RadarFirst Blog

Overwhelmed by CCPA Compliance? 4 Best Practices to Keep You On Track

The buzz around the California Consumer Privacy Act (CCPA) is a lot, well, buzzier these days, and for good reason. The January 1, 2020, effective date is little more than a month away, and security and privacy teams want guidance on CCPA compliance requirements. Rather than spend your valuable time reviewing just what those requirements are—which most of us are all too familiar with by now—it might be helpful to look at best practices for overall compliance. After all, the CCPA isn’t the only regulatory challenge organizations face. 

Read more

Healthcare Privacy Concerns: Balancing Patient Care and Compliance

Last week during the regional Health Care Compliance Association (HCCA) conference in Nashville, I was lucky enough to host a gathering of executives from privacy and compliance for a private executive dinner with Adam Greene, an influential thought leader in privacy and partner with Davis Wright Tremaine. Adam moderated a robust discussion that explored HIPAA and OCR enforcement trends, the growing divide between state consumer protection laws and Federal regulations, and speculation on what the future holds for healthcare companies in an increasingly fractured consumer protection landscape.

Read more

The Pitfalls of Over-reporting Under the GDPR

After much fanfare, the EU's General Data Protection Regulation (GDPR) went into effect in May of 2018. In May 2019, the European Data Protection Board (EDPB) issued its 1-year assessment of the GDPR. In the first year, over 89,000 data breaches had been logged by EEA Supervisory Authorities. 

Read more

On Our Radar: November 1, 2019

How is it already November? Halloween is behind us, and thank goodness for that! Privacy professionals have more than enough to scare and trick us in our professional lives already–did you read my colleague Dorothy’s recent post about the rise in heart attacks following a ransomware data breach

Read more

Evaluate Your Privacy Incident Response Program: Introducing New Quarterly Benchmarking Metrics

If you’ve ever participated in an organized sport, you’re likely well aware of the importance of context when it comes to evaluating your performance as a player. Say, for example, I play soccer every weekend (which I do). Let’s imagine I’m arguably the best defender on my team - or even across all the recreational players involved (it’s fun to pretend). I might start feeling pretty good about myself, and how I perform on the pitch. Now imagine I’m suddenly pulled into an MLS game, playing against professionals in the field. I might be a good player on a limited bench - on weekends, playing against other amateur enthusiasts, but in a larger scale I cannot rank or make the cut.

Read more

Built to Win: 5 Steps of a Proactive Incident Response Plan that Works

Privacy and security incidents involving sensitive personal data are as individual as fingerprints. An incident involving misplaced paper records is vastly different from a large-scale cyber-attack affecting millions of people. Yet the organization with the paper incident and the organization with the cyber-attack are both subject to a complex web of global data breach notification laws—which could include GPDR, a mixture of U.S. federal / state regulations, and even unique demands under CCPA .

Read more

To Manage Enterprise Privacy Risks, CISOs Have to Measure It

Chinese philosopher Sun Tzu once said, “Know thy enemy.” When it comes to managing risk, CISOs must know what threatens the privacy and security of their organization’s sensitive data. That means having the ability to identify and measure all the risks lurking throughout the enterprise—no easy feat.

Read more

On Our Radar: September 6, 2019

Around the RADAR offices, we talk a lot about the work of privacy professionals and how we can continue to bring greater value to our customers. Part of these discussions include quantifying the cost of poor incident response, and the risk presented to organizations when a data breach is mishandled. 

Read more

On Our Radar: August 29, 2019

For many of us, the new school year marks the end of summer. Back to routines and brand new notebooks and pencils. For privacy professionals, the end of summer is still business as usual since privacy incidents and data breaches don’t take a summer vacation. The work of safeguarding privacy is never really complete.

Read more

USAA Receives the Inaugural Kevin Padrick Privacy Excellence Award at RADAR User Summit

If you’re a privacy professional, Portland in August is the place to be. Earlier this month, our team had the pleasure of hosting privacy and legal professionals from domestic and global companies obligated to consumer data protection obligations at our 2nd annual RADAR User Summit.

Read more

On Our Radar: August 16, 2019

Last week we held our annual RADAR User Summit. This event brings together a group of innovative, forward-thinking privacy professionals for three days of interactive workshops, best practice sharing, and general community building. 

Read more

On Our Radar: July 25, 2019

Those of us in the Northern Hemisphere are well into our summer routines at this point - backyard barbeques, longer days, and warmer (or much too warm!) weather is being enjoyed by all. That’s the ideal, at least. Just as they say there’s no rest for the wicked, there is also no rest for those charged with protecting our personal data (PHI, PII, and beyond) data. It’s a 24/7 job, and it’s not going away anytime soon.

Read more

To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators

CISOs face pressure on all sides. From their tenuous position in the company org chart, they’re tasked with managing external and internal risk to their company’s sensitive data. And when a privacy or security incident does strike, often they’re the ones who take the blame

Read more

On Our Radar: July 19, 2019

Legal practitioners know firsthand the challenges in remaining compliant with data breach notification laws. Beyond the high-profile phishing, formjacking, and ransomware attacks, the everyday incident – a lost laptop, a misdirected letter – typically makes up the bulk of a privacy professional’s caseload. That’s not to say the work itself is routine or everyday. Consider:

Read more

On Our Radar: July 12, 2019

If you’re in the States, you may have spent a long holiday weekend celebrating the 4th of July with neighborhood BBQs and summer night skies lit up with fireworks. Rolling into the office Monday morning after a holiday weekend can be a hustle – catching up on what you’ve missed, getting back into the work mindset, and reading through a pile of emails in your inbox. 

Read more