RadarFirst Blog

For the past year, the privacy and security world has kept a laser-like focus on the European Union’s General Data Protection Regulation (GDPR). And what a year it’s been. More than 59,000 personal data breaches were reported across Europe from the enforcement date of GDPR on May 25, 2018, to International Data Protection Day on January 28, 2019.

Preparing for the GDPR was a herculean effort for many. Now here we are, one year later, and the tide of GDPR fervor has ebbed, but not significantly receded – after all, achieving compliance is a marathon, not a sprint!

I’ve heard data breaches referred to as “make or break moments” in the career of a privacy professional. To be sure, no one is a huge fan of a possible data breach coming across their desk, signalling the start of an investigation and risk assessment process in which time is of the essence. It could be an event that brings attention from regulators, requires notifications to affected individuals, and could even invite unwanted media attention.

When you work in product management, you are chiefly concerned with advancing the development of a software solution. If you think about that term - software solution - you’ll notice that one concept is at the core of that: solution. At the end of the day, my work at RADAR revolves around helping privacy professionals articulate problems and work with my team to find solutions.

This week the 2019 Verizon Data Breach Investigations Report (DBIR) was released, an annual report, this year in its 12th iteration. The report is based on an analysis of 41,686 security incidents, including 2,013 confirmed data breaches, spanning 86 countries. This sobering quote is perhaps the best summary of this year’s findings: No organization is too large or too small to fall victim to a data breach. No industry vertical is immune to attack. Regardless of the type or amount of your organization’s data, there is someone out there who is trying to steal it.  Here are a few other highlights:  

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

One of the biggest annual events in privacy, the IAPP Global Privacy Summit, is currently taking place in Washington D.C. If you’re in attendance, come find me at the RADAR booth (#107!) for conversations on all things privacy, incident response, and data breach regulations.

RADAR’s comprehensive research platform helps organizations efficiently monitor and manage complex and changing global data breach notification regulations; debuts at the IAPP Global Privacy Summit.

When you work in privacy, it seems like you’re seeing privacy incidents and data breaches everywhere. Turning to the headlines of today’s popular media outlets, you then realize it’s not just your imagination. Organizations are reporting major data breaches regularly, regulators are issuing newsworthy and costly fines, and as a result privacy concerns are very much in the public eye.

A little over a year ago, an amendment to Australia’s Privacy Act 1988 established mandatory data breach notification obligations. Called the Notifiable Data Breaches scheme (NDB), these new requirements meant that organizations subject to the Act would now be required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) of a data breach if the breach was likely to result in serious harm to individuals.

Last week I hit the road, finding myself in discussions around the state of privacy in a couple of contexts. At the Annual HCCA Compliance Institute in Boston, I found myself deep in discussions with privacy professionals who are in the thick of sorting through regulatory complexities and bear the weight of their organization’s pursuit of privacy excellence. In another setting, I was able to sit down with students at the University of Maine School of Law to tackle the very practical approaches to privacy, taking what is discussed in the classroom and discussing tangible ways privacy best practices can be operationalized in the field.

Reports of data breaches fill today’s news feeds with alarming frequency. Given the inevitability of breaches—including high-profile ones—state attorneys general are taking a more active role in helping consumers deal with the repercussions of a data breach, investigate data security lapses, and enforce data breach notification laws.

My work with RADAR has afforded me the opportunity to attend a number of privacy events in the past few years. Just this week I had the pleasure of attending the American Bankers Association RIsk Management Conference in Austin. This event, which covered a wide range of risk concerns for banking professionals, surfaced many conversations about breach notification requirements and the challenges facing privacy professionals.

In my role at RADAR, I have the distinct pleasure of working directly with our customers, learning about the challenges they face and the success they find in building a strong culture of compliance within their organizations.

Privacy and security incidents that expose sensitive customer data happen all the time, and when they do, you have to act quickly and strategically. The right technology for managing your incident response process is crucial to protecting your customers and your organization against breach risks.