Episode 9: Privacy in Partnership

Don: Hello and welcome to On Your Radar podcast. I’m your host for On Your Radar, Don India, and I have the unique pleasure of speaking with industry experts focusing on critical topics in the areas of compliance, privacy, cybersecurity, and artificial intelligence. And my guest joining me today on On Your Radar is RadarFirst’s very own General Counsel and Chief Privacy Officer, Lauren Wallace. Lauren, welcome to On Your Radar.

Lauren: Thank you, Don. Great to see you.

Don: That’s great to see you too. We see each other regularly and this is a unique episode for us for On Your Radar because we had an amazing RadarFirst hosted VISION 2024. Didn’t we, about a couple of weeks ago?

Lauren: What a great day.

Don: We had amazing guests. We had industry experts. We talked about artificial intelligence. We talked about one year later of the SEC cybersecurity disclosure rules. And one key conversation that was had, Lauren, that I wanted to ask you about is the conversation that we had hosted by our very own Shari Kenny with Erik Rahman from HCSC and Abby Martinez from Walgreens, both RadarFirst clients. What critical takeaways did you gain from that conversation with Erik and Abby?

Lauren: I love that conversation. And let me start by saying thank you to Abby and Erik for coming on to the Vision event. There’s nothing more powerful for us than hearing from our customers directly, particularly ones where we’ve had these wonderful long-term relationships that have been very developmental on all sides.

Build Enterprise Value with Privacy

But here’s the really big takeaway for me. As a lawyer and as the company’s privacy officer, I am most days kind of concerned with the risk overhead that every company operates under and all the choices that we make to lay off risk where we can and accept risk where we have to. And the big takeaway for me from Abby and Erik was hearing how by automating with Radar® Privacy, they were able to both reduce costs and de-risk their privacy programs.

And the big takeaway for me from Abby and Erik was hearing how by automating with Radar® Privacy, they were able to both reduce costs and de-risk their privacy programs.

And in my experience, you kind of are often picking between one or the other of those edges. So being able to provide a tool that allows them to de-risk and save money at the same time, that’s so compelling for me. I was so happy to hear that from them.

Don: Totally agree with you. It’s an amazing opportunity for Shari and for our clients to share how they view Radar® Privacy and RadarFirst and how they’re consuming it. A couple of takeaways that I gained from this is yeah, de-risk was a huge one. Automation was absolutely huge. Time savings was mentioned time and time again, in terms of the ability to leverage the automation.

And materially save time. And Abby said it best towards the end of that conversation where she stated, we are able to focus our energy on other things because we are reducing the amount of time it takes to do the job that we had done in hours versus minutes. And I think there’s a fact behind this. I think there’s a fact of thousands of hours are saved in the organization by implementing a Radar® Privacy solution, which is pretty compelling.

The other thing that they gained that I gained from this conversation, which both Erik and Abby talked about the standardization, standardization of assessment criteria, standardization of reportability, and the last thing, the currency of law. They both mentioned it.

Radar® Privacy has fundamentally changed the way they run their operations

They both mentioned all those facets, which are just major points. And yes, that’s what our platform provides. But our clients are telling us these are the critical components as to why Radar® Privacy is a critical component to their overall business. More so, Lauren, I’d like to ask you this question. I heard both Erik and Abby, directly and indirectly, imply that Radar® Privacy has fundamentally changed the way they run their operations. Love for you to comment about that and I’ll layer something on at the end of it.

Consistent Risk Assessment

Lauren: Yeah, well, let’s roll back a second to what you’re saying about standardization. One thing we heard from both of them is that their programs prior to adopting and automating with Radar® Privacy were very manual processes that might involve groups from all over the company. 

I believe it was Erik who talked about how they had a committee and they had some kind of an approval process for a certain evaluation, and then they would try to apply that to another incident. But this was all done very manually and of course, subjectively. 

And, we hope that one of the great benefits of automating on Radar® Privacy is that your regulatory reports are going to be consistent incident by incident, day by day, year by year. So that you are not presenting regulators like any questions about what did you mean by this?

What you meant by this is exactly what you meant last time by this. So it’s the time savings for sure, but also not having to go back and maybe restate an activity according to an evaluation that somebody made later on. And you say, oh, no, that’s maybe that’s what we should have said last time. Not having to go back into old documentation to try to figure out what happened in a particular incident.

Not have to dive through emails and SharePoint files and maybe screenshots that somebody took, it’s all aggregated in one location. 

So I loved hearing how that standardization process got them to time savings. Got them to de-risking, and got them also, and I know this wasn’t your question, but it was fascinating to me, visibility in their organization because going through the adoption process gave them so many opportunities to talk about this highly distributed process and to talk about the different owners in those distributed processes and how they could consolidate them in one place and then achieve that level of standardization and time savings.

Don: One of the things that is great that you bring this up in terms of how they looked at it from a manual fragmented process to something where it was very holistically owned in a centralized solution. 

opportunity to break down these silos and allow for the collaboration across multiple lines of business

In the past, you and I’ve debated about the silos of ecosystems, the silos of privacy, the silos of compliance, the silos and security, what these two individuals and all of our clients have found is that Radar® Privacy and Radar® Compliance have the opportunity to break down these silos and allow for the collaboration across multiple lines of business in order for the organizations to be more functional.

And it really reverts back to a conversation Lauren, you and I had with Chris and with Ria Thomas, Chris Hettner, and Ria Thomas on the harm, on harmonization of requirements, getting your requirements set up before what these two individuals, Abby and, and Erik have realized is as you establish Radar® Privacy as the de facto standard of privacy incident response for the organizations, they want to do more with it. 

Centralize Privacy Incident Management

Erik even said that he said we are moving towards a standard tool for all of our incidents and now they’re not there yet. But he’s referring to leveraging Radar® Privacy as that lever or that tool. It was really fascinating for me to hear that because it’s right where our organization is headed in terms of what we know we do best. So any comments on on that? I found that pretty fascinating.

Lauren: Well, I think it’s another point about how much we, RadarFirst, benefit from our long-term relationships with these institutions that have sophisticated problems and maybe legacy solutions that they’ve been dealing with. But we’ve seen how they adapt the platform to serve needs that, you know, maybe weren’t what they initially bought it for, but they’ve discovered that it’s highly extensible.

And the fact that you have a robust permissioning model so that you can deploy it across the organization in different ways and get the right eyes on the right facts, or maybe not those eyes on certain facts at certain times gives them an opportunity to, I think, think bigger about what their programs can look like and also teaches us what we can do to make our platform better for them and Don, I know you know this so very well, but we release updates to the platform, on a more or less three week cadence. A lot of the times those are you know, very minor updates.

We, you know, update the color of a button or something. But in relationship with our customers in ongoing conversations with our customers as the agile platform that we are, we’re able to just be very consistent and responsive when we hear the customers are using the platform in inventive ways. I love that.

Don: No, it’s wonderful. I think that actually goes to another layer of conversation that Abby was digging into with respect to the process of procuring Radar® Privacy in her organization and the comments that she made. Number one is as the CEO of an organization, it makes me smile to hear the accolades that are distributed from Abby to our team.

Our team helped coach her. We were her coach. We were with her on ROI. We were with her on the story. We were with her on the value proposition and how it made sense to drive into the Walgreens organization. And Lauren, you and I  both know that’s not unique. That’s the game that we play with every one of our prospects.

It’s standardization, de-risking, automation, time management, savings…

We build those relationships. We help build them the organization understand the full value of what we deliver, whether it’s standardization, de-risking, automation, time management, savings, or other. And beyond that, we are there for the onboarding process. We’re there for the training process, and we’re there for the feedback.

As you talked about, we’re there for the feedback to say, how are you using this in unique and creative ways? What else would you like for us to install our input into the solution? So it’s one of those great opportunities for us to highlight the client experience isn’t simply on the front end of the sale.

Our client experience is complete end to end. It’s at the beginning of the first handshake of a relationship, all the way through the end of the onboarding and into the consumption. It’s an amazing opportunity for us to highlight our customer success team and our onboarding teams, as well as our engineering teams who do just a tremendous amount of work and engage with our clients on a regular basis.Any comments on that one?

Lauren: Well, I’m not going to brag on this too much, Don, but I can’t help saying that it means so much to us not only that we have customers who stay in relationship with us for a really long time, like we, we love the longevity of these relationships, but also that we sometimes meet new opportunities by referral from our existing customers.

And even more that when our, partners in the businesses themselves make changes in their own careers and, you know, come up in another organization that one of the first things they do sometimes is reach out and say, hey, I’m over here now. 

And I’ve let my new management know that we’re going to be shifting over to Radar® Privacy because we need the time savings, the de-risking the cost savings, all the things. So that’s personal for me.

Don: Yeah, makes it a great place to work. Makes our clients really appreciate who we are. It makes the clients appreciate the fact that we are listening to them. And part of our experience is just that a part of our experience is executive relationships. You and I have some all of our executives do, but it’s really a team-based commitment on the RadarFirst team to deliver the best customer experience that we possibly can. Any closing thoughts, Lauren, about VISION 2024 and particularly the conversation with Abby and Erik.

Lauren: Well, the whole event was really lovely because we got to hear from these long-term relationship partners like Erik and Abby. We got to hear from some incredible industry experts, like I’m so honored that those folks wanted to join us in this conversation. 

And so it was a platform both for talking about where we are and what we’ve made and the relationships we’ve been able to develop, because of what we’ve made, but also what’s going on out in the world that we all operate in, that we and our relationship partners operate in and the ever-increasing compliance and regulatory burden.

Not just that each rule has gotten more complicated. A lot of them have. Some of them have been around for a long time, and they’re just as complicated as they always were. But the overlap and the interplay among the compliance obligations for our customers is It’s exquisitely difficult to manage.

I think Ria Thomas, who spoke to us from Cyber Risk at Truist, talked about a former client of hers who had 85 international notification obligations to make with respect to a cyber incident. And we know that each of those, much like privacy rules, and we know that we have this incredible patchwork of rules in the US and then globally, each of them might have different and inconsistent triggers for what causes a notification obligation.

Well, the cyber rules are getting like that, and they are also incredibly consequential. As we’ve seen with the recent SEC enforcement actions that they are, they are not fooling around on coming in and letting folks know that not only are disclosures in certain circumstances mandatory but that the content of those disclosures is going to be closely scrutinized and not acceptable if it doesn’t meet the SEC’s requirements.

So the through line in all of this is documentation. Because you might be looking at an incident that happened six weeks or six months ago and need to be able to describe what you did at the time, what your mitigation efforts were. 

You may have not reported an incident because at the time it didn’t rise to the level of materiality or whatever else your sort of conceptual trigger is under that regulatory construct.

And then sometime later, you discovered that perhaps it was material in that way. And you need to be able to go back and show how you made that decision and that it was good faith and based on the information you have at the time. 

So looking at privacy in the context of the entire compliance, operation and burden, and in particular in partnership with cybersecurity, I’m just really excited to be here and really excited that we’re positioned to help.

Don: That’s fantastic. I think my first-grade math teacher said it best show your work because you get credit for it in some portion of time. And the same thing with privacy and compliance professionals show your work. Someone may be coming knocking on your door saying, I don’t believe you were able to solve that equation the way you solved it.

Someone may be coming knocking on your door saying, I don’t believe you were able to solve that equation the way you solved it. Documentation matters.

But if you can actually prove you did the work, the work is there for you. Documentation matters. Radar® Privacy, Radar® Compliance delivers that level of documentation.

As I close this episode of On Your Radar podcast, I’ll leave our audience with a couple critical pieces of takeaways from the Abby and Erik conversation, from Vision 2024. I think Erik said it best. They’re moving towards a central incident management solution, leveraging Radar® Privacy. They’ll bridge into other ecosystems with the Radar® Privacy solution sets that we have, but the core of that is centralization for incident management. And Lauren, you talked about it. Documentation is there.

Consistency of decisioning. Abby talked about the standardization of your assessment criteria. All those values drive the de-risking of an entire organization. When you think about what Radar® Privacy has delivered to both HCSC and to Walgreens, it’s significant value. It’s significant value from their own overall business, and it’s also significant value from the relationship that we maintain.

And Lauren, I’ve said this to you many times before. We measure our client relationships in decades, not in years. And we appreciate our clients coming on and talking to us about the value that they realize from our Radar® Privacy and Radar® Compliance solutions.

Lauren, thanks again for being on, On Your Radar. And we look forward to having you as a guest again. And for those listening to on your radar podcast, if you’re excited about the episodes, please stay tuned. Cause our next episode will be coming next month. Thank you.