Fortune 20 Company Overhauls its Global Breach Response

A Fortune 20 company with a strong culture of privacy was experiencing an increase of incidents

“Having developed our in-house system, I knew the exact requirements for meeting our regulatory obligations: secure, scalable software that wouldn’t cost a fortune to configure and that would provide ongoing, up-to-date regulatory guidance. Radar® Privacy fit the bill.”

A Fortune 20 company with a strong culture of privacy was experiencing growth, and with this growth came significant increases in both the volume of privacy incidents and the burden on the privacy team to perform timely incident risk assessments, make consistent notification decisions, and implement sufficient risk mitigation actions.

Without a scalable, consistent, and defensible process, the company faced significant risks associated with missed notification deadlines, the possibility of over or under reporting, and the opportunity cost of not being able to focus the privacy team on other more critical and strategic tasks.

When “Build it Ourself” Conflicts with Scalability…

Initially, the company had developed an in-house, homegrown enterprise incident management system. This system was no longer able to support the needs of a growing business, was costly to maintain, and had several critical drawbacks in functionality:

-> No automated incident risk scoring engine to ensure consistency in making notification decisions.
-> Lacked intuitive workflows, scalability, and efficiency to support the projected business growth
-> Could not keep up to date with changing regulatory obligations, and could not provide the customization necessary to support the contractual obligations of the business
-> Required significant maintenance, creating operational downtime and ongoing demands on limited internal resources
-> Didn’t integrate legal resources or breach notification templates, requiring additional research and documentation to occur outside of the system
-> The privacy team needed to replace their outdated solution and spreadsheets with a modern system that provided a consistent method for evaluating and responding to privacy and security incidents in compliance with changing data breach notification laws.

After evaluating several options, including scoping out the cost of rebuilding a new system in-house, they concluded that all available options lacked automated risk assessment, were costly to implement and configure, and provided less robust functionality than the in-house system – all except one.

Radar® Privacy was Selected for Scalability and Efficiency

Ultimately, the company chose to partner with RadarFirst for its purpose-built, award-winning privacy incident management software. “We compared Radar® Privacy against other possible solutions, and everything cost more and did far less,” stated the company’s executive in charge of privacy incident response. “No other solution was specifically designed to meet our needs with automation for incident response.” Radar® Privacy provided the functionality needed to address the company’s complex privacy requirements, including:

-> Scalable, high-performance platform to support a growing volume of privacy and security incidents
-> An automated, consistent process for incident risk assessment
-> Risk rating engine with built-in, always up-to-date regulatory guidelines for US federal, state and international breach notification laws
-> Visibility into the entire incident response lifecycle
-> Robust reporting and trending tools and analytics

“Radar® Privacy provides an excellent value—it performs incredibly high volumes of privacy incident assessments consistently, quickly, and accurately. As a result, we’ve saved hundreds of hours of expensive legal time and have an efficient platform for future growth.”

In the evaluation process, the privacy team compared the performance of Radar® Privacy to the in-house system. As a large company needing to scale their program, automation provided the efficiency they needed to align with their organization’s growth, and reallocate valuable personnel resources to more strategic and high-level tasks.

Value was found in the consistency provided by Radar® Privacy and the time savings in bringing automation to the incident response process. Given that Radar® Privacy is up to date with the most recent data breach regulations, and includes law overviews of these regulations, the company was also able to eliminate costly and time-consuming quarterly meetings with outside counsel to review recent changes in regulations – not to mention incorporating changes into their difficult to maintain in-house system.

Finally, as a top Fortune company representing multinational, global operations, the emergence of GDPR – with its stringent data breach notification obligations – added even more value, as the company could rely on Radar® Privacy for their preparedness measures and to remain compliant with the 72-hour breach notification requirement. The fact that Radar® Privacy is executing on a global regulatory roadmap to support other emerging international data breach notification laws provided additional assurance for a global solution.