All posts in FERPA

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel Solove
Founder of TeachPrivacy

hipaa lawsuits 1

by Daniel J. Solove

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies.

Continue Reading

Who Are the Privacy and Security Cops on the Beat?

Daniel Solove
Founder of TeachPrivacy

privacy and security

law blog 2

by Daniel J. Solove

Are privacy and security laws being enforced effectively? This post is post #3 of a series called Enforcing Privacy and Security Laws.

Continue Reading

Why Being Well-Regulated Is Good for Business

Daniel Solove
Founder of TeachPrivacy

?????????????

by Daniel J. Solove

After Apple announced that it wouldn’t provide law enforcement with an easy back door to access data on people’s devices, we heard loud whining coming from the FBI and various security proponents that this would be bad for security.

Continue Reading

Follow Professor Solove on Social Media

Daniel Solove
Founder of TeachPrivacy

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:

Professor Solove’s LinkedIn Influencer blog

LinkedIn Influencer 02 You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has more than 600,000 followers.

LinkedIn Influencer 01

*    *    *    *

Professor Solove’s Twitter Feed

Twitter 01Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.

*    *    *    *

Professor Solove’s Newsletter

Newsletter 01Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.

*    *    *    *

Professor Solove’s LinkedIn Discussion Groups

Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:

Privacy and
Data Security
HIPAA Privacy
and Security
Education Privacy
and Data Security
Image Group LinkedIn Logo Education Privacy 01 Image Group LinkedIn Logo HIPAA 01 Image Group LinkedIn Logo Privacy Security 01

The Most Effective Factor in Education

Daniel Solove
Founder of TeachPrivacy

most effective education blog 1

by Daniel J. Solove

I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.

Simply put, students must care about learning the material. The more they care, the more they learn.

The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.

Continue Reading

Big Data and Our Children’s Future: On Reforming FERPA

Daniel Solove
Founder of TeachPrivacy

Double check

by Daniel J. Solove

Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.

Continue Reading

Why Did inBloom Die? A Hard Lesson About Education Privacy

Daniel Solove
Founder of TeachPrivacy

in bloom blog 1

by Daniel J. Solove

For any organization who doesn’t take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?

Continue Reading

Our Privacy and Data Security Depend Upon Contracts Between Organizations

Daniel Solove
Founder of TeachPrivacy

contracts between organizations blog 1

by Daniel J. Solove

Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in large part through a contract between the organization and the cloud service provider.

In many cases, these contracts fail to contain key protections of data. For example, a study conducted by Fordham School of Law’s Center on Law and Information Policy revealed that contracts between K-12 school districts and cloud service providers lacked essential terms for the protection of student data. I blogged about this study previously here.

Continue Reading

The Battle for Leadership in Education Privacy Law: Will California Seize the Throne?

Daniel Solove
Founder of TeachPrivacy

Blank chalkboard and stack of books

by Daniel J. Solove

This post was co-authored by Professor Paul Schwartz, Berkeley Law School.

Education was one of the first areas where privacy was regulated by a federal statute. Passed in the early 1970s, the Family Educational Rights and Privacy Act (FERPA) was on the frontier of federal privacy regulation. But now it is old and ineffective. With the growing public concern about the privacy of student data, states are starting to rev up their engines and become more involved. The result could be game-changing legislation for the multi-billion dollar education technology industry.

Continue Reading

5 Things School Officials Must Know About Privacy

Daniel Solove
Founder of TeachPrivacy

schools must know blog 1

by Daniel J. Solove

I have produced a new short video for the newly-launched education privacy website of SafeGov. The site is called edu.SafeGov.org, and it contains a wonderful array of resources for parents, school officials, and policymakers regarding education privacy issues.

Continue Reading

The Year in Privacy 2013 and the Year to Come

Daniel Solove
Founder of TeachPrivacy

high-tech technology background with eyes on computer display

by Daniel J. Solove

2013 was a remarkable year in privacy developments. Here are four main trends I saw occurring this year:

1. The heat on the NSA for its broad surveillance programs has been sustained and productive.

The Edward Snowden leaks revealed massive NSA surveillance efforts. What is most interesting in the aftermath of the recent NSA surveillance revelations has been the strong public disapproval of the NSA surveillance and courts finally taking some leadership on the issue, such as one court declaring the surveillance likely unconstitutional. The President’s Review Group on Intelligence and Communications Technologies recommended curbs on the NSA. Congress has yet to show leadership on the issue, which remains disappointing, but we are finally seeing the stirrings of a response and perhaps change. Indeed, 56% of people in a Pew poll “say that federal courts fail to provide adequate limits on the telephone and internet data the government is collecting.”

Moreover, the story regarding NSA surveillance keeps going on. It hasn’t faded. The overall trend is that there is now sustained heat on the NSA and a sustained stirring for changing the law to provide greater oversight and controls on government surveillance.

Continue Reading

Why Schools Are Flunking Privacy and How They Can Improve

Daniel Solove
Founder of TeachPrivacy

pixel cloud network icon computer

by Daniel J. Solove

Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called Privacy and Cloud Computing in Public Schools, and it is well worth a read.

Continue Reading

Privacy and Data Security in Higher Education

Daniel Solove
Founder of TeachPrivacy

Computer work

by Daniel J. Solove

I was recently interviewed in HR Horizons, the magazine of the National Association of College and University Business Officers (NACUBO) on the topic of privacy and data security in higher education. Here are a few excerpts:

What is the difference between data security and data privacy, and what risks do each pose for a college or university?

Data security involves everything you need to know and do to secure the data you have and produce. This includes technical safeguards you should have in place such as firewalls, virus protection, and password controls. It includes processes for monitoring access to data. And it also includes physical controls, such as policies for data destruction like document-shredding programs. Data security officers most often have a technical background and operate from within the IT unit of a university.

Continue Reading

Higher Education Needs Privacy Officers and Privacy/Security Training

Daniel Solove
Founder of TeachPrivacy

Climbing Vines of Ivyby Daniel J. Solove

In 2007, Seung Cho, a student at Virginia Tech, killed 32 students and faculty and wounded 17. He then committed suicide.

One of the most troublesome things about this incident was that it might have been prevented if school officials and employees had a better grasp of privacy law. Appointed by the state governor, the Virginia Tech Review Panel issued an extensive report revealing that several University officials and employees knew about Cho’s mental instability but failed to share what they knew with each other. And nobody ever told Cho’s parents about his problems, his stalking of a female student, and his dark writings and erratic behavior. Cho’s parents said that if they had known, they would have taken him home and made him go to therapy. This is what they did when Cho had problems in high school.

Continue Reading

Educational Institutions and Cloud Computing: A Roadmap of Responsibilities

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

Increasingly, educational institutions and state entities handling student data are hiring outside companies to perform cloud computing functions related to managing personal information.

The benefits of cloud computing are that outside entities might be more sophisticated at managing personal data. These entities may be able to manage data more inexpensively and effectively than the educational institution could do itself. In many cases, cloud computing providers can provide better security than the educational institutions can.

Continue Reading