This article by Mahmood Sher-Jan was originally published in the Compliance & Ethics Blog. Click here to read the full article.

As any privacy or compliance professional knows, sensitive customer information is constantly at risk for exposure. Cyber attacks, ransomware, spear phishing, malware, system and process failures, employee mistakes, lost or stolen devices—the list of threats goes on. Your organization’s data will be—or already has been—compromised.

The inevitability of incidents and data breaches is further compounded by the difficulty of compliance with complex and changing data breach laws. Privacy and compliance teams are often reacting to incidents without the incident response framework and tools required to operationalize and implement an effective incident response management program and success metrics.

When establishing an effective privacy and incident management program, there are three crucial strands that must be woven into the culture and fabric of the program:

  1. An incident response framework built on up-to-date understanding of increasing regulatory complexity
  2. Technology to ensure consistency in incident risk assessment and breach determination
  3. Ongoing analysis of incident data to establish program metrics and give insights that allow you to improve your program

Click here to continue reading.


Mahmood Sher-JanInterested in exploring this topic further and learning more about RADAR? Join Mahmood and panel of experts during the upcoming 2017 Compliance Institute on March 26, from 1:30 PM – 4:30 PM EST.

Is your Security Incident a Data Breach? Uncle Sam Wants to Know” includes the following panelists:

  • Patricia (PC) Shea, Partner, K&L Gates
  • Laura Merten, Chief Privacy Officer, Advocate Health Care
  • Asra Ali, Compliance and Risk Manager, HealthScape Advisors

Related reading: