How is it already November? Halloween is behind us, and thank goodness for that! Privacy professionals have more than enough to scare and trick us in our professional lives already–did you read my colleague Dorothy’s recent post about the rise in heart attacks following a ransomware data breach

So let’s focus instead on the last two months of 2019–which are in fact the last few months of the 2010 decade! What are some positive activities we can do as privacy professionals to create a proactive approach to incident response and establish best practices to protect the data our customers, patients, and employees entrust to us? 

Here are a few ideas I came across this week: 

When it comes to protecting your organization against cyber attacks, phishing, ransomware, and denial-of-service attacks are top of mind for security folks. This article from Indiana University in honor of Cybersecurity Awareness Month details some great exercises the university does to prevent these attacks and train their team, including a cybersecurity-themed escape room experience, and a Think Before You Click marketing campaign aimed at preventing phishing attacks. 

As you plan to kick off your 2020, here are some stats that can help inform your planning and reinforce your budget requests: the RadarFirst team has just released new quarterly benchmarking metrics to help privacy professionals evaluate where their  incident response program stacks up against industry peers. Using industry benchmarking data to prove the value of your program and inform data-driven investment decisions? Sounds like a proactive plan to me. 

It’s hard to think ahead to 2020 without thinking of the Jan 1 2020 effective date for the CCPA. As amendments are passed, enforcement procedures remain unclear – and privacy pros are left aiming to hit a moving regulatory target. In the meantime, here’s a rundown of some common questions when it comes to your breach notification obligations under the CCPA

Next week is Corporate Compliance and Ethics Week, which aims to raise awareness of compliance and ethics within organizations, recognition of training opportunities, and reinforce leaders in establishing a strong culture of compliance.  

Speaking of next week, if you happen to be in the New York City area, my colleagues will be in town to attend two privacy events: PrivSec and the IAPP CCPA Comprehensive. Give them a shout if you’d like to talk incident response, data breach preparedness, or dive into the particulars of HIPAA, CCPA, GDPR, and any other regulatory acronym!