Executive Spotlight- Lauren Wallace, RadarFirst: Automating Incident Management in a New Era of Privacy and Data Governance

When Lauren Wallace began working in privacy law a decade ago, privacy was largely a matter of internal policy. Companies were simply encouraged to do the right thing when it came to using and protecting consumer and employee data.

As a patchwork of laws and regulations began to emerge, most notably with the passing of the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), both in 2018, companies began to be held accountable for ensuring data privacy. Privacy lawyers finally had some teeth to their arguments in favor of observing privacy rights. The recent explosion of AI, however, has ushered in an entirely new era—one in which privacy, while fundamental, is encompassed by a broader focus on data governance.

“As we move into a world where the information being gathered as you go about your daily life is shared with third parties you never intended to interact with, you can no longer look at privacy in a silo,” said Wallace, who serves as Chief Privacy Officer, General Counsel at RadarFirst. “You have to look at it in the context of how individual information is proliferated and recombined on platforms and for uses that you would never have anticipated.”

Wallace is passionate about privacy—that’s what drew her to Portland-based RadarFirst, which promotes the values of privacy as a fundamental human right. The company provides a platform to help businesses manage privacy and security incidents involving regulated data..

For RadarFirst’s customers, which operate in highly regulated industries like banking, healthcare, and insurance, the challenge lies in complying with the evolving regulatory obligations and reporting requirements of their industries and jurisdictions, which can be mind-bogglingly complex. A use of personal information that might have been unregulated five years ago is now subject to dozens of regulatory obligations that may conflict or overlap.

“Security incidents are incessant, and companies have a huge burden to analyze each and every incident as it occurs,” Wallace said. “They need to determine not only the impacts to personal information but also their reporting obligations to regulators, individuals, the media, and law enforcement. It's simply an unmanageable burden.”

RadarFirst helps remove that burden with Radar® Privacy, a SaaS platform that has codified every regulation or law that covers a company’s notification obligations in the case of a security incident. The platform processes customer-provided information about each incident, instantly and securely, assesses notification obligations, then makes recommendations to help the company take actions that are consistent with their internal policies and applicable regulations.

RadarFirst’s innovation hasn’t gone unrecognized—the company has a 99% customer retention rate and won the 2023 Oregon Technology Award in the Accelerate category. Its newest solution, Radar® Compliance, helps customers model their incident severity analysis to ensure consistent reporting over time, which makes regulatory compliance efficient at scale.

“We always aspire to live our Oregon values and come from a place of empathy, and not just from a place of technological sophistication or legal jargon. We strive to meet our customers where they are and give them the solution they need to manage risk and automate processes that are otherwise completely unmanageable,” Wallace said.

Thank you to A.wordsmith for interviewing Lauren Wallace, Chief Privacy Officer & General Counsel at RadarFirst.

‍