With talks of an impending recession, now is a critical time for organizations to turn inwards and focus on costly legacy operations, like mitigating privacy risks and streamlining incident management. We’re all following the news and social media stir. A recession is looming. Rather than harboring feelings of fear and anxiety, take proactive steps today to secure your business and fortify privacy operations. What does a privacy program need to be recession-proof? Here’s three questions to ask yourself.  1. Does your privacy program save you time on incident management? Your privacy ..read more

The buzz around the California Consumer Privacy Act (CCPA) is a lot, well, buzzier these days, and for good reason. The January 1, 2020, effective date is little more than a month away, and security and privacy teams want guidance on CCPA compliance requirements. Rather than spend your valuable time reviewing just what those requirements are—which most of us are all too familiar with by now—it might be helpful to look at best practices for overall compliance. After all, the CCPA isn’t the only regulatory challenge organizations face. Consider: GDPR: Eighteen months after the regulations came ..read more

Last week during the regional Health Care Compliance Association (HCCA) conference in Nashville, I was lucky enough to host a gathering of executives from privacy and compliance for a private executive dinner with Adam Greene, an influential thought leader in privacy and partner with Davis Wright Tremaine. Adam moderated a robust discussion that explored HIPAA and OCR enforcement trends, the growing divide between state consumer protection laws and Federal regulations, and speculation on what the future holds for healthcare companies in an increasingly fractured consumer protection landscape ..read more

After much fanfare, the EU’s General Data Protection Regulation (GDPR) went into effect in May of 2018. In May 2019, the European Data Protection Board (EDPB) issued its 1-year assessment of the GDPR. In the first year, over 89,000 data breaches had been logged by EEA Supervisory Authorities. While the EDPB report casts a meteoric rise in reported breaches as positive evidence of increased privacy awareness, the plain truth is that many organizations are also over-reporting privacy-related incidents/breaches rather than face the risks of under-reporting. Maybe these organizations are thinking ..read more

How is it already November? Halloween is behind us, and thank goodness for that! Privacy professionals have more than enough to scare and trick us in our professional lives already–did you read my colleague Dorothy’s recent post about the rise in heart attacks following a ransomware data breach?  So let’s focus instead on the last two months of 2019–which are in fact the last few months of the 2010 decade! What are some positive activities we can do as privacy professionals to create a proactive approach to incident response and establish best practices to protect the data our customers ..read more

If you’ve ever participated in an organized sport, you’re likely well aware of the importance of context when it comes to evaluating your performance as a player. Say, for example, I play soccer every weekend (which I do). Let’s imagine I’m arguably the best defender on my team – or even across all the recreational players involved (it’s fun to pretend). I might start feeling pretty good about myself, and how I perform on the pitch. Now imagine I’m suddenly pulled into an MLS game, playing against professionals in the field. I might be a good player on a limited bench – on weekends, playing ag ..read more

Privacy and security incidents involving sensitive personal data are as individual as fingerprints. An incident involving misplaced paper records is vastly different from a large-scale cyber-attack affecting millions of people. Yet the organization with the paper incident and the organization with the cyber-attack are both subject to a complex web of global data breach notification laws—which could include GPDR, a mixture of U.S. federal / state regulations, and even unique demands under CCPA . While the laws vary, there’s a definite concern when it comes to preventing fines for noncompliance ..read more

Chinese philosopher Sun Tzu once said, “Know thy enemy.” When it comes to managing risk, CISOs must know what threatens the privacy and security of their organization’s sensitive data. That means having the ability to identify and measure all the risks lurking throughout the enterprise—no easy feat. Today’s news feeds are ablaze with stories of cyberattacks and large-scale breaches. While these items make for exciting (or more likely terrifying) reading, they disguise the true nature of most privacy and security incidents. An analysis of metadata from the RADAR privacy incident response platfo ..read more

Around the RADAR offices, we talk a lot about the work of privacy professionals and how we can continue to bring greater value to our customers. Part of these discussions include quantifying the cost of poor incident response, and the risk presented to organizations when a data breach is mishandled. This week our discussions have included two items of interest on this topic: The economics of cybersecurity and the importance of assigning dollar amounts to incident response This article features a rundown of a recent Cybersecurity focused radio program with Robert Vescio, Chief Analytics Officer ..read more

For many of us, the new school year marks the end of summer. Back to routines and brand new notebooks and pencils. For privacy professionals, the end of summer is still business as usual since privacy incidents and data breaches don’t take a summer vacation. The work of safeguarding privacy is never really complete. Here are a few trends in the world of privacy that haven’t taken a summer break: Cookies and Tracking systems: France’s data protection authority, CNIL, released new rules regarding how companies obtain valid consumer consent. S.H.I.E.L.D.ing your data: The Governor of New Yo ..read more