RadarFirst Blog

Are organizations meeting their notification obligations when timelines are specified?

This article is part of an ongoing series on privacy program metrics and benchmarking for incident response management, brought to you by RADAR, a provider of purpose-built decision-support software designed to guide users through a consistent, defensible process for incident management and risk assessment. Find earlier installments of this series here. 

Once an incident has been discovered, the clock starts ticking. Privacy officers and their teams must immediately investigate the incident, perform a multi-factor risk assessment according to all applicable jurisdictions to determine if the incident rises to the level of a data breach, and notify affected individuals, regulators, and authorities — often within a very short time frame. It can be a daunting task, compounded by the need to keep up with an ever-changing patchwork of data breach regulations, both enacted and proposed, each with their own unique requirements. 

Read more

Hitting a Moving Target: The Challenge of Ever-Changing Breach Notification Laws

The only constant in life is change, and few things in the world of privacy and data protection are evolving as much as breach notification laws. These regulations are more stringent, specific, and numerous than ever before. The constant shifting of breach notification laws makes compliance not a one-and-done activity, but requires constant vigilance to keep abreast of changes.

Read more

Finding the "Hidden Picture": The Challenge of Incident Detection and Escalation

Constant threats to sensitive data lurk in every corner of your organization, from hard-to-detect malware to busy employees. Thus, you can bet with 100% certainty that your organization has had, is having, or will have a data privacy incident—numerous incidents in fact. Each incident must be risk assessed against the latest breach notification laws to determine if you have a notifiable breach on your hands.

Read more

Breach Notification Regulatory Trends from 2018

2018 was all about change, especially in the breach notification realm. The tightening of existing regulations and the addition of new ones have created a seismic shift toward greater complexity and stringency. Compliance has never been more critical—and never more difficult.

Read more

Tackling the Top 4 Challenges of Managing Incident Response

Wherever data goes, risk follows close behind, particularly the risk of unauthorized access and disclosure—in other words, a data privacy or security incident. Whether they realize it or not, every organization regardless of size or industry has experienced and will experience their share of privacy incidents.

Read more

Busting 3 Dangerous Myths about SaaS Solutions

When evaluating different solutions for incident response management, many factors come into play. Understandably, budget tops the list, closely followed by security, functionality, ease of use, and more. Underlying many of these concerns is the delivery method—should you choose software-as-a-service (SaaS) or an on-premise solution?

Read more

PIPEDA’s New Mandatory Breach Notification and Recordkeeping Requirements: How Do They Compare with the GDPR and U.S. Regulations?

The landscape of global data breach laws has been marked by continuous change in recent years. One of the most significant this year was the coming into force of the EU General Data Protection Regulation (GDPR). Described by ICO Commissioner Elizabeth Denham as “the biggest change to data protection law in a generation,” the GDPR has certainly made an impact.

Read more

Scaling the Privacy Program: Technology Eases Change Management for Fortune 20 Company

The last year in the realm of privacy has been one of tremendous growth.

Read more

Three Topics We’re Following at the 2018 IAPP Privacy. Security. Risk. event in Austin

Next week, 1,600+ privacy professionals are heading to Austin for the annual IAPP Privacy. Security. Risk. conference. The educational opportunity and discussions happening at this conference every year surfaces new ideas, best practices, and top challenges for the privacy profession. 

Read more

Regulatory Watchlist: Recent Changes to State Data Breach Notification Regulations

A number of state data breach bills have recently gone into effect, or are poised to go into effect in the next two months. Continuing our series of articles around trends in state data breach notification laws, let’s take a look at this legislation and see what trends we can identify.

Read more

Benchmarking Data and Healthcare Challenges: Compliance with State and HIPAA Breach Notification Rules

Privacy or security incidents involving protected health information (PHI) and personally identifiable information (PII) are more than just probable in healthcare settings–they are inevitabile. And this makes sense, as heavily regulated industries like healthcare rely on highly personal and sensitive data to provide care, and the abundance of such data presents higher risk of unauthorized disclosures – unintentional or malicious. The frequency and types of risks to an organization’s data are growing wider, as well, from a ransomware attack or a breach in your Electronic Health Record (EHR), to a simple misdirected mailing or improper disposal of paper records.

Read more

Data Privacy Day: What is the State of Privacy in 2018?

Last weekend on January 28 we observed Data Privacy Day, an internationally recognized day intended to raise awareness and promote privacy and data protection practices. First celebrated in the United States and Canada ten years ago, the day commemorates the Jan. 28, 1981 signing of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the first international treaty dealing with privacy and data protection.

Read more

Increasing Privacy Technology Investments and Other Takeaways from the 2017 IAPP-EY Annual Governance Report

Last month during the annual Privacy.Security.Risk. event, the IAPP released the results of the 2017 IAPP-EY Annual Governance Report. We always look forward to this report, now in its third year, having now compiled survey responses provided by nearly 600 privacy professionals across the globe. The findings have been consistent with what we’re hearing from customers and industry partners, who are making frantic efforts to prepare to comply with the rigors of GDPR and its risk based framework.

Read more

Actionable insights: Privacy incident volume over time

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident-response management. Find earlier installments of this series here. 

Read more

Can't-Miss Sessions at IAPP Privacy. Security. Risk. 2017

Privacy and security teams are often painted as adversaries in compliance. While it's true that privacy, security, and risk professionals often come from different backgrounds and interests, they are united in their shared pursuit of compliance and events like the IAPP Privacy. Security. Risk. 2017 illustrate the way these fields are converging. 

Read more