Fortune 100 Financial Services Company Scales Privacy Program

A large financial services company was undergoing a digital transformation to improve cross-functional collaboration and increase privacy team productivity.

A Fortune 100 financial services company that collects, stores, and processes huge volumes of sensitive customer data was undergoing a digital transformation, replacing manual and outdated processes with a more scalable, purpose-built solution to improve cross-functional collaboration while making its privacy team more productive.

The privacy team, which supports every line of business, needed an efficient, consistent method for addressing the increased incident volume and breach risks against a complex web of ever-changing state laws, in addition to the burden of compliance with federal and international data breach regulations.

“We’re smart enough to know that it’s immensely helpful when somebody has already solved the problem. Radar® Privacy is now our source of truth.”

With strict notification deadlines and severe penalties for failure to comply with global breach notification regulations, the international organization could not rely on their existing manual processes and faced potential fines and reputational damage if they were unable to automate the ability to risk assess incidents involving disclosures of personal information (PI) against the applicable jurisdictional law to ensure they were meeting notification obligations.

A Growing Number of Incidents…

The company had developed an in-house module for their GRC system to manage the tasks associated with the incident response process. For several years, they used this software as a generic workflow, document repository, and tracking tool, but it lacked any decision-support capability. The collaboration between the privacy and legal teams was disjointed and inefficient, causing delays in decision making.

Furthermore, the organization was growing rapidly and transforming to a digital-first company, and would require greater functionality and scalability than their homegrown solution was able to provide.

A Greater Electronic Footprint = Increased Risk

With a greater electronic footprint through mobile apps, chatbots, and cloud-based data centers, customers’ sensitive financial data was at increased risk from a wide variety of threats. The complexity of dealing with a growing number of incidents was significant. A possible breach would involve many—if not all—states, each jurisdiction having their own (and often changing) breach notification laws, on top of federal regulations such as GLBA.

An Innovative Approach

The company’s digital focus meant they sought out an innovative approach to incident response management—one that would scale to both the higher volume of incidents and the growing legal complexity. At the same time it had to be efficient, so that the company’s growing privacy needs would be addressed without the need to add headcount.All this required a technology solution that would:

-> Streamline incident escalation and data gathering across the entire enterprise to meet the rising number of incidents.
-> Perform automated incident risk assessments against all state and federal laws, as well as emerging international laws
-> Provide a consistent and collaborative method for efficient decision-making, documentation, and reporting for C-suite, board, and the privacy program.
-> Gain real-time visibility into root cause and incident trends.

Improve Compliance and Reduce Risk with Efficient Consistency

“Radar® Privacy provides a comprehensive multi-factor risk assessment and recommendations for every incident. We can easily identify the high-severity ones that require more investigation and explanation to regulators, and at the same time achieve total consistency and proof of compliance in the risk assessment process. Radar provides the additional level of validation that supports our decision making.”

The company’s executive compliance officer discovered Radar® Privacy at a privacy conference and quickly came to appreciate the software’s innovative and intuitive capabilities and benefits. To start, Radar® Privacy’s patented Breach Guidance Engine™ and regulatory workflows provided a streamlined and highly-efficient process for incident response management, so the compliance team could devote more time to other critical privacy initiatives.

Because state, federal, and international breach notification laws are integrated into Radar® Privacy’s Breach Guidance Engine™, the company benefited from much needed consistency in the decision-making process. Adopting Radar® Privacy has decreased their reputational and compliance risks in an increasingly risky business environment.

Other benefits include:

-> More efficient and strategic use of internal and external counsel by the privacy team
-> Greater visibility into the incident response process for external stakeholders
-> Always up-to-date with changing breach notification regulations
-> Reliable, highly secure SaaS platform ideally suited for the company’s digital-first business model