Closing the Loop on Incident Response with Radar Privacy

Privacy and security incidents that expose sensitive customer data have become an inevitable part of doing business in today’s world.

Attacks on your company’s infrastructure are becoming more sophisticated with advancing technology – malware, ransomware, and phishing schemes – while human error remains a leading source of incidents such as lost laptops, misdirected emails, and misplaced paper files. Luckily, today’s security solutions are rising to the challenge, with an ecosystem of sophisticated products and services designed to protect and manage sensitive corporate data. A well-developed privacy and security governance program includes the use of tools such as:

• Governance, Risk, and Compliance Platforms (GRC): providing content management, workflow management, reporting and relational data models.

• Security Information and Event Management Solutions (SIEM) or Managed Security Service Providers (MSSP): providing a holistic view of IT security, with centralized storage to detect, log, analyze, and correlate security threats and trends.

• IT Ticketing Systems: allowing IT teams to notify multiple stakeholders in the remediation process, track and document the investigation of the event, and assign roles for remediation.

• Industry Agnostic Data Loss Prevention (DLP) solutions, and industry-specific technology solutions: providing software that detects, identifies, monitors, and controls sensitive data leaving a network.

Each of these systems plays its part in the incident response process, working together to detect, track, and analyze privacy and security events.

The ecosystem of detection, analysis, monitoring, and management systems are effective at identifying security and privacy events, but don’t provide guidance on whether such an event rises to the level of a notifiable breach under state or federal laws.

I’ve Detected an Incident…Now What?

These tools are excellent for detecting when an incident has occurred, but what happens when the incident involves the exposure of regulated data? At the end of the day, after the detection and tracking of an event, privacy and security teams find themselves on their own in determining if an event is notifiable, and if so, which state, federal and regulatory bodies require notification — and by when?

Enter Radar Privacy, an innovative SaaS-based incident response management platform that automates and simplifies assessment of privacy and security incidents, ensuring compliance with federal and state breach laws.

Radar Privacy complements the security and privacy incident management ecosystem and is designed to close the loop on incident response, taking the information gathered in privacy and security systems and providing the next step: guidance to determine if an incident is a breach, whether it is notifiable, which regulatory bodies must be notified, and by what date.

How Radar Privacy Works

The Radar Breach Guidance Engine leads users through an intuitive workflow that profiles and scores data privacy and security incidents and generates incident-specific notification guidelines to help ensure compliance with federal and state laws.

Step-by-step guidance: The Radar Breach Guidance Engine and purpose-built workflow guide users through a process for profiling and scoring any data privacy or security incident to determine whether it is a data breach.

Automated plan for response: the Radar Privacy assessment generates an incident-specific response plan and notification guidance according to relevant data breach notification laws (including GDPR), along with required documentation to support an organization’s burden of proof obligation under breach laws.

Reliable and up-to-date: Radar Privacy is current with federal, state, and international data breach regulations — including GDPR.

SaaS Solution for Integrated Systems

The Radar Privacy solution is offered as a SaaS application, which is critical to keeping our solution up to date with constantly changing state and federal breach notification laws.

To complement the detection and management of incidents identified by existing security and privacy tools, Radar® Privacy provides a REST API that enables clients to automate incident creation in RadarFirst for risk assessment and regulatory guidance.

Radar Privacy’s Privacy and Security Certifications

Radar Privacy has been issued a SOC 2 Type II report, a comprehensive certification that demonstrates its ability to safeguard sensitive data.

Radar Privacy has also been certified with the Privacy Shield Framework, signifying our commitment to comply with EU data protection requirements when transferring personal data between the United States and the European Union in transatlantic commerce.