Law Firm Moving Into Data Incident Response With RADAR
Happy New Year everyone! Can I still say that? I have been trying to decide how I will continue my blog posts, daily has proven a bit challenging as things start to pick up but I don’t want to disappoint my consistent readers. We will figure it out together!
In reading the attached article I sort of got confused about what it was talking about. The headline says “Dentons Enlists RADAR for Firmwide Data Breach Assessment” and I thought it was interesting so I began to read it. In it key buzz words are used like data incident response and assessment, evaluating possibly data breach liability, compliance, data security, automatic procedures if a data breach occurred, etc.
So the article has all the key words but what struck me was how they put the topics together when essentially RADAR is a tool that helps an organization determine if there are data breach notification laws they have to comply with when a breach has occured. A company goes in and fills out a form about what occurred and the tool tells it what notification responsibilities it has based on those facts. Now don't get me wrong, knowing who and where to report your breach to is very important, and a tool like RADAR can very important to your incident response strategy. I guess having grown up in security operations and incident response it bothers me the mixing of terminology. Sure you can describe data breach notification as “data incident response and assessment” but does that help or hinder the clarity for the industry?
Legal technology or legal tech is now it’s own industry and vendors are popping up to sell privacy related tools. So now we have IT Security, information/cyber security, compliance, and privacy tools and vendors. Wow, that's a lot for anyone to understand let alone put together cohesively, or secure effectively!
Happy New Year!