What Does it Mean for Privacy and Security Professionals? Last week, the Office for Civil Rights (OCR) announced the first ever enforcement settlement for lack of a timely breach notification – a fine of $475,000 for Presence Health, a large healthcare network serving Illinois. In the course of investigating the breach, OCR determined that Presence […]
Read moreRadarFirst Blog
Trends and Lessons from the Biggest Data Breaches of 2016
2016 has been called the “Year of the Data Breach,” earning that title by surpassing previous years in both the number of breaches reported and in the number of records compromised. Yahoo’s announcement in September that 500 million user accounts had been compromised, followed up by the announcement in December that an additional 1 billion […]
Read moreChanges in Breach Notification Law: Illinois Personal Information Protection Act
Effective January 1, 2017, Illinois House Bill 1260 significantly broadened the scope of the state’s Personal Information Protection Act. Included in the bill are key provisions that follow trends we identified in 2015 and 2016 as states continue to enact increasingly stringent and complex data breach notification legislation including amendments that significantly expand the scope […]
Read moreChanges in Data Breach Notification Law – California Encryption Exceptions
Earlier this year, California Governor Jerry Brown signed into law AB 2828, an amendment to the state’s data breach notification law. This amendment, which takes effect January 1, 2017, changes the circumstances under which an entity must disclose a breach to affected individuals.
Read morePrivacy Statistics & Figures: Quantifying Incident Response at the ISACA Pittsburgh Information Security Conference
I recently had the opportunity to travel to Pittsburgh for the 2016 ISACA Pittsburgh Information Security Awareness Day Conference. This conference is part of a regional series hosted by the local ISACA Pittsburgh chapter.
Read moreFive Tips for Incident Response Readiness, from the IAPP 2016 Practical Privacy Series
Last week I attended the IAPP Practical Privacy Series in Washington, DC. This series features intensive educational sessions designed to arm those in the privacy field with the up-to-the-minute knowledge needed to excel on the job. My fellow attendees were privacy officers and others who were well versed in privacy issues – many interesting conversations […]
Read moreTrends in State Data Breach Notification Laws and Looking ahead to 2017
Earlier this year we identified five trends in state data breach notification laws, based on legislative activity in 2015 and 2016.
Read morePreparing for the GDPR: Start Now, Plan to Invest
In May of 2018, Europe’s General Data Protection Regulation (“GDPR”) will take effect throughout the European Union. While this advance date may seem far off now, the work ahead of companies dealing in international data exchange is substantial, and the clock is already ticking.
Read moreCommon Misconceptions in Incident Response
I was recently reminded of the following sentiment by a colleague of mine in the office: “it’s better to be prepared one year too early, than one day too late.”
Read moreIoT, Infosec Trends, and International Privacy Law
Notes from the Privacy + Security Forum in DC This year I was able to attend the Privacy and Security Forum for the first time. Organized by Daniel Solove and his TeachPrivacy organization, this informative event showcased the deep knowledge of the privacy, security, legal, and compliance speakers and attendees. Everyone at the forum exhibited […]
Read more