RADAR Blog

Surprising stats on third-party vendor risk and breach likelihood

This article by Mahmood Sher-Jan is the third in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Data protection is a team sport: Benchmark data tells the story

This article by Mahmood Sher-Jan is the second in a series of articles published with the IAPP Privacy Advisor, on the topic of establishing program metrics and benchmarking your privacy incident management program.

Read more

Introducing New Mexico’s Data Breach Notification Act

With the signing of HB 15 on April 6, 2017, New Mexico became the 48th state and 52nd US jurisdiction to enact a data breach notification law, leaving only Alabama and South Dakota to go.  The Data Breach Notification Act, which goes into effect June 16, 2017, is similar to many long-standing state breach notification laws, but it also incorporates several recent trends in breach notification amendments identified by the RADAR team.

Read more

Assessing Ransomware Attacks and Shoring up Security Measures Under HIPAA

This article by Alex Speaks was originally published on the Compliance & Ethics Blog. Click here to view the original version of this article.

Read more

Mitigating the WannaCry Attack: Shoring up Security Measures and Assessing Ransomware Attacks Under HIPAA

A string of ransomware attacks revealed today in the United Kingdom have quickly spread to global scale, impacting dozens of countries around the world and disrupting systems critical to hospitals, telecommunications, and corporations in the process.

Read more

Privacy Initiatives In Your Own Backyard: Encouraging State-Level Work to Protect Private Information

As the date for compliance with the EU’s General Data Protection Regulation looms, many privacy and compliance professionals turn their eye towards international regulations. A recent meeting with a Portland, Oregon cybersecurity advocacy group reminded me that, with the increasingly complex and ever-changing nature of state data breach laws, it’s also important to keep a trained eye on privacy legislation in your own backyard.

Read more

Shared Perspectives on Data Breach Response and Compliance

Last week I had the opportunity to bring together many perspectives in the incident response management process and discuss our shared challenges, our best practices, and how we can better work in unison.

Read more

The Complicated Web of Noncompliance Penalties Across State Data Breach Notification Laws

No two state data breach notification laws are alike - and this can create a complicated landscape for privacy teams working to assess privacy incidents and remain compliant across multiple jurisdictions. Think about it: as of this article's publication date, 47 states, the District of Columbia, and three territories each have their own unique triggers, definitions, and requirements when it comes to assessing a privacy incident, determining if the incident is a data breach requiring notification, and then providing notification in a specified format to regulators and impacted individuals–and all within an increasingly specific time frame.

Read more

Teamwork Wins the Game: Four Insights from RADAR’s Privacy & Security Pros

In the race to protect customers and companies against the dangers of a data breach, privacy and security often compete for scarce resources. This can make it easy to forget who the real enemy is—the rising tide of privacy and security incidents. By recognizing the valuable role each team plays, privacy and security can encourage cooperation and ensure victory.

Read more

Trends and Lessons from the Biggest Data Breaches of 2016

2016 has been called the “Year of the Data Breach,” earning that title by surpassing previous years in both the number of breaches reported and in the number of records compromised. Yahoo’s announcement in September that 500 million user accounts had been compromised, followed up by the announcement in December that an additional 1 billion user accounts had been exposed, was one of the most heavily publicized and was featured at the top of many lists compiling the biggest breaches of 2016. But there were many other breaches that exposed millions of data records involving PII and PHI – just look at the number of the listings appearing on the US Department of Health and Human Services Office for Civil Rights’ so-called “wall of shame” for 2016.

Read more

Privacy Statistics & Figures: Quantifying Incident Response at the ISACA Pittsburgh Information Security Conference

I recently had the opportunity to travel to Pittsburgh for the 2016 ISACA Pittsburgh Information Security Awareness Day Conference. This conference is part of a regional series hosted by the local ISACA Pittsburgh chapter.

Read more

Five Tips for Incident Response Readiness, from the IAPP 2016 Practical Privacy Series

Last week I attended the IAPP Practical Privacy Series in Washington, DC. This series features intensive educational sessions designed to arm those in the privacy field with the up-to-the-minute knowledge needed to excel on the job. My fellow attendees were privacy officers and others who were well versed in privacy issues – many interesting conversations were started in the hallways between sessions and during meals.

Read more

Common Misconceptions in Incident Response

I was recently reminded of the following sentiment by a colleague of mine in the office: “it’s better to be prepared one year too early, than one day too late.”

Read more

IoT, Infosec Trends, and International Privacy Law

Notes from the Privacy + Security Forum in DC

This year I was able to attend the Privacy and Security Forum for the first time. Organized by Daniel Solove and his TeachPrivacy organization, this informative event showcased the deep knowledge of the privacy, security, legal, and compliance speakers and attendees. Everyone at the forum exhibited an obvious passion for their work with their evident enthusiasm for learning and sharing knowledge.

Read more

Privacy and Security Together: A Risk-Based Approach to Incident Response Management

Threats to the privacy and security of sensitive data are unavoidable.

Read more