RADAR Blog

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management brought to you by RADAR. Find earlier installments of this series here.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here. 

Once an incident has been discovered, the clock starts ticking. Privacy officers and their teams must immediately investigate the incident, perform a multi-factor risk assessment according to all applicable jurisdictions to determine if the incident rises to the level of a data breach, and notify affected individuals, regulators, and authorities — often within a very short time frame. It can be a daunting task, compounded by the need to keep up with an ever-changing patchwork of data breach regulations, both enacted and proposed, each with their own unique requirements. 

We live in a world of measurements, from batting averages to number of steps walked to miles per gallon. Measuring our performance against certain standards or that of others—in other words, benchmarking—gives us a line in the sand from which we determine how and where to improve. This is especially important in the world of privacy, where it can be hard to gauge the effectiveness of programs and initiatives. And without the numbers to back you up, getting sufficient organizational priority and budget for your privacy program is difficult.  

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, Inc., a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by Radar Inc., a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here.

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, Inc., a provider of purpose-built decision support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here.

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident-response management. Find earlier installments of this series here. 

Measuring the efficacy of your privacy program is one way to ensure you have a baseline for improvement, as well as a means to test and prove that your continuous efforts to improve security and privacy at your organization are having their intended impacts. Establishing benchmarking metrics is also important to lend continuity to a process that can sometimes resemble a fire drill. In the midst of an unauthorized disclosure of protected, private data, your team will be moving fast and engaged in a flurry of activity in order to properly document and risk assess an incident to determine regulatory and contractual notification obligations, if any, in order to meet notification deadlines and prove compliance.

This article by Mahmood Sher-Jan is the third in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

This article by Mahmood Sher-Jan is the second in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.