We’ve seen growing regulatory obligations, with the enactment of the EU General Data Protection Regulation (GDPR), ever-changing and increasingly stringent U.S. state data breach regulations, and Canada’s soon-to-be-in-effect data breach notification amendment to the Personal Information Protection and Electronic Documents Act (PIPEDA). Coping with regulatory changes was one of the largest challenges for compliance practitioners as reported in the 2018 Thomson Reuters Cost of Compliance report.
With the rise in regulatory burdens comes a corresponding rise in volume of privacy incidents – and a growing need for privacy professionals. Just last month, Siddharth Deshpande, research director at Gartner, cited the growth in the security services market to be driven by a “persisting skills shortages and regulatory changes like the EU GDPR.”
When it comes to organizations evaluating their options for growing a privacy program with a strong culture of compliance, these are very real challenges. The regulatory burdens are growing in stringency, there is a race to train and hire privacy professionals from a limited talent pool, and the work of privacy is getting more complex and greater in volume with each passing year as new hacking threats and the ever-present danger of human error persist.
Technology to bring efficiency to incident response
Before you start breathing into a paper bag, know that there is some silver lining.
Research indicates that spending on information security and privacy technologies is expected to grow to meet the demands of efficient scaling. Gartner forecasted in a recent survey that global spending on information security products and services will reach over $124B in 2019, driven in part by privacy demands. The 2018 Gartner Hype Cycle for Privacy report listed the data breach response category as having a high benefit rating, with relevant technologies “enabling new ways of performing horizontal or vertical processes that will result in significantly increased revenue or cost savings for an enterprise.” The 2017 IAPP-EY Annual Governance Report also noted that technology is an increasingly popular tool for privacy management, with 55% of respondents planning to make technology investments. The Privacy Tech Vendor Report from IAPP outlined the ways that organizations are increasingly turning to technology to demonstrate compliance and efficiently manage and operationalize privacy.
Technology-aided automation in incident response eliminates subjectivity, and brings consistency and efficiency to improve data security and decision-making. Now, more than ever, technology is able to bring innovation to privacy programs and help privacy and legal professionals manage mounting regulatory complexities – and at scale.
Fortune 20 company achieves consistency and enterprise-level scalability: a case study
Speaking to the challenges of incident response, a Fortune 20 company with a strong culture of privacy was experiencing the kinds of challenges detailed above – growth in the business, growth in the privacy program needs, and significant increases in the volume of privacy incidents and the burden on the privacy team to efficiently and consistently perform incident risk assessments and make notification decisions.
The company was facing significant risks associated with potential missed notification deadlines, the possibility of over or under reporting, and the opportunity cost of not being able to focus the privacy team’s time on more critical and strategic tasks.
“RADAR is an excellent value–it performs incredibly high volumes of privacy incident assessments consistently, quickly, and accurately. As a result, we’ve saved hundreds of hours of expensive legal time and have an efficient platform for future growth.”
– VP enterprise privacy technology at a Fortune 20 company
Ultimately, the company knew they needed to act fast in order to keep up with the tremendous growth and high volumes of incidents. They chose to partner with RADAR to bring efficiency and consistency to their incident response process and to be able to scale their privacy program as a complex regulatory landscape drove an increase in incidents.