RADAR Blog

The Sooner the Better: Increasing Specificity in Notification Timelines

Today’s world is built for speed. Want a ride? Get an Uber or Lyft at your door in 10 minutes. Want your food faster? Use Grubhub and order ahead. Have a data breach requiring notification? Work quickly, because you may only have 72 hours to provide notification to individuals and regulatory authorities, depending on the jurisdiction.

Read more

A Regulatory Trend to Watch: The Expanding Scope of Personal Information

In 2018, less than 10 percent of data privacy or security incidents were breaches requiring notification. Yet it wouldn’t be surprising if that percentage starts to increase. One of the key factors in breach determination is the nature of the personal information exposed. Last year, we saw a significant expansion in the definition of personal information across multiple laws.

Read more

Breach Notification Regulatory Trends from 2018

2018 was all about change, especially in the breach notification realm. The tightening of existing regulations and the addition of new ones have created a seismic shift toward greater complexity and stringency. Compliance has never been more critical—and never more difficult.

Read more

Busting 3 Dangerous Myths about SaaS Solutions

When evaluating different solutions for incident response management, many factors come into play. Understandably, budget tops the list, closely followed by security, functionality, ease of use, and more. Underlying many of these concerns is the delivery method—should you choose software-as-a-service (SaaS) or an on-premise solution?

Read more

Too Much or Too Little? The Risks of Under- or Over-reporting Incidents

Data privacy and security incidents occur all the time; the 2018 Verizon Data Breach Investigations Report covers a mind-boggling 53,000-plus incidents. Incidents come in all shapes and sizes—electronic, paper, even verbal or visual. They can be as simple as an improperly mailed billing statement or as complex as a highly coordinated cyber-attack on millions of consumers’ financial records. Every single one of these incidents must be risk assessed to determine if they are breaches requiring notification. 

Read more

Scaling the Privacy Program: Technology Eases Change Management for Fortune 20 Company

The last year in the realm of privacy has been one of tremendous growth.

Read more

Three Topics We’re Following at the 2018 IAPP Privacy. Security. Risk. event in Austin

Next week, 1,600+ privacy professionals are heading to Austin for the annual IAPP Privacy. Security. Risk. conference. The educational opportunity and discussions happening at this conference every year surfaces new ideas, best practices, and top challenges for the privacy profession. 

Read more

What's Driving the Growth of Data Breach Response?

In July Gartner published its new Hype Cycle for Privacy, which provides a snapshot of various technology capabilities and categories, their relative market trajectory over time, and forecasts for future adoption. A new category that emerged in the 2018 report is Data Breach Response, whose debut underscores the emergence of a broader awareness of this critical capability for enterprises that collect and process personal data.

Read more

Benchmarking Data Indicates Human Error Prevailing Cause of Breaches, Incidents

This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here. 

Read more

Regulatory Watchlist: Recent Changes to State Data Breach Notification Regulations

A number of state data breach bills have recently gone into effect, or are poised to go into effect in the next two months. Continuing our series of articles around trends in state data breach notification laws, let’s take a look at this legislation and see what trends we can identify.

Read more

State Attorneys General Flex Muscles in Response to Proposed Federal Data Breach Notification Standard

In recent years, we have seen growing influence of state attorneys general in the realm of consumer data protections. State laws are increasingly requiring AGs be notified in the event of a breach, and state AGs are taking action for noncompliance, filing lawsuits for failure to notify within the required timeframe and reaching hefty monetary settlements for paper based data breaches.  

Read more

Benchmarking Data and Healthcare Challenges: Compliance with State and HIPAA Breach Notification Rules

Privacy or security incidents involving protected health information (PHI) and personally identifiable information (PII) are more than just probable in healthcare settings–they are inevitabile. And this makes sense, as heavily regulated industries like healthcare rely on highly personal and sensitive data to provide care, and the abundance of such data presents higher risk of unauthorized disclosures – unintentional or malicious. The frequency and types of risks to an organization’s data are growing wider, as well, from a ransomware attack or a breach in your Electronic Health Record (EHR), to a simple misdirected mailing or improper disposal of paper records.

Read more

The Human Side of Privacy: 2018 IAPP Global Privacy Summit Recap

For those tasked with the daily, detailed work of ensuring their organizations’ compliance with data breach notification regulations–particularly in light of the complexity of preparing for new regulations to go into effect, namely GDPR–it could be easy to forget the person in personal data. Speakers from this year’s IAPP Global Privacy Summit reminded us of just how reductive that vantage point can be, touching on the very human element that lies behind every privacy incident.

Read more

Regulatory Watch List: Breach Notification Timelines in Proposed State Legislation

Working with privacy and compliance professionals, one of the challenges we often hear about is how difficult it can be to keep up with ever-changing breach notification regulations. Think of it this way: in the US alone there are 48 separate state breach notification laws (along with Washington, D.C. and three territories), each with their own unique definitions, breach notification triggers, and compliance requirements.

Read more

Data Privacy Day: What is the State of Privacy in 2018?

Last weekend on January 28 we observed Data Privacy Day, an internationally recognized day intended to raise awareness and promote privacy and data protection practices. First celebrated in the United States and Canada ten years ago, the day commemorates the Jan. 28, 1981 signing of Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, the first international treaty dealing with privacy and data protection.

Read more