RADAR Blog

Lesson from the Equifax Breach: Readiness is Priceless

If anyone ever doubted the importance of data security incident response, the Equifax breach should put those doubts to rest. On top of the widespread concern about a breach affecting 143 million consumer records, there are all the hard questions about why it took Equifax more than six weeks to make the breach public. Since the announcement, the Senate Finance Committee, the Justice Department, the Federal Trade Commission, the Securities and Exchange Commission, and multiple state attorneys general have launched investigations into the breach; over 50 class action suits have been filed; three executives, including CEO Richard Smith, have been retired; the stock value has dropped over 30%; and many experts predict the breach will result in new regulatory reporting standards for the financial industry.

Read more

Workflows and Checklists Can’t Match Automation in Privacy Incident Response

Performing a multi-factor risk assessment to determine whether an incident involving PII and/or PHI requires notification to regulatory bodies isn’t just a good practice for privacy programs–it’s a requirement for documenting and demonstrating compliance with data breach laws. Due to the misconception that any incident involving sensitive, regulated data is automatically a notifiable breach, it is critical that every incident undergo a compliant multi-factor risk assessment to establish your burden of proof – particularly when deciding not to notify because you were able to properly mitigate the risk as permitted by law.

Read more

Surprising stats on third-party vendor risk and breach likelihood

This article by Mahmood Sher-Jan is the third in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Arkansas Enacts State Insurance Department General Omnibus Bill (SB 247)

Surprising some with its quick journey from filing to enrollment then approval by the governor – less than 30 days – a new State Insurance Department General Omnibus Bill goes into effect in Arkansas on August 1, 2017.

Read more

Data protection is a team sport: Benchmark data tells the story

This article by Mahmood Sher-Jan is the second in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Growing Threat of Tax Fraud Leads Virginia to Amend Breach Notification Requirements

Effective July 1, 2017, the state of Virginia will require employers and payroll service providers to notify the attorney general without unreasonable delay if certain employee payroll data is compromised. Specifically, notification is required after an employer or payroll service provider discovers or is notified of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a taxpayer identification number in combination with the income tax withheld for that taxpayer if the incident:

Read more

GDPR Matchup: The APEC Privacy Framework and Cross-Border Privacy Rules

This article By Alex Wall, CIPP/E, CIPP/US was originally published in the IAPP Privacy Tracker.

Read more

Introducing New Mexico’s Data Breach Notification Act

With the signing of HB 15 on April 6, 2017, New Mexico became the 48th state and 52nd US jurisdiction to enact a data breach notification law, leaving only Alabama and South Dakota to go.  The Data Breach Notification Act, which goes into effect June 16, 2017, is similar to many long-standing state breach notification laws, but it also incorporates several recent trends in breach notification amendments identified by the RADAR team.

Read more

Beyond Data Breach: Why Every Incident Matters

This article by Alex Wall is the first in a series published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Mitigating the WannaCry Attack: Shoring up Security Measures and Assessing Ransomware Attacks Under HIPAA

A string of ransomware attacks revealed today in the United Kingdom have quickly spread to global scale, impacting dozens of countries around the world and disrupting systems critical to hospitals, telecommunications, and corporations in the process.

Read more

Privacy Initiatives In Your Own Backyard: Encouraging State-Level Work to Protect Private Information

As the date for compliance with the EU’s General Data Protection Regulation looms, many privacy and compliance professionals turn their eye towards international regulations. A recent meeting with a Portland, Oregon cybersecurity advocacy group reminded me that, with the increasingly complex and ever-changing nature of state data breach laws, it’s also important to keep a trained eye on privacy legislation in your own backyard.

Read more

Privacy Laws Are A Changin’: Three Data Breach Developments to Watch

This article by Alex Wall was originally published on the Compliance & Ethics Blog. Click here to view the original version of this article.

Read more

RADAR Named Inaugural Preferred Provider with Global Law Firm K&L Gates

This week we announced a strategic partnership with global law firm K&L Gates, with RADAR as the inaugural solution in the launch of the firm’s preferred provider program. With RADAR as a preferred provider, K&L Gates offers its clients enhanced-value services relating to the risk, detection, defense, and management of security incidents, including compliance with data breach laws.

Read more

The IAPP-RADAR Incident Response Center: Staying Current with Changing Data Breach Laws

When I first conceived the RADAR solution, I was motivated by firsthand observations of operational challenges and risks faced by privacy professionals and teams.

Read more

New York Department of Financial Services Cybersecurity Regulation Adds Breach Notification Obligation for Financial Institutions

Effective March 1, 2017, 23 NYCRR 500, a new cybersecurity regulation from the New York Department of Financial Services (NYDFS), added a cybersecurity event notification obligation that could be triggered by a breach under the state’s general breach notification statute.

Read more