RadarFirst Blog

This series written for The IAPP Privacy Advisor by the team at RadarFirst is about establishing program metrics and benchmarking your privacy incident management program. 

If you’ve ever participated in an organized sport, you’re likely well aware of the importance of context when it comes to evaluating your performance as a player. Say, for example, I play soccer every weekend (which I do). Let’s imagine I’m arguably the best defender on my team - or even across all the recreational players involved (it’s fun to pretend). I might start feeling pretty good about myself, and how I perform on the pitch. Now imagine I’m suddenly pulled into an MLS game, playing against professionals in the field. I might be a good player on a limited bench - on weekends, playing against other amateur enthusiasts, but in a larger scale I cannot rank or make the cut.

Around the office the last few months, we’ve taken to referencing a famous quote by Arthur Nielsen:  “the price of light is less than the cost of darkness.”

If you’ve been in the privacy world for any amount of time, you recognize there has been a marked increase in the speed at which our world operates. New threats to our data are introduced every day. With the expanding scope of what constitutes protected and sensitive data, the number of privacy cases we must manage at any given time is increasing.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR. Read the original article on the IAPP Privacy Advisor.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management brought to you by RADAR. Find earlier installments of this series here.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here. 

Once an incident has been discovered, the clock starts ticking. Privacy officers and their teams must immediately investigate the incident, perform a multi-factor risk assessment according to all applicable jurisdictions to determine if the incident rises to the level of a data breach, and notify affected individuals, regulators, and authorities — often within a very short time frame. It can be a daunting task, compounded by the need to keep up with an ever-changing patchwork of data breach regulations, both enacted and proposed, each with their own unique requirements. 

We live in a world of measurements, from batting averages to number of steps walked to miles per gallon. Measuring our performance against certain standards or that of others—in other words, benchmarking—gives us a line in the sand from which we determine how and where to improve. This is especially important in the world of privacy, where it can be hard to gauge the effectiveness of programs and initiatives. And without the numbers to back you up, getting sufficient organizational priority and budget for your privacy program is difficult.  

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, Inc., a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here.

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by Radar Inc., a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here.

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here.