RADAR Blog

Questions to Ask when Considering SaaS vs On-Premise Solutions for Privacy Incident Response

In my career, I’ve led development teams creating both software as a service (SaaS) and installable on-premise solutions, so I am familiar with debates about the realities and myths of SaaS vs. on-premise. Whenever this debate resurfaces, I address the concerns raised as I would any operational initiative: by asking questions and challenging assumptions.

Read more

From Incident to Discovery to Breach Notification: Average Time Frames

This article by Mahmood Sher-Jan is the fourth in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program. Find earlier installments of this series here.

Measuring the efficacy of your privacy program is one way to ensure you have a baseline for improvement, as well as a means to test and prove that your continuous efforts to improve security and privacy at your organization are having their intended impacts. Establishing benchmarking metrics is also important to lend continuity to a process that can sometimes resemble a fire drill. In the midst of an unauthorized disclosure of protected, private data, your team will be moving fast and engaged in a flurry of activity in order to properly document and risk assess an incident to determine regulatory and contractual notification obligations, if any, in order to meet notification deadlines and prove compliance.

Read more

Can't-Miss Sessions at IAPP Privacy. Security. Risk. 2017

Privacy and security teams are often painted as adversaries in compliance. While it's true that privacy, security, and risk professionals often come from different backgrounds and interests, they are united in their shared pursuit of compliance and events like the IAPP Privacy. Security. Risk. 2017 illustrate the way these fields are converging. 

Read more

Alliance of Global Privacy Solutions Providers: Bringing Technology and Innovative Solutions to GDPR Compliance

Privacy professionals across the globe all have the same date circled in their day planners in May of 2018. The EU General Data Protection Regulation (GDPR) enforcement deadline is fast approaching, and the risk of noncompliance are very real: failure to meet the 72 hour notification timeline could result in fines up to €20M or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. Many questions about complying with the GDPR yet remain, including how to best approach the regulation, interpret the law, then plan, implement and manage a strong compliance program.

Read more

Lesson from the Equifax Breach: Readiness is Priceless

If anyone ever doubted the importance of data security incident response, the Equifax breach should put those doubts to rest. On top of the widespread concern about a breach affecting 143 million consumer records, there are all the hard questions about why it took Equifax more than six weeks to make the breach public. Since the announcement, the Senate Finance Committee, the Justice Department, the Federal Trade Commission, the Securities and Exchange Commission, and multiple state attorneys general have launched investigations into the breach; over 50 class action suits have been filed; three executives, including CEO Richard Smith, have been retired; the stock value has dropped over 30%; and many experts predict the breach will result in new regulatory reporting standards for the financial industry.

Read more

Workflows and Checklists Can’t Match Automation in Privacy Incident Response

Performing a multi-factor risk assessment to determine whether an incident involving PII and/or PHI requires notification to regulatory bodies isn’t just a good practice for privacy programs–it’s a requirement for documenting and demonstrating compliance with data breach laws. Due to the misconception that any incident involving sensitive, regulated data is automatically a notifiable breach, it is critical that every incident undergo a compliant multi-factor risk assessment to establish your burden of proof – particularly when deciding not to notify because you were able to properly mitigate the risk as permitted by law.

Read more

Upcoming Webinar: GDPR and Incident Response

The clock is ticking - the deadline to comply with the General Data Protection Regulation (GDPR) is now less than a year away, and having an incident response plan in place and ready to implement should be a primary item on your preparation checklist. With notification timelines of 72 hours, and fines that could reach 4% of global annual revenue, the risk of noncompliance is significant.

Read more

Surprising stats on third-party vendor risk and breach likelihood

This article by Mahmood Sher-Jan is the third in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Celebrating Our First Year as RADAR, Inc.

Around the office we operate under a concept we call “RADAR Time.” It’s a phenomenon marked by how quickly time seems to pass because we as a team are driven to produce so much in an accelerated timeframe to help ease a significant pain point for our customers. Our reward is the appreciation and love we get in return.   

Read more

Portland Business Journal: Data Breached? This Portland Company is Here to Help

This article by Skip Newberry, President of the Technology Association of Oregon, was originally published in the Portland Business Journal. 

Read more

Arkansas Enacts State Insurance Department General Omnibus Bill (SB 247)

Surprising some with its quick journey from filing to enrollment then approval by the governor – less than 30 days – a new State Insurance Department General Omnibus Bill goes into effect in Arkansas on August 1, 2017.

Read more

IAPP Matchup: The Philippines' Data Privacy Act and the General Data Protection Regulation

This article By Alex Wall, CIPP/E, CIPP/US, CIPM, was originally published in the IAPP Privacy Tracker.

Read more

Davis Wright Tremaine LLP and RADAR, Inc. Form Strategic Alliance to Use Software Innovation for Efficient Analysis and Delivery of Incident Response Services

PORTLAND, Ore., — June 28, 2017 – To address the rise of security and privacy incidents and associated organizational risks, penalties, and legal costs, the international  law firm of Davis Wright Tremaine and SaaS solution provider RADAR, Inc. have formed a strategic alliance. Using and recommending RADAR’s purpose-built incident response software to clients will allow Davis Wright Tremaine to significantly reduce the cost of routine legal services while providing high-value strategic data breach response services.  

Read more

Data protection is a team sport: Benchmark data tells the story

This article by Mahmood Sher-Jan is the second in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Growing Threat of Tax Fraud Leads Virginia to Amend Breach Notification Requirements

Effective July 1, 2017, the state of Virginia will require employers and payroll service providers to notify the attorney general without unreasonable delay if certain employee payroll data is compromised. Specifically, notification is required after an employer or payroll service provider discovers or is notified of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a taxpayer identification number in combination with the income tax withheld for that taxpayer if the incident:

Read more