Another week has gone by, and with it another news cycle filled with examples of recent data breaches, hacking attacks, and regulatory enforcements. Does it feel like our work as privacy professionals is enjoying a little too much of the limelight these days?

Read more

Built to Win: 5 Steps of a Proactive Incident Response Plan that Works

Privacy and security incidents involving sensitive personal data are as individual as fingerprints. An incident involving misplaced paper records is vastly different from a large-scale cyber-attack affecting millions of people. Yet the organization with the paper incident and the organization with the cyber-attack are both subject to a complex web of global data breach notification laws—which could include GPDR, a mixture of U.S. federal / state regulations, and even unique demands under CCPA .

Read more

Changing Data Breach Laws: The New York SHIELD Act

Earlier this year, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), amending New York State’s existing data breach notification law and creating new data security requirements for businesses collecting private information on New York Residents. 

Read more