This series written for The Privacy Advisor by the team at Radar is about establishing program metrics and benchmarking your privacy incident management program. Radar provides purpose-built software designed to guide users through a consistent, defensible process for incident management and risk assessment. A significant volume of incidents involving regulated personal data is processed through the Radar platform, and that number grows every day. The Radar team will provide analysis of data incidents’ metadata in an effort to help privacy pros gain valuable insights, benchmarking metrics, and best practices to use at your organization in your continuous efforts in preventing, monitoring, and remediating incidents and associated risks.
Alex Wall, CIPP/E, CIPP/US, CIPM
What is an incident? How do you know when it is a data breach and requires notice? Understanding how to label privacy occurrences can determine which departments should be involved, what actions should be taken, if notification is required and when.
Once armed with the knowledge from part one of this series, the next metric many organizations will want to establish involves risk mitigation. And this makes sense, assuming that if you have a clear vision of what has helped or hindered your organization’s privacy measures in the past, you will be able to continue with what works and identify existing gaps.
In previous installments of this series on establishing program metrics and benchmarking your incident-management program, we learned fewer than one in 10 privacy incidents rise to the level of a data breach requiring notification, Mahmood Sher-Jan writes in this exclusive for The Privacy Advisor. In this installment of the series, Sher-Jan explores an issue becoming more widely reported as companies react to recent large-scale data breaches and make preparations for compliance with the EU GDPR: managing the risk of incidents caused by third-party vendors.
Check back soon for more installments.