RadarFirst Blog

Mitigating the WannaCry Attack: Shoring up Security Measures and Assessing Ransomware Attacks Under HIPAA

A string of ransomware attacks revealed today in the United Kingdom have quickly spread to global scale, impacting dozens of countries around the world and disrupting systems critical to hospitals, telecommunications, and corporations in the process.

Read more

Privacy Initiatives In Your Own Backyard: Encouraging State-Level Work to Protect Private Information

As the date for compliance with the EU’s General Data Protection Regulation looms, many privacy and compliance professionals turn their eye towards international regulations. A recent meeting with a Portland, Oregon cybersecurity advocacy group reminded me that, with the increasingly complex and ever-changing nature of state data breach laws, it’s also important to keep a trained eye on privacy legislation in your own backyard.

Read more

Privacy Laws Are A Changin’: Three Data Breach Developments to Watch

This article by Alex Wall was originally published on the Compliance & Ethics Blog. Click here to view the original version of this article.

Read more

RADAR Named Inaugural Preferred Provider with Global Law Firm K&L Gates

This week we announced a strategic partnership with global law firm K&L Gates, with RADAR as the inaugural solution in the launch of the firm’s preferred provider program. With RADAR as a preferred provider, K&L Gates offers its clients enhanced-value services relating to the risk, detection, defense, and management of security incidents, including compliance with data breach laws.

Read more

The IAPP-RADAR Incident Response Center: Staying Current with Changing Data Breach Laws

When I first conceived the RADAR solution, I was motivated by firsthand observations of operational challenges and risks faced by privacy professionals and teams.

Read more

New York Department of Financial Services Cybersecurity Regulation Adds Breach Notification Obligation for Financial Institutions

Effective March 1, 2017, 23 NYCRR 500, a new cybersecurity regulation from the New York Department of Financial Services (NYDFS), added a cybersecurity event notification obligation that could be triggered by a breach under the state’s general breach notification statute.

Read more

Three Data Breach Developments to Watch: Increasingly Complex State and Federal Privacy Laws

In a recent webinar I had an opportunity to discuss some of the emerging developments I’ve seen in privacy laws at the state and federal level. The topics covered in the webinar – increasing stringency in state laws, varying penalties for noncompliance across state jurisdictions, and recent federal penalties and what they could mean for future enforcements – can be angst-inducing.

Read more

The Complicated Web of Noncompliance Penalties Across State Data Breach Notification Laws

No two state data breach notification laws are alike - and this can create a complicated landscape for privacy teams working to assess privacy incidents and remain compliant across multiple jurisdictions. Think about it: as of this article's publication date, 47 states, the District of Columbia, and three territories each have their own unique triggers, definitions, and requirements when it comes to assessing a privacy incident, determining if the incident is a data breach requiring notification, and then providing notification in a specified format to regulators and impacted individuals–and all within an increasingly specific time frame.

Read more

Landmark OCR Enforcement Action for Lack of a Timely Breach Notification

What Does it Mean for Privacy and Security Professionals?

Last week, the Office for Civil Rights (OCR) announced the first ever enforcement settlement for lack of a timely breach notification – a fine of $475,000 for Presence Health, a large healthcare network serving Illinois. In the course of investigating the breach, OCR determined that Presence Health had “failed to notify, without unreasonable delay and within 60 days of discovering the breach, each of the 836 individuals affected by the breach, prominent media outlets (as required for breaches affecting more than 500 individuals), and OCR.”

Read more

Changes in Breach Notification Law: Illinois Personal Information Protection Act

Effective January 1, 2017, Illinois House Bill 1260 significantly broadened the scope of the state’s Personal Information Protection Act. Included in the bill are key provisions that follow trends we identified in 2015 and 2016 as states continue to enact increasingly stringent and complex data breach notification legislation including amendments that significantly expand the scope of personal information. Illinois HB 1260:

Read more

Changes in Data Breach Notification Law - California Encryption Exceptions

Earlier this year, California Governor Jerry Brown signed into law AB 2828, an amendment to the state’s data breach notification law. This amendment, which takes effect January 1, 2017, changes the circumstances under which an entity must disclose a breach to affected individuals.  

Read more

Five Tips for Incident Response Readiness, from the IAPP 2016 Practical Privacy Series

Last week I attended the IAPP Practical Privacy Series in Washington, DC. This series features intensive educational sessions designed to arm those in the privacy field with the up-to-the-minute knowledge needed to excel on the job. My fellow attendees were privacy officers and others who were well versed in privacy issues – many interesting conversations were started in the hallways between sessions and during meals.

Read more

Trends in State Data Breach Notification Laws and Looking ahead to 2017

Earlier this year we identified five trends in state data breach notification laws, based on legislative activity in 2015 and 2016.

Read more

Preparing for the GDPR: Start Now, Plan to Invest

In May of 2018, Europe’s General Data Protection Regulation (“GDPR”) will take effect throughout the European Union. While this advance date may seem far off now, the work ahead of companies dealing in international data exchange is substantial, and the clock is already ticking.

Read more

Common Misconceptions in Incident Response

I was recently reminded of the following sentiment by a colleague of mine in the office: “it’s better to be prepared one year too early, than one day too late.”

Read more