RADAR Blog

Regulatory Watchlist: Recent Changes to State Data Breach Notification Regulations

A number of state data breach bills have recently gone into effect, or are poised to go into effect in the next two months. Continuing our series of articles around trends in state data breach notification laws, let’s take a look at this legislation and see what trends we can identify.

Read more

TrustArc, RADAR join forces to help with GDPR compliance and beyond

This abridged news article was originally published by the IAPP in their Privacy Tech publication. Click here to read the full story by Ryan Chiavetta, CIPP/US.

Read more

TrustArc and RADAR, Inc. Partner to Power Comprehensive Privacy Solutions to Manage Global Compliance Requirements

Partnership provides businesses with access to innovative privacy tech solutions to operationalize compliance with data privacy and breach notification regulations, including the EU General Data Protection Regulation (GDPR)

Read more

Benchmarking incident response: The state (or states) of privacy incidents

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

Read more

Takeaways from the 22nd Annual HCCA Compliance Institute: Complexity and Change in Federal and State Compliance Efforts

Last week saw a great migration of healthcare compliance, privacy, and risk officers to sunny Las Vegas for the annual HCCA Compliance Institute. Wandering the halls of the event, you were likely to overhear people on their phones between sessions, urgently relaying what they’d just learned to their teams back home. This need to quickly disseminate information learned at the conference speaks to the quality of the conference content and the value of the speakers at the event.

Read more

State Attorneys General Flex Muscles in Response to Proposed Federal Data Breach Notification Standard

In recent years, we have seen growing influence of state attorneys general in the realm of consumer data protections. State laws are increasingly requiring AGs be notified in the event of a breach, and state AGs are taking action for noncompliance, filing lawsuits for failure to notify within the required timeframe and reaching hefty monetary settlements for paper based data breaches.  

Read more

Benchmarking Data and Healthcare Challenges: Compliance with State and HIPAA Breach Notification Rules

Privacy or security incidents involving protected health information (PHI) and personally identifiable information (PII) are more than just probable in healthcare settings–they are inevitabile. And this makes sense, as heavily regulated industries like healthcare rely on highly personal and sensitive data to provide care, and the abundance of such data presents higher risk of unauthorized disclosures – unintentional or malicious. The frequency and types of risks to an organization’s data are growing wider, as well, from a ransomware attack or a breach in your Electronic Health Record (EHR), to a simple misdirected mailing or improper disposal of paper records.

Read more

The Human Side of Privacy: 2018 IAPP Global Privacy Summit Recap

For those tasked with the daily, detailed work of ensuring their organizations’ compliance with data breach notification regulations–particularly in light of the complexity of preparing for new regulations to go into effect, namely GDPR–it could be easy to forget the person in personal data. Speakers from this year’s IAPP Global Privacy Summit reminded us of just how reductive that vantage point can be, touching on the very human element that lies behind every privacy incident.

Read more

Looking good on paper: benchmarking data reveals importance of paper incidents across industries

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

Read more

RADAR, Inc. Simplifies Compliance with the EU GDPR Breach Notification Requirements

Data controllers and processors benefit from RADAR’s automated risk quantification and notification guidance under the GDPR, the capability to take into account the scope and sensitivity of personal data within each organization, and the ability to ensure and simplify compliance with both regulatory and contractual notification obligations.

Read more

Benchmarking incidents involving regulated data as the GDPR looms

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

Read more

Regulatory Watch List: Breach Notification Timelines in Proposed State Legislation

Working with privacy and compliance professionals, one of the challenges we often hear about is how difficult it can be to keep up with ever-changing breach notification regulations. Think of it this way: in the US alone there are 48 separate state breach notification laws (along with Washington, D.C. and three territories), each with their own unique definitions, breach notification triggers, and compliance requirements.

Read more

Data Privacy Day: What is the State of Privacy in 2018?

Last weekend on January 28 we observed Data Privacy Day, an internationally recognized day intended to raise awareness and promote privacy and data protection practices. First celebrated in the United States and Canada ten years ago, the day commemorates the Jan. 28, 1981 signing of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the first international treaty dealing with privacy and data protection.

Read more

OCR Enforcement Trends From 2017, and Areas of Concern for HIPAA Compliance

About this time last year, we predicted 2017 would see continued vigilance from the Department of Health and Human Services’ Office for Civil Rights (OCR) in regulating and issuing enforcement actions for HIPAA violations. The results are in, and there was sustained momentum from OCR in the last year, including 196 separate breach cases listed for 2017 on the OCR’s so-called “Wall of Shame” breach portal and notable financial settlements for HIPAA violations – in total, OCR received $19,393,000. A full listing of these enforcement settlements from 2017 can be found here.

OCR Enforcement Trends

Read more

Was 2017 the year of the breach? Lessons from benchmarking stats for a new year.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, Inc., a provider of purpose-built decision support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here.

Read more