RADAR Blog

On Our Radar: April 19, 2019

Last week I hit the road, finding myself in discussions around the state of privacy in a couple of contexts. At the Annual HCCA Compliance Institute in Boston, I found myself deep in discussions with privacy professionals who are in the thick of sorting through regulatory complexities and bear the weight of their organization’s pursuit of privacy excellence. In another setting, I was able to sit down with students at the University of Maine School of Law to tackle the very practical approaches to privacy, taking what is discussed in the classroom and discussing tangible ways privacy best practices can be operationalized in the field.

Read more

Have a Breach? Be Prepared to Notify the State Attorney General

Reports of data breaches fill today’s news feeds with alarming frequency. Given the inevitability of breaches—including high-profile onesstate attorneys general are taking a more active role in helping consumers deal with the repercussions of a data breach, investigate data security lapses, and enforce data breach notification laws.

Read more

On Our Radar: April 12, 2019

My work with RADAR has afforded me the opportunity to attend a number of privacy events in the past few years. Just this week I had the pleasure of attending the American Bankers Association RIsk Management Conference in Austin. This event, which covered a wide range of risk concerns for banking professionals, surfaced many conversations about breach notification requirements and the challenges facing privacy professionals.

Read more

On Our Radar: April 5, 2019

In my role at RADAR, I have the distinct pleasure of working directly with our customers, learning about the challenges they face and the success they find in building a strong culture of compliance within their organizations.

Read more

Evaluating Incident Response Solutions: Why a Fortune 150 Financial Company Selected RADAR

Privacy and security incidents that expose sensitive customer data happen all the time, and when they do, you have to act quickly and strategically. The right technology for managing your incident response process is crucial to protecting your customers and your organization against breach risks.

Read more

On Our Radar: March 29, 2019

As a Legal and Privacy Associate at RADAR, staying ahead of the constantly changing privacy law landscape is part and parcel with my job. These days, when it comes to privacy law, change is the only constant. I find updates from regulators, regulatory enforcement actions, and individuals exercising their private right of action of particular interest. These updates and actions serve as reminders to privacy professionals of the very real consequences that can come out of an organization’s culture of compliance. It’s up to your team to decide if those consequences will be dire due to an insufficient privacy program, or positive due to best-in-class privacy practices.

Read more

Benchmarking for GDPR: How often are organizations reporting data breaches to authorities and subjects?

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

Read more

On Our Radar: March 22, 2019

Welcome to the first part in an ongoing blog series, On Our Radar. The RADAR team is constantly researching and reading about the privacy industry. In this ever-shifting field, we recognize how important it is to stay on top of the latest advancements, news, and research impacting the way privacy professionals go about their work. This continuing blog series, hosted by alternating members of the RADAR team, will be our place to share what we’ve learned and what we’re keeping an eye on with all of you.

Read more

As CCPA Effective Date Looms, Questions Remain

Last week, myself and members of the RADAR team were able to attend the IAPP CCPA Comprehensive in Fremont, California. This day-long program focused on the California Consumer Privacy Act (CCPA), with a special focus on the act’s scope, definitions, General Data Protection Regulation (GDPR) inspiration, and areas for further clarification.

Read more

Beating the High Cost of Inefficient and Inconsistent Processes with Privacy Automation

As privacy grows in importance, so does the need for effective incident response management. Ideally, this includes consistent processes, well-established policies and procedures, collaboration across departments, and proof of compliance. The reality is often a lot different—and a lot more chaotic.

Read more

Anatomy of a Privacy Incident: Webinar Q&A

The recent webinar Anatomy of A Privacy Incident: Data Breach Response and Investigation Best Practices dove into the best practices for designing an incident response program that encourages an organization-wide culture of compliance. Panelists Andrew Reeder from Rush University Medical Center and Asra Ali from Healthscape Advisors lead a lively discussion into the ins and outs of compliance programs, covering topics ranging from common presumptions and best practices for managing the phases of incident response within an organization. 

Anatomy of a Privacy Incident:  Data Breach Response and Investigation Best Practices  Request the webinar recording > Read more

How often do notification exceptions apply? We look to the data

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management brought to you by RADAR. Find earlier installments of this series here.

Read more

The One Challenge We’re all Too Familiar With: Lack of Budget For Incident Response

“There is only one amount of money—just not enough,” author Andrew Kaufman once wrote. Many departments in an organization feel the financial pinch, especially privacy teams, who face the challenge of completing herculean tasks on a small budget. Privacy budgets tend to be microscopic compared to those of security or IT/infosec teams. Thus, critical privacy activities such as incident response often get lower budgetary priority than new cybersecurity initiatives—and when that happens, the entire organization is at risk.

Read more

The Sooner the Better: Increasing Specificity in Notification Timelines

Today’s world is built for speed. Want a ride? Get an Uber or Lyft at your door in 10 minutes. Want your food faster? Use Grubhub and order ahead. Have a data breach requiring notification? Work quickly, because you may only have 72 hours to provide notification to individuals and regulatory authorities, depending on the jurisdiction.

Read more

A Regulatory Trend to Watch: The Expanding Scope of Personal Information

In 2018, less than 10 percent of data privacy or security incidents were breaches requiring notification. Yet it wouldn’t be surprising if that percentage starts to increase. One of the key factors in breach determination is the nature of the personal information exposed. Last year, we saw a significant expansion in the definition of personal information across multiple laws.

Read more