This series written for The IAPP Privacy Advisor by the team at RadarFirst is about establishing program metrics and benchmarking your privacy incident management program.Read more
The buzz around the California Consumer Privacy Act (CCPA) is a lot, well, buzzier these days, and for good reason. The January 1, 2020, effective date is little more than a month away, and security and privacy teams want guidance on CCPA compliance requirements. Rather than spend your valuable time reviewing just what those requirements are—which most of us are all too familiar with by now—it might be helpful to look at best practices for overall compliance. After all, the CCPA isn’t the only regulatory challenge organizations face.Read more
Here in the US, the winter holidays kick off with Thanksgiving. And as I digest my turkey dinner, I'll also be digesting the many issues and ideas presented at the 2019 IAPP-Europe Data Protection Congress in Brussels.Read more
Last week during the regional Health Care Compliance Association (HCCA) conference in Nashville, I was lucky enough to host a gathering of executives from privacy and compliance for a private executive dinner with Adam Greene, an influential thought leader in privacy and partner with Davis Wright Tremaine. Adam moderated a robust discussion that explored HIPAA and OCR enforcement trends, the growing divide between state consumer protection laws and Federal regulations, and speculation on what the future holds for healthcare companies in an increasingly fractured consumer protection landscape.Read more
For better or for worse, the California Consumer Privacy Act (CCPA) will finally go into effect on January 1, 2020, and the Internet is ablaze with advice on how to meet the regulatory requirements of what some are calling “the beginning of ‘America’s GDPR.’” Last-minute amendments and late-issued guidance from the California Attorney General make compliance a real challenge, however.Read more
The simulator illustrates the power of Radar’s patented Breach Guidance Engine™, leveraging automation and innovative technology to streamline compliance with data breach notification regulations, cutting incident response efforts in half.Read more
After much fanfare, the EU's General Data Protection Regulation (GDPR) went into effect in May of 2018. In May 2019, the European Data Protection Board (EDPB) issued its 1-year assessment of the GDPR. In the first year, over 89,000 data breaches had been logged by EEA Supervisory Authorities.Read more
Something we discuss pretty frequently around here at RadarFirst is the idea of sensitive data: what we call protected health information, personally identifiable information, or just personal data. We are constantly considering what qualifies as protected data under specific regulations, what risk the data may pose to individuals should it be disclosed in some way ... basically, what do we qualify as data we must protect as privacy professionals?Read more
Around the office, we talk a lot about how cyber attacks affect companies across many industries. We also often end up discussing the privacy industry itself. In a nutshell: it’s growing. And not just for the known players in the space. The industry is also seeing the introduction and proliferation of start ups and fresh faces.Read more
Traditionally, privacy and security have been poles apart. We’ve seen an increased effort in the industry to align these two functions, especially as heavyweight regulations like GDPR and CCPA become effective. This week’s 2019 PrivSec Conference at Columbia University in New York seeks to further unite privacy and security with two days of inspiration and instruction from industry leaders.Read more
How is it already November? Halloween is behind us, and thank goodness for that! Privacy professionals have more than enough to scare and trick us in our professional lives already–did you read my colleague Dorothy’s recent post about the rise in heart attacks following a ransomware data breach?Read more
If you’ve ever participated in an organized sport, you’re likely well aware of the importance of context when it comes to evaluating your performance as a player. Say, for example, I play soccer every weekend (which I do). Let’s imagine I’m arguably the best defender on my team - or even across all the recreational players involved (it’s fun to pretend). I might start feeling pretty good about myself, and how I perform on the pitch. Now imagine I’m suddenly pulled into an MLS game, playing against professionals in the field. I might be a good player on a limited bench - on weekends, playing against other amateur enthusiasts, but in a larger scale I cannot rank or make the cut.
Another week has gone by, and with it another news cycle filled with examples of recent data breaches, hacking attacks, and regulatory enforcements. Does it feel like our work as privacy professionals is enjoying a little too much of the limelight these days?Read more
Privacy and security incidents involving sensitive personal data are as individual as fingerprints. An incident involving misplaced paper records is vastly different from a large-scale cyber-attack affecting millions of people. Yet the organization with the paper incident and the organization with the cyber-attack are both subject to a complex web of global data breach notification laws—which could include GPDR, a mixture of U.S. federal / state regulations, and even unique demands under CCPA .
Earlier this year, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), amending New York State’s existing data breach notification law and creating new data security requirements for businesses collecting private information on New York Residents.Read more