RADAR Blog

Workflows and Checklists Can’t Match Automation in Privacy Incident Response

Performing a multi-factor risk assessment to determine whether an incident involving PII and/or PHI requires notification to regulatory bodies isn’t just a good practice for privacy programs–it’s a requirement for documenting and demonstrating compliance with data breach laws. Due to the misconception that any incident involving sensitive, regulated data is automatically a notifiable breach, it is critical that every incident undergo a compliant multi-factor risk assessment to establish your burden of proof – particularly when deciding not to notify because you were able to properly mitigate the risk as permitted by law.

Read more

Upcoming Webinar: GDPR and Incident Response

The clock is ticking - the deadline to comply with the General Data Protection Regulation (GDPR) is now less than a year away, and having an incident response plan in place and ready to implement should be a primary item on your preparation checklist. With notification timelines of 72 hours, and fines that could reach 4% of global annual revenue, the risk of noncompliance is significant.

Read more

Surprising stats on third-party vendor risk and breach likelihood

This article by Mahmood Sher-Jan is the third in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Celebrating Our First Year as RADAR, Inc.

Around the office we operate under a concept we call “RADAR Time.” It’s a phenomenon marked by how quickly time seems to pass because we as a team are driven to produce so much in an accelerated timeframe to help ease a significant pain point for our customers. Our reward is the appreciation and love we get in return.   

Read more

Portland Business Journal: Data Breached? This Portland Company is Here to Help

This article by Skip Newberry, President of the Technology Association of Oregon, was originally published in the Portland Business Journal. 

Read more

Arkansas Enacts State Insurance Department General Omnibus Bill (SB 247)

Surprising some with its quick journey from filing to enrollment then approval by the governor – less than 30 days – a new State Insurance Department General Omnibus Bill goes into effect in Arkansas on August 1, 2017.

Read more

IAPP Matchup: The Philippines' Data Privacy Act and the General Data Protection Regulation

This article By Alex Wall, CIPP/E, CIPP/US, CIPM, was originally published in the IAPP Privacy Tracker.

Read more

Davis Wright Tremaine LLP and RADAR, Inc. Form Strategic Alliance to Use Software Innovation for Efficient Analysis and Delivery of Incident Response Services

PORTLAND, Ore., — June 28, 2017 – To address the rise of security and privacy incidents and associated organizational risks, penalties, and legal costs, the international  law firm of Davis Wright Tremaine and SaaS solution provider RADAR, Inc. have formed a strategic alliance. Using and recommending RADAR’s purpose-built incident response software to clients will allow Davis Wright Tremaine to significantly reduce the cost of routine legal services while providing high-value strategic data breach response services.  

Read more

Data protection is a team sport: Benchmark data tells the story

This article by Mahmood Sher-Jan is the second in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Growing Threat of Tax Fraud Leads Virginia to Amend Breach Notification Requirements

Effective July 1, 2017, the state of Virginia will require employers and payroll service providers to notify the attorney general without unreasonable delay if certain employee payroll data is compromised. Specifically, notification is required after an employer or payroll service provider discovers or is notified of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a taxpayer identification number in combination with the income tax withheld for that taxpayer if the incident:

Read more

Automating the Incident Risk Assessment and Response Process

Explore the ecosystem of technologies available to privacy professionals,  including innovative technology that streamlines and accelerates incident response. Click here to get the full text in PDF format.

Read more

Multi-Factor Authentication: Best Practice in Network Security and Privacy

Last month, Target reached a breach settlement of $18.5 Million in fines for the 2013 security breach that exposed the data of millions of customers across 47 states and the District of Columbia. In addition to this fine, the settlement additionally requires Target adopt a “comprehensive information security program” and includes implementing network security best practices of encrypting payment card information, separating cardholder data from the rest of the computer network – and implementing policies regarding multi-factor authentication.

Read more

GDPR Matchup: The APEC Privacy Framework and Cross-Border Privacy Rules

This article By Alex Wall, CIPP/E, CIPP/US was originally published in the IAPP Privacy Tracker.

Read more

Introducing New Mexico’s Data Breach Notification Act

With the signing of HB 15 on April 6, 2017, New Mexico became the 48th state and 52nd US jurisdiction to enact a data breach notification law, leaving only Alabama and South Dakota to go.  The Data Breach Notification Act, which goes into effect June 16, 2017, is similar to many long-standing state breach notification laws, but it also incorporates several recent trends in breach notification amendments identified by the RADAR team.

Read more

Beyond Data Breach: Why Every Incident Matters

This article by Alex Wall is the first in a series published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more