RADAR Blog

Last week we held our annual RADAR User Summit. This event brings together a group of innovative, forward-thinking privacy professionals for three days of interactive workshops, best practice sharing, and general community building. 

Those of us in the Northern Hemisphere are well into our summer routines at this point - backyard barbeques, longer days, and warmer (or much too warm!) weather is being enjoyed by all. That’s the ideal, at least. Just as they say there’s no rest for the wicked, there is also no rest for those charged with protecting our personal data (PHI, PII, and beyond) data. It’s a 24/7 job, and it’s not going away anytime soon.

CISOs face pressure on all sides. From their tenuous position in the company org chart, they’re tasked with managing external and internal risk to their company’s sensitive data. And when a privacy or security incident does strike, often they’re the ones who take the blame. 

Legal practitioners know firsthand the challenges in remaining compliant with data breach notification laws. Beyond the high-profile phishing, formjacking, and ransomware attacks, the everyday incident – a lost laptop, a misdirected letter – typically makes up the bulk of a privacy professional’s caseload. That’s not to say the work itself is routine or everyday. Consider:

If you’re in the States, you may have spent a long holiday weekend celebrating the 4th of July with neighborhood BBQs and summer night skies lit up with fireworks. Rolling into the office Monday morning after a holiday weekend can be a hustle – catching up on what you’ve missed, getting back into the work mindset, and reading through a pile of emails in your inbox. 

They say no news is bad news, and what you don’t know can’t hurt you. These and other maxims are fine if you’re an ostrich with its head in the sand. For privacy-minded healthcare organizations, a better truism applies: Knowledge is power—especially when it comes to privacy incidents involving sensitive patient and member information.

Ever since GDPR went into effect a little over a year ago, more and more countries (and U.S. states) have raced to adopt or change their own privacy laws. It’s a fast-paced world out there and changes to privacy regulations are coming quick — recently a colleague updated their map of U.S. breach notification laws, only to have it outdated two days later due to a change in the Texas privacy law. 

It’s never a dull week in the world of incident response. Data breaches continue to impact consumers from Oregon to Delaware. Data breach laws continue to evolve - we’ve recently seen nine states pass new and expanded data breach notification laws. And the list of industries at risk of a data breach continues to grow, according to a recent report that found news industry websites to be a new target for nefarious actors. 

It’s been a busy week, as always, for privacy professionals around the globe. Below are a few topics the RADAR team is following in the news and discussing around the watercooler.

In my line of work, I’m afforded the opportunity to talk to privacy professionals on a daily basis. What always strikes me when I consider the daily life of a privacy pro is the challenges inherent in the work. Assessing, mitigating, and providing notification for data breaches is a large and often stressful part of the job. Beyond that critical work, however, is a long laundry list of complex, routine, and equally important privacy tasks.

The California Consumer Privacy Act (CCPA) is a first in U.S. state law, having captured the attention of privacy professionals across the country. Similar to the GDPR in many regards, this regulation will require organizations to reexamine the ways data is collected, used, and protected.

This week marks a milestone in the accelerated growth of RADAR as we open the doors to our new and expansive headquarters in downtown Portland, Oregon. This office move - though only a few blocks down the road from our former office - is a signifier of the growth our organization has gone through over the last few years, which kicked into hyper growth since becoming a part of the Vista Equity Partners’ portfolio. From the initial spark of an idea in 2009 that would develop into RADAR and ultimately becoming an independent well funded company in 2016, to the investment from Vista Equity Partners in November 2018, the product and company have seen tremendous advancements. Our commitment to innovation and our mission to establish the industry standard for a unified, global incident response management platform means that we aren’t slowing down any time soon.

Another month over, and privacy concerns continue to find their way into the headlines. Privacy as a fundamental right, and data protection as a concept, have entered public awareness for good, and we see that reflected in the major news coverage of our profession, well beyond industry publications. The public is gaining a more sophisticated understanding of privacy protection measures, and getting savvy about identifying the organizations that can - or cannot - be entrusted with their data.

For the past year, the privacy and security world has kept a laser-like focus on the European Union’s General Data Protection Regulation (GDPR). And what a year it’s been. More than 59,000 personal data breaches were reported across Europe from the enforcement date of GDPR on May 25, 2018, to International Data Protection Day on January 28, 2019.

My work with RADAR has afforded me the opportunity to attend a number of privacy events in the past few years. Just this week I had the pleasure of attending the American Bankers Association RIsk Management Conference in Austin. This event, which covered a wide range of risk concerns for banking professionals, surfaced many conversations about breach notification requirements and the challenges facing privacy professionals.