About

Bridge The Gap is a blog maintained by Claritas GRC, a legal consulting firm founded by Rafae Bhatti, Esq., Ph.D.
We speak both technology and law, and understand both security and privacy risks. We have been in your shoes, as a software engineer, a compliance manager, or an in-house counsel. We have helped companies address HIPAA, GDPR and CCPA requirements, and know how to balance compliance with innovation.
Thought Leadership
Rafae has been a thought leader in security and privacy for over a decade. He has served as a member of the IAPP Privacy Engineering Advisory Board, and is currently Vice-Chair of the ABA Cybersecurity and Data Privacy Committee. He also served for 10 years as an Adjunct Professor of Computer Engineering at Santa Clara University. He has published in various industry and academic journals and conferences, including the ACM, ABA, IAPP, USENIX and BSidesSF.
Presentations

IAPP PSR Presentation on Privacy and Security Risks for Fintech in the Metaverse

USENIX Presentation on Right Sizing Your Data Protection Risk Profile
BSides SF Presentation on Bridging the Gap Between Security and Privacy Risks
Publications
What's in Your Wallet: Privacy Implications for FinTech in the Metaverse. ABA Webinar. Jun 27, 2023
The webinar discusses the privacy and security risks created by the use of digital wallets in DeFi protocols, and how DeFi platforms can incorporate privacy-enhancing technologies to protect user privacy in metaverse while still adhering to regulation. Go to webinar >
Liability for software insecurity: Striking the right balance. IAPP Privacy Advisor. May 23, 2023
Liability for software insecurity requires a blended scheme that balances the threat of liability with incentives for improving security. Go to article >
The interaction between cyber insurance, data breach response plans and cybersecurity governance. ABA Book Chapter.
Book Chapter in "A Practical Guide to Cyber Insurance for Businesses" by ABA. March 2022. Go to book >
What SolarWinds teaches us about managing risk of cyber loss. IAPP Privacy Advisor · Jan 6, 2021
The SolarWinds hack bypassed best-in-class security measures and exposed the limit of security hygiene alone in avoiding data breaches. An important lesson for organizations is to increase their focus on adopting risk mitigation mechanisms to protect their bottomline. Go to article >
The road to reasonable security: What CISOs should know. IAPP Privacy Perspectives · Sep 3, 2020
CISOs today must pay attention to the increasing data protection obligations when creating their security agenda. An understanding of reasonable security in this context helps them build the right foundation for their security program to mitigate data protection risks. Or else, they risk the consequences for ignoring to do so. Go to article >
Testimonials
Mode
"Rafae helped lead the security and data protection program at Mode, including compliance with GDPR, CCPA and HIPAA obligations. His background in both engineering and law helped him translate complex legal obligations into technical requirements for engineering and product teams to implement the controls necessary to remain compliant."
Heather Rivers, CTO
HealthTap
"Rafae laid the foundation of security and privacy program at HealthTap and identified efficient solutions to help us address HIPAA and GDPR compliance obligations with limited resources. He helped map data protection requirements efficiently into technical controls, and established policies and procedures that streamlined our compliance and audit activities."
Hammad Saleem, CTO
Connect with us
If you would like to reach out for guidance or provide other input, please do not hesitate to contact us.