- Perceived barriers for leveraging intelligent incident response automation
- The role of automation, the importance of blending, and ensuring the “regulatory currency”
- Actionable steps to move from spreadsheets to automation
Read more below.
Say Goodbye to Spreadsheets with Intelligent Incident Response Automation
Challenges. Barriers. Obstacles. Not the words we like to use when describing incident response management, but let’s face the realities. In the latest IAPP webinar, Privacy Incident Management Meets Intelligent Automation, part of the IAPP Global Privacy Summit Online 2021 web series — Mahmood Sher-Jan, founder and CEO, RadarFirst, talks with guest presenters, Trish Martin, director, privacy compliance at Guardian Life and Rachel Reid, CIPP/E, CIPP/US, SVP, deputy general counsel, corporate secretary and Chief Privacy Officer at Voya Financial. They discuss their in-the-trenches incident response management stories and how they overcame all of the above and navigated toward their organizations’ privacy goals.
Data and data privacy regulations are everywhere. Consider this: by 2023, 65% of the world’s population will be covered by some type of modern data privacy regulation, Sher-Jan relayed the latest statistic from Gartner. How can a privacy team keep pace with numbers like these? The answer: intelligent incident response automation.
In the webinar, Sher-Jan outlined perceived barriers for leveraging incident response automation:
- Automation can’t match or replace human expertise
- Skepticism about ensuring regulatory currency
- Fear that automation diminishes the role of privacy and legal
- Risk of harm assessment is too hard to automate
Top 8 Barriers to Leveraging Incident Response Automation
There is no question that across industries, executives, decision makers, and staff members in Privacy, Compliance, Legal, and Security face challenges perennially — especially given the rapid evolution of privacy laws. “I can’t think of another area of the law, where legislation has changed at such a rapid pace. It’s the volume and the pace of legislation coming out constantly,” stated Reid.
Here are the top eight barriers that organizations face when it comes to leveraging incident response automation:
- Too overwhelmed with tasks to implement automation
- Previous automation initiatives left incomplete/failed
- Comfort with status quo
- Lack of experience with technology evaluation and procurement
- Linking change management to executive priorities and leadership to drive change
- Lack of instrumentation of existing process
- Inability to quantify and articulate ROI
- Diffused ownership of the incident response process and budget
Ensuring Regulatory Currency
Can automation augment and be helpful to privacy professionals? Yes! Martin and Reid discuss the role of automation, the importance of blending, and ensuring the “regulatory currency,” in Martin’s words.
“It’s not until you have automation in place, and you’re using it that you realize it enhances your role, it doesn’t replace you. It gives you more of a voice and the data that you need to share with senior executives and leaders to push forward,” outlined Martin.
A poll of the webinar attendees indicated that 62% are using manual incident management processes.
Reid and Martin shared their experiences with overcoming barriers to embrace automation. “I think there’s so much going on in the regulatory environment right now…that I can’t imagine not having some type of automation in place just to assist,” advocated Martin.
Added Reid, “Although the barriers are very real, so too are the challenges of running an effective privacy program. And those challenges…have really grown exponentially over time.” She reinforced the importance of identifying an organization’s biggest risks and sorting them by level of importance:
- What are our biggest legal, regulatory and business risks within the privacy function?
- What are our biggest challenges? Resources, expertise, etc.
- Where can we either dramatically reduce risk or where can we become more efficient in the operation of our privacy program?
Beyond Spreadsheets and Lightbulb Moments
Everyone has a spreadsheet story. There is no doubt that spreadsheets are very helpful in keeping people organized. But when it comes to incident management and incident response, efficiency, consistency, and risk mitigation are critical in addressing the regulatory complexities and help privacy professionals make the best decision, efficiently.
Reid explained how she started incident management with a spreadsheet and outlined her concerns around breach determination. She outlined these important questions to ask:
- What about documentation?
- What about regulators?
- How do you show that your incident response process is consistent, repeatable, and has been tested and verified?
For Reid, that was the trigger to go to leadership, to help with a legal regulatory perspective and an efficiency perspective. She described Radar as “an organizational support tool that makes you more efficient at what you do.”
From Discovery to Notification, Radar Guides You Through the Privacy Incident Response Process. Click here to learn how Radar works >>
Martin also shared her lightbulb moment, “We need automation and we need help…How do we bring it to fruition? Are there barriers in the way? Absolutely.” Initiatives to change require time to plan; and she advocated making the time. Martin walked through the steps to encourage change:
- Look at your budget
- Evaluate the timing; look at the needs and timelines of your internal teams
- Connect with the right people
- Understand the process
- Evaluate the tool
- Evaluate onboarding
- Start planning
- Have your ducks in a row
Contact RadarFirst to learn how you can help your organization overcome barriers to change and realize the value of intelligent automation. After all, at the end of the day, when it comes to incident response we are all looking for risk mitigation, efficiencies, and consistency. And as fast as privacy laws are evolving, isn’t it time to evolve your privacy efforts?