The IAPP-RADAR Incident Response Center: Staying Current with Changing Data Breach Laws
When I first conceived the RADAR solution, I was motivated by firsthand observations of operational challenges and risks faced by privacy professionals and teams.
For instance, how do you stay current with changing data breach laws? This is a very real challenge to privacy officers and privacy counsel dealing with incident response. What can be a tedious and time consuming task is also a critical one – your knowledge base and understanding of the rules, regulatory obligations, and complexities are critical in implementing the necessary policies and operational tools your organization needs for a strong culture of compliance. For this reason, your understanding of the laws should always be up to date, and you should have easy access to current information.
Prior to developing RADAR, there weren’t any systems or tools designed specifically to help manage this process, but I knew that technology, using analytics and purpose-built software, could eliminate the inconsistency and inefficiencies that were inherent with the existing manual and partially automated approaches. Purpose-built technology is able to help privacy teams:
- Streamline incident intake
- Perform consistent and compliant multifactor incident risk assessment
- Create, print, and document the timely distribution of breach notification letters
- Perform trend analysis to improve controls and create reports
- Stay current with changing breach laws
Using the example above, how do we at RADAR keep up with complex and ever-changing data breach notification laws to ensure our decision-support platform is always current? My answer: through relentless innovation and purpose-built technology.
New partnered tool: a single source you can rely on for the most up-to-date breach notification law summaries
In partnership with the IAPP, the world’s largest association of privacy professionals, and officially launched during this week’s IAPP Global Privay Summit, we are proud to announce the IAPP-RADAR Incident Response Center, a new tool that leverages technology to help you stay current with complex and changing data breach laws.
Free for IAPP members, this tool provides an efficient and streamlined way to access current and always up to date overviews of notification laws. The tool includes germaine details of breach notification requirements for each jurisdiction, including exceptions, penalties, and other factors associated with incident assessment, and allows organizations to:
- Access up-to-date overviews of breach notification laws for the U.S. Federal and States, Canada, Europe, (including GDPR), Asia, and Latin America
- Stay informed of specific US federal and state incident risk assessment and reporting requirements for data breaches
- Keep up with requirements to achieve regulatory compliance, and the penalties for non-compliance
We built this tool to share with IAPP members because this is a core part of the work continuously done at RADAR. Keeping up with data breach laws is a critical part of ensuring the RADAR Breach Guidance Engine™ and our purpose-built workflows are always current, and can provide up to date decision-support and guidance. RADAR detects the jurisdictional nuances inherent in data breach laws because these laws are codified into the software’s multi-factor risk assessment, providing an automated and consistent method to incident response management.
Understanding the law is a first step in the right direction
In the journey toward regulatory compliance, understanding the laws that impact your breach notification obligations is a good base on which to build. Navigating the complexities of compliance includes:
- Timely and efficient incident intake – how are incidents being reported, capturing the pertinent details so you can build a full incident profile
- Performing a multifactor incident risk assessment that is consistent, compliant, allows for collaboration, and provides decision support
- Providing timely and compliant breach notification, both in who, how, and when you must notify, as well as keeping thorough records of all notifications to prove compliance
- Analyzing trends, measuring the success of your incident response program, and making system improvements based on the data
Technology brings a systematic approach to this journey
RADAR provides support for the entire incident response lifecycle.
How you escalate, investigate, document, and build profiles of your incident can be put into a concise and repeatable framework – at RADAR, we use webforms and APIs to streamline the incident intake process. Consistent incident risk assessment via the patented RADAR Breach Guidance Engine™ ensures that, while each incident may be different, the way you manage and risk assess each incident can be based on a compliant, repeatable, and defensible multi-factor methodology. Notification timelines, letter formats and content requirements are easily managed through integrated technologies like our Notification Letters Module. And high-level analytics and reporting through intelligent dashboards allow you to quickly identify trends and outliers in your privacy program.
The IAPP-RADAR Incident Response Center is one of the ways technology allows privacy professionals to embark on the path to operationalize incident response management, and we are so thrilled to share this valuable tool with IAPP members.
- Trends in Data Breach Notification Law
- 5 Sessions We’re Excited About at IAPP Privacy. Security. Risk.
- Recently Passed State Breach Notification Laws