RadarFirst Blog

Workflows and Checklists Can’t Match Automation in Privacy Incident Response

Performing a multi-factor risk assessment to determine whether an incident involving PII and/or PHI requires notification to regulatory bodies isn’t just a good practice for privacy programs–it’s a requirement for documenting and demonstrating compliance with data breach laws. Due to the misconception that any incident involving sensitive, regulated data is automatically a notifiable breach, it is critical that every incident undergo a compliant multi-factor risk assessment to establish your burden of proof – particularly when deciding not to notify because you were able to properly mitigate the risk as permitted by law.

Read more

Automating the Incident Risk Assessment and Response Process

Explore the ecosystem of technologies available to privacy professionals,  including innovative technology that streamlines and accelerates incident response. Click here to get the full text in PDF format.

Read more

Multi-Factor Authentication: Best Practice in Network Security and Privacy

Last month, Target reached a breach settlement of $18.5 Million in fines for the 2013 security breach that exposed the data of millions of customers across 47 states and the District of Columbia. In addition to this fine, the settlement additionally requires Target adopt a “comprehensive information security program” and includes implementing network security best practices of encrypting payment card information, separating cardholder data from the rest of the computer network – and implementing policies regarding multi-factor authentication.

Read more

Operationalizing Incident Response with Technology

“No two incidents are alike” – how often have we heard this refrain from privacy and legal professionals? While it’s true that the details of every incident are unique, the risk factors associated with incidents are not unique. Consequently this saying has created a misconception that incident risk assessment cannot be automated.

Read more

Five Tips for Incident Response Readiness

This article by Alex Wall was originally published on the Compliance & Ethics Blog. Click here to view the original version of this article.

Read more

The IAPP-RADAR Incident Response Center: Staying Current with Changing Data Breach Laws

When I first conceived the RADAR solution, I was motivated by firsthand observations of operational challenges and risks faced by privacy professionals and teams.

Read more

Technology to Simplify Incident Response Management: Webinar Recap

Last week I had the opportunity to discuss challenges in incident response with Julia Jacobson, Partner in the K&L Gates Boston offices, during a webinar hosted by the International Association of Privacy Professionals (IAPP). Julia’s practice focuses primarily on privacy and data protection with multinational clients based in the US, and this experience brought a valuable perspective to this discussion, as outside counsel and as an expert in her field.

Read more

Is Your Security Incident a Data Breach? Uncle Sam & Regulators Want to Know

This article by Mahmood Sher-Jan was originally published in the Compliance & Ethics Blog. Click here to read the full article.


As any privacy or compliance professional knows, sensitive customer information is constantly at risk for exposure. Cyber attacks, ransomware, spear phishing, malware, system and process failures, employee mistakes, lost or stolen devices—the list of threats goes on. Your organization’s data will be—or already has been—compromised.

Read more

3 Common Misconceptions In Incident Response

This article by Mahmood Sher-Jan was originally published in the ISACA Cybersecurity News Site, The Nexus. Click here to read the full article.

I was recently reminded of the following sentiment by a colleague of mine in the office: “It is better to be prepared 1 year too early than 1 day too late.”

Read more

Common Misconceptions in Incident Response

I was recently reminded of the following sentiment by a colleague of mine in the office: “it’s better to be prepared one year too early, than one day too late.”

Read more

Privacy and Security Together: A Risk-Based Approach to Incident Response Management

Threats to the privacy and security of sensitive data are unavoidable.

Read more

Privacy and the Internet of Things: Everything Around You is Collecting Your Private Data

The Internet of Things, as its name suggests, is a big category.

Read more

OCR Audit Program Targets Business Associates: Are You Ready?

It’s time for covered entities and their business associates to get their respective houses in order. During phase 2 of the HIPAA Audit program, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will be paying attention to the relationships between HIPAA covered entities and their business associates (BAs).

Read more

Incident Risk Assessment: Your Key to Compliance

Every good relationship is built on trust. But in a world of external threats like cyber attacks and internal problems like employee negligence, trust has gone the way of dial-up Internet.

Read more

The REAL Cost of Failing the OCR Audits

It took a while, but phase 2 of the the HIPAA Audit Program, conducted by the Health and Human Services’ Office for Civil Rights (OCR), is here. Healthcare related organizations from the smallest business associate to the largest covered entity are eligible for this phase of audits—no one is immune.

Read more