RADAR Blog

Technology to Simplify Incident Response Management: Webinar Recap

Last week I had the opportunity to discuss challenges in incident response with Julia Jacobson, Partner in the K&L Gates Boston offices, during a webinar hosted by the International Association of Privacy Professionals (IAPP). Julia’s practice focuses primarily on privacy and data protection with multinational clients based in the US, and this experience brought a valuable perspective to this discussion, as outside counsel and as an expert in her field.

Read more

Is Your Security Incident a Data Breach? Uncle Sam & Regulators Want to Know

This article by Mahmood Sher-Jan was originally published in the Compliance & Ethics Blog. Click here to read the full article.


As any privacy or compliance professional knows, sensitive customer information is constantly at risk for exposure. Cyber attacks, ransomware, spear phishing, malware, system and process failures, employee mistakes, lost or stolen devices—the list of threats goes on. Your organization’s data will be—or already has been—compromised.

Read more

3 Common Misconceptions In Incident Response

This article by Mahmood Sher-Jan was originally published in the ISACA Cybersecurity News Site, The Nexus. Click here to read the full article.

I was recently reminded of the following sentiment by a colleague of mine in the office: “It is better to be prepared 1 year too early than 1 day too late.”

Read more

Common Misconceptions in Incident Response

I was recently reminded of the following sentiment by a colleague of mine in the office: “it’s better to be prepared one year too early, than one day too late.”

Read more

Privacy and Security Together: A Risk-Based Approach to Incident Response Management

Threats to the privacy and security of sensitive data are unavoidable.

Read more

Privacy and the Internet of Things: Everything Around You is Collecting Your Private Data

The Internet of Things, as its name suggests, is a big category.

Read more

OCR Audit Program Targets Business Associates: Are You Ready?

It’s time for covered entities and their business associates to get their respective houses in order. During phase 2 of the HIPAA Audit program, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will be paying attention to the relationships between HIPAA covered entities and their business associates (BAs).

Read more

Incident Risk Assessment: Your Key to Compliance

Every good relationship is built on trust. But in a world of external threats like cyber attacks and internal problems like employee negligence, trust has gone the way of dial-up Internet.

Read more

The REAL Cost of Failing the OCR Audits

It took a while, but phase 2 of the the HIPAA Audit Program, conducted by the Health and Human Services’ Office for Civil Rights (OCR), is here. Healthcare related organizations from the smallest business associate to the largest covered entity are eligible for this phase of audits—no one is immune.

Read more

What Is Your Incident Readiness IQ?

They say that nothing in life is certain but death and taxes. In the business world, there is another certainty: privacy and security incidents involving sensitive customer data. Verizon’s 2016 Data Breach Investigations Report covers more than 64,000 incidents, and in BakerHostetler's 2016 Data Security Incident Response Report, the law firm points out that incidents affect all industries.

Read more

Trends in Data Breach Notification Law: Content, Format, Font Size, and More

Today we continue our weekly blog series focused on 2016 trends in data breach notification law. Click below to catch up on previous installments:

Read more

Trends in Data Breach Notification Law: Timely Notifications

Today we’re continuing our series of data breach notification law trends. If you missed the first part of the series, check out our discussion of the biggest trend in 2016, as well as our post focused on the expanding scope of personal information.

Read more

Everyday Events, Inevitable Incidents, and Data Breach Disasters

The Four Categories of Data Occurrences

In today’s threat-filled world, sensitive customer information is constantly at risk for exposure. Cyber attacks, ransomware, spear phishing, malware, system & process failure, employee negligence, lost or stolen devicesthe list of dangers goes on.

Read more

Trends in Data Breach Notification Law: Getting Personal (Information)

At any given time, the RADAR regulatory team is busy monitoring, tracking, and preparing for proposed and pending changes to data breach notification law.

As a RADAR product manager specializing in regulatory content, I have a front row view of the work that goes into ensuring RADAR is kept up-to-date with the latest advances in data breach notification law. As part of that work, the regulatory team has identified a number of trends that we expect to continue through 2016. Last week we covered an overarching trend towards increased stringency and specificity.

This week, we will dive a bit deeper into one aspect of this increased stringency as it relates to personal information and incident assessment.

Read more

Navigating the Breach Regulatory Maze: Proper Incident Risk Assessment and Response

This article originally published on ISACA Now, April 2016. Click here to read the article on ISACA Now. 

Read more