All posts in Chief Security Officers

Security Professionals in High Demand

Daniel Solove
Founder of TeachPrivacy

CISO Security Professionals Security Training

by Daniel J. Solove

According to a study, the number of cybersecurity job listings increased 74% from 2007 to 2013.  This was more than double the growth rate of IT jobs.

In a survey earlier this year of ISACA members, 86% stated that there is a “global shortage of skilled cybersecurity professionals.”

According to a salary survey, CISO salaries climbed 7.1% in the past year, from a range of between about $126,000 – $190,000 to a range between $134,000 – $205,000.

Chart CISO Salaries 01

Continue Reading

Cybersecurity in the Boardroom

Daniel Solove
Founder of TeachPrivacy

??????????

by Daniel J. Solove

A few days ago, I posted about how boards of directors must grapple with privacy and cybersecurity.   Today, I came across a survey by NYSE Governance Services and Vericode of 200 directors in various industries.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets.

Plague 01

Continue Reading

Law Firm Cyber Security and Privacy Risks

Daniel Solove
Founder of TeachPrivacy

Title image

By Daniel J. Solove

Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.

This is not time for firms to keep calm and carry on. The proper response is to freak out.

Continue Reading

Burn Before You Learn or Learn Rather than Burn

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

It seems as though every week brings news of another batch of data breaches . . . and they’re getting bigger. Target. Home Depot. Sony. Anthem. The list goes on and on.

The costs of many of these breaches are devastatingly large. And yet most data breaches are readily preventable. After reviewing more than 1,000 data breaches from 2014, the Online Trust Alliance (OTA) found that more than 90% of them could have been avoided.

Continue Reading

Facebook Privacy Sherpas, the Internet of Things, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

p+s update image

By Daniel J. Solove and Paul M. Schwartz

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading

Why the Anthem Data Breach Is Needlessly Harmful

Daniel Solove
Founder of TeachPrivacy

Title image

By Daniel J. Solove

Recently, Anthem, one of the largest health insurance providers, suffered a massive data breach involving personal data on up to 80 million people. According to Anthem, the data breached includes “names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.”

Continue Reading

How to Enter the Privacy Profession

Daniel Solove
Founder of TeachPrivacy

privacy profession

by Daniel J. Solove

The privacy profession is growing by leaps and bounds, but entering it is tricky. My law students and others frequently ask me how they can enter the privacy field. Most jobs seem to require a few years of experience, but the privacy profession is still relatively new, and getting this experience can be difficult because there are not many clear paths to entry.

Once in the field, the demand is high for privacy professionals with experience. But there is a bottleneck in getting into the club. I have written about this problem in a previous blog post.

Continue Reading

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

Daniel Solove
Founder of TeachPrivacy

 

c suite blog 1

by Daniel J. Solove

As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme:

The C-Suite must care

The workforce must be aware

In this post, I want to focus on the “C-Suite” – a term used for the upper management of an organization, its top officers.

The C-Suite must care about data security.

But far too often, the C-Suite doesn’t fully appreciate the risks and could use a better understanding of the law.

Continue Reading

Follow Professor Solove on Social Media

Daniel Solove
Founder of TeachPrivacy

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:

Professor Solove’s LinkedIn Influencer blog

LinkedIn Influencer 02 You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has more than 600,000 followers.

LinkedIn Influencer 01

*    *    *    *

Professor Solove’s Twitter Feed

Twitter 01Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.

*    *    *    *

Professor Solove’s Newsletter

Newsletter 01Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.

*    *    *    *

Professor Solove’s LinkedIn Discussion Groups

Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:

Privacy and
Data Security
HIPAA Privacy
and Security
Education Privacy
and Data Security
Image Group LinkedIn Logo Education Privacy 01 Image Group LinkedIn Logo HIPAA 01 Image Group LinkedIn Logo Privacy Security 01

Big Data and Our Children’s Future: On Reforming FERPA

Daniel Solove
Founder of TeachPrivacy

Double check

by Daniel J. Solove

Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.

Continue Reading

Waking Up the C-Suite to Privacy and Security Risks

Daniel Solove
Founder of TeachPrivacy

waking up the c suite

by Daniel J. Solove

I was recently interviewed in the Journal of AHIMA on how the C-suite is waking up to the new realities of privacy and data security risks. Before the HITECH Act in 2009, HIPAA enforcement was based on a cooperative model where HHS was not punitive in its approach. Now, big fines are being issued. There is auditing. The climate has changed.

Privacy and security risks are quite costly. This is true not just under HIPAA, but also as a general matter. At many organizations, the C-Suite doesn’t fully appreciate the magnitude of the risk. Back about 10 years ago, for many organizations, privacy and security risks were barely on the radar. Now they are recognized for many organizations, but the significance of the risk is often not fully understood or appreciated.

Continue Reading

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

In the April issue of the Journal of AHIMA, I authored two short pieces about HIPAA:

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)

HIPAA Mighty and Flawed: Regulation has Wide-Reaching Impact on the Healthcare
Industry
84 Journal of AHIMA 30 (April 2013)

The first piece provides an overview of HIPAA and its evolution. The second involves an analysis of HIPAA’s strengths and weaknesses. Overall, I find HIPAA to be one of the most effective privacy regulatory regimes.  HIPAA is very effective in large part because it requires privacy and security officials who have responsibility over these issues.  These officials develop policies and procedures, perform assessments, and provide HIPAA training to employees, among other things. Privacy laws are not self-executing, and enforcement agencies have limited enforcement resources. The effectiveness of the law depends upon each organization taking compliance seriously, and this starts with a governance structure, awareness training, and things that create a culture of compliance.  Many other privacy laws don’t realize this, and fail to include the robust governance components of HIPAA.

The entire issue is here. Copyright belongs to Journal of AHIMA.

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics.  

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter

Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security