RADAR Blog

PIPEDA’s New Mandatory Breach Notification and Recordkeeping Requirements: How Do They Compare with the GDPR and U.S. Regulations?

The landscape of global data breach laws has been marked by continuous change in recent years. One of the most significant this year was the coming into force of the EU General Data Protection Regulation (GDPR). Described by ICO Commissioner Elizabeth Denham as “the biggest change to data protection law in a generation,” the GDPR has certainly made an impact.

Read more

Scaling the Privacy Program: Technology Eases Change Management for Fortune 20 Company

The last year in the realm of privacy has been one of tremendous growth.

Read more

Three Topics We’re Following at the 2018 IAPP Privacy. Security. Risk. event in Austin

Next week, 1,600+ privacy professionals are heading to Austin for the annual IAPP Privacy. Security. Risk. conference. The educational opportunity and discussions happening at this conference every year surfaces new ideas, best practices, and top challenges for the privacy profession. 

Read more

Regulatory Watchlist: Recent Changes to State Data Breach Notification Regulations

A number of state data breach bills have recently gone into effect, or are poised to go into effect in the next two months. Continuing our series of articles around trends in state data breach notification laws, let’s take a look at this legislation and see what trends we can identify.

Read more

Benchmarking Data and Healthcare Challenges: Compliance with State and HIPAA Breach Notification Rules

Privacy or security incidents involving protected health information (PHI) and personally identifiable information (PII) are more than just probable in healthcare settings–they are inevitabile. And this makes sense, as heavily regulated industries like healthcare rely on highly personal and sensitive data to provide care, and the abundance of such data presents higher risk of unauthorized disclosures – unintentional or malicious. The frequency and types of risks to an organization’s data are growing wider, as well, from a ransomware attack or a breach in your Electronic Health Record (EHR), to a simple misdirected mailing or improper disposal of paper records.

Read more

Data Privacy Day: What is the State of Privacy in 2018?

Last weekend on January 28 we observed Data Privacy Day, an internationally recognized day intended to raise awareness and promote privacy and data protection practices. First celebrated in the United States and Canada ten years ago, the day commemorates the Jan. 28, 1981 signing of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the first international treaty dealing with privacy and data protection.

Read more

Increasing Privacy Technology Investments and Other Takeaways from the 2017 IAPP-EY Annual Governance Report

Last month during the annual Privacy.Security.Risk. event, the IAPP released the results of the 2017 IAPP-EY Annual Governance Report. We always look forward to this report, now in its third year, having now compiled survey responses provided by nearly 600 privacy professionals across the globe. The findings have been consistent with what we’re hearing from customers and industry partners, who are making frantic efforts to prepare to comply with the rigors of GDPR and its risk based framework.

Read more

Actionable insights: Privacy incident volume over time

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident-response management. Find earlier installments of this series here. 

Read more

Can't-Miss Sessions at IAPP Privacy. Security. Risk. 2017

Privacy and security teams are often painted as adversaries in compliance. While it's true that privacy, security, and risk professionals often come from different backgrounds and interests, they are united in their shared pursuit of compliance and events like the IAPP Privacy. Security. Risk. 2017 illustrate the way these fields are converging. 

Read more

Workflows and Checklists Can’t Match Automation in Privacy Incident Response

Performing a multi-factor risk assessment to determine whether an incident involving PII and/or PHI requires notification to regulatory bodies isn’t just a good practice for privacy programs–it’s a requirement for documenting and demonstrating compliance with data breach laws. Due to the misconception that any incident involving sensitive, regulated data is automatically a notifiable breach, it is critical that every incident undergo a compliant multi-factor risk assessment to establish your burden of proof – particularly when deciding not to notify because you were able to properly mitigate the risk as permitted by law.

Read more

Automating the Incident Risk Assessment and Response Process

Explore the ecosystem of technologies available to privacy professionals,  including innovative technology that streamlines and accelerates incident response. Click here to get the full text in PDF format.

Read more

Multi-Factor Authentication: Best Practice in Network Security and Privacy

Last month, Target reached a breach settlement of $18.5 Million in fines for the 2013 security breach that exposed the data of millions of customers across 47 states and the District of Columbia. In addition to this fine, the settlement additionally requires Target adopt a “comprehensive information security program” and includes implementing network security best practices of encrypting payment card information, separating cardholder data from the rest of the computer network – and implementing policies regarding multi-factor authentication.

Read more

Operationalizing Incident Response with Technology

“No two incidents are alike” – how often have we heard this refrain from privacy and legal professionals? While it’s true that the details of every incident are unique, the risk factors associated with incidents are not unique. Consequently this saying has created a misconception that incident risk assessment cannot be automated.

Read more

Five Tips for Incident Response Readiness

This article by Alex Wall was originally published on the Compliance & Ethics Blog. Click here to view the original version of this article.

Read more

The IAPP-RADAR Incident Response Center: Staying Current with Changing Data Breach Laws

When I first conceived the RADAR solution, I was motivated by firsthand observations of operational challenges and risks faced by privacy professionals and teams.

Read more