OPM Data Breach Fallout, Fingerprints, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

OPM Fallout

By Daniel J. Solove

Co-authored by Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post.

general devels

News

Mayer Brown survey of executives: 25% of organizations lack both a CPO and CIO (March 2015)

stats

Continue Reading

Security Experts Critique Government Backdoor Access to Encrypted Data

Daniel Solove
Founder of TeachPrivacy

Data Ballby Daniel J. Solove

In a recent report, MIT security experts critiqued calls by government law enforcement for backdoor access to encrypted information.  As the experts aptly stated:

“Political and law enforcement leaders in the United States and the United Kingdom have called for Internet systems to be redesigned to ensure government access to information — even encrypted information. They argue that the growing use of encryption will neutralize their investigative capabilities. They propose that data storage and communications systems must be designed for exceptional access by law enforcement agencies. These proposals are unworkable in practice, raise enormous legal and ethical questions, and would undo progress on security at a time when Internet vulnerabilities are causing extreme economic harm.”

The report is called Keys Under Doormats: Mandating Insecurity by Requiring Government Access to all Data and Communications and is by Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, and Daniel J. Weitzner.

Continue Reading

Mr. Robot: My Review of the New TV Series

Daniel Solove
Founder of TeachPrivacy

Mr Robot 01by Daniel J. Solove

I’ve really been enjoying the new TV series Mr. Robot on USA. Network.  It presents highly-engaging depictions of hacking and social engineering, and it is great entertainment for privacy and security  geeks.

Mr Robot 05aThe protagonist is Elliot Alderson (played by Rami Malek), a tech who works at a cybersecurity firm in New York City.  The show is narrated with voiceover by Elliot, and we get a glimpse into the mind of this reclusive and quiet person.  Voiceover can often falter as a technique, but here it works wonderfully — and all the more impressive because Elliot speaks softly, often in monotone.  But Elliot is such a fascinating character and Malek delivers Elliot’s monologue so effectively, that it becomes surprisingly engaging.

Elliot is very smart and clever, and he sees many around him as idiots.  He suffers from severe bouts of depression, is a recluse who wants to be invisible, and he is very awkward around other people.  He lives most of his life inside his head.  The show presents the stark contrast between what he says to others and what he is thinking.  In one scene, we see him speaking to his psychiatrist, telling her hardly anything.  But we hear his thoughts and know that he is pondering quite a lot.
Continue Reading

Going Bankrupt with Your Personal Data

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

A recent New York Times article discusses the issue of what happens to your personal data when companies go bankrupt or are sold to other companies:

When sites and apps get acquired or go bankrupt, the consumer data they have amassed may be among the companies’ most valuable assets. And that has created an incentive for some online services to collect vast databases on people without giving them the power to decide which companies, or industries, may end up with their information.

This has long been a problem, and I’m glad to see it receiving some attention.  The issue arose in one of the early FTC cases on privacy about 15 years ago.

Continue Reading

Security Professionals in High Demand

Daniel Solove
Founder of TeachPrivacy

CISO Security Professionals Security Training

by Daniel J. Solove

According to a study, the number of cybersecurity job listings increased 74% from 2007 to 2013.  This was more than double the growth rate of IT jobs.

In a survey earlier this year of ISACA members, 86% stated that there is a “global shortage of skilled cybersecurity professionals.”

According to a salary survey, CISO salaries climbed 7.1% in the past year, from a range of between about $126,000 – $190,000 to a range between $134,000 – $205,000.

Chart CISO Salaries 01

Continue Reading

New Resource Page: HIPAA Training Requirements FAQ

Daniel Solove
Founder of TeachPrivacy

HIPAA Training Requirements Whiteboard 02

by Daniel J. Solove

I recently created a new resource page for the TeachPrivacy website: HIPAA Training Requirements: FAQ.

Continue Reading

What Is Privacy?

Daniel Solove
Founder of TeachPrivacy

Finger Print Iris Scan

By Daniel J. Solove

What is privacy? This is a central question to answer, because a conception of privacy underpins every attempt to address it and protect it.  Every court that holds that something is or isn’t privacy is basing its decision on a conception of privacy — often unstated.  Privacy laws are also based on a conception of privacy, which informs what things the laws protect.  Decisions involving privacy by design also involve a conception of privacy.  When privacy is “baked into” products and services, there must be some understanding of what is being baked in.

Far too often, conceptions of privacy are too narrow, focusing on keeping secrets or avoiding disclosure of personal data.  Privacy is much more than these things.  Overly narrow conceptions of privacy lead to courts concluding that there is no privacy violation when something doesn’t fit the narrow conception.   Narrow or incomplete conceptions of privacy lead to laws that fail to address key problems.  Privacy by design can involve throwing in a few things and calling it “privacy,” but this is like cooking a dish that requires 20 ingredients but only including 5 of them.

It is thus imperative to think through what privacy is.  If you have an overly narrow or incomplete conception of privacy, you’re not going to be able to effectively identify privacy risks or protect privacy.

In my work, I have attempted to develop a practical and useable conception of privacy.  In what follows, I will briefly describe what I have developed.

Continue Reading

Baseball’s “Hacking” Case: Are You a Hacker Too?

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

 

I’m a St. Louis Cardinals fan, so I guess it is fitting that my favorite team becomes embroiled in a big privacy and data security incident.  At the outset, apologies for the feature photo above.  It pulled up under a search for “baseball hacker,” and as a collector of ridiculous hacker stock photos, I couldn’t resist adding this one to my collection.  I doctored it up by adding in the background, but I applaud the prophetic powers of the photographer who had a vision that one day such an image would be needed.

Continue Reading

Cybersecurity: Leviathan vs. Low-Hanging Fruit

Daniel Solove
Founder of TeachPrivacy

Data Security Training Low-Hanging Fruit

by Daniel J. Solove

There are certainly many hackers with sophisticated technical skills and potent malicious technologies.  These threats can seem akin to Leviathan — all powerful and insurmountable.

Leviathan 01

It can be easy to get caught up focusing on the Leviathan and miss the low-hanging fruit of cybersecurity.  This low-hanging fruit consists of rather simple and easy-to-fix vulnerabilities and bad practices.

Continue Reading

The Importance and Goals of HIPAA Training Programs

Founder of TeachPrivacy

HIPAA Training

by Daniel J. Solove

There is a great quote in this article from HealthcareInfoSecurity: that expresses very well the importance and goals of HIPAA training programs:

Workforce training is important not only for preventing breaches, including those involving ID crimes, but also to help detect those incidents, [Ann Patterson of the Medical Identity Fraud Alliance] says. “Each employee must understand their role in protecting PHI. Equally important is regular and continued evaluation of the training programs to make sure that employees are adhering to the policies put in place, and that the ‘red flags’ detection systems are keeping pace with changing technologies and workplace practices.”

Continue Reading

The OPM Data Breach: Harm Without End?

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, this is not nearly enough:

If the data is in the hands of traditional cyber criminals, the 18-month window of protection may not be enough to protect workers from harm down the line. “The data is sold off, and it could be a while before it’s used,” said Michael Sussmann, a partner in the privacy and data security practice at law firm Perkins Coie. “There’s often a very big delay before having a loss.”

Continue Reading

Use of Encryption Is Increasing — Albeit Slowly

Daniel Solove
Founder of TeachPrivacy

old metal numbers

by Daniel J. Solove

According to a survey commissioned by Thales e-Security, the use of encryption by organizations is increasing.  Ten years ago, only 15% had an enterprise-wide encryption strategy. Now, 36% have such a strategy.

Chart Encryption Increase 01 Some other interesting findings from the survey also found, according to a ZDNet article:

Continue Reading

New Resource Page: Text of HIPAA’s Training Requirements

Daniel Solove
Founder of TeachPrivacy

HIPAA Training Requirements Text 01

by Daniel J. Solove

I recently created a new resource page for the TeachPrivacy website: Text of HIPAA’s Training Requirements.  This page provides excerpts of the training provisions in the HIPAA Privacy Rule and the HIPAA Security Rule.

This page is designed to be a useful companion page to our resource page, HIPAA Training Requirements: FAQ.  The FAQ discuss my interpretation of the HIPAA training provisions, but the full text of those provisions is located on the separate new resource page above.

Continue Reading

Cybersecurity in the Boardroom

Daniel Solove
Founder of TeachPrivacy

??????????

by Daniel J. Solove

A few days ago, I posted about how boards of directors must grapple with privacy and cybersecurity.   Today, I came across a survey by NYSE Governance Services and Vericode of 200 directors in various industries.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets.

Plague 01

Continue Reading

Boards of Directors Must Grapple with Privacy and Cybersecurity

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

Privacy and cybersecurity have become issues that should be addressed at the board level. No longer minor risks, privacy and cybersecurity have become existential issues. The costs and reputational harm of privacy and security incidents can be devastating.

Yet not enough boards are adequately engaged with these issues. According to a survey last year, 58% of members of boards of directors believed that they should be actively involved in cyber security. But only 14% of them stated that they were actively involved.

Continue Reading

New Resource Page: Privacy and Security Training Requirements

Daniel Solove
Founder of TeachPrivacy

Privacy and Security Training Requirements 02

by Daniel J. Solove

I have created a new resource page for the TeachPrivacy website:  Privacy and Security Training Requirements.

Continue Reading

Green Eggs and Ham: How Not to Market and Invade Privacy

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

Dr. Seuss’s Green Eggs and Ham is a timeless classic that is read to millions of children. At first the simple rhymes and cute drawings are alluring. But parents will soon discover the book’s terrifying equation: The tiresome repetition of the book multiplied by the number of times a child will want the book read. The result is mind-numbing and will make parents curse the day they decided to make the book part of their child’s library.

Continue Reading

Health Data Security in Crisis, Phase 2 Audits, and Other HIPAA Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

Co-authored with Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. We have split the health/HIPAA material from our updates on other topics. To see our updates for other topics, click here.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading

The Terrifying Math of Phishing

Daniel Solove
Founder of TeachPrivacy

Fish 1210-1242156850ss7a pub domain pictures

by Daniel J. Solove

Although we are seeing increasingly more sophisticated attempts at phishing, it appears as though many phishers still haven’t been able to get their hands on a program with spell check.  Why are we still seeing the $10 million lottery winning emails?  Or the long lost relative of yours living in Fiji who is leaving you $4 million?

A recent article explains that for the phishers, it is all a numbers game:

“So, if 97 per cent of phishing attempts are unsuccessful, why is it such a large issue? Because there are 156 million phishing emails sent worldwide daily. . . . Of the 156 million phishing emails sent daily, 16 million get through filters. Another eight million are opened by recipients. 800,000 click on the link provided, and 80,000 provide the information requested.”

Continue Reading

Myths About Privacy Law and the First Amendment

Daniel Solove
Founder of TeachPrivacy

Privacy and First Amendment 01

by Daniel J. Solove

In Sorrell vs. IMS Health, 131 S. Ct. 2653 (2011), the Supreme Court struck down Vermont’s Prescription Confidentiality Law as a violation of the First Amendment right to free speech. The Vermont law restricted the sale and marketing use of information that would identify prescribers without their consent. The Supreme Court reasoned that the Vermont law “enacts content- and speaker-based restrictions on the sale, disclosure, and use of prescriber-identifying information.” According to the Court, the statute made content-based restrictions because it singled out marketing, and the statute made speaker-based restrictions because it focused on pharmaceutical manufacturers. The Court stated: “The law on its face burdens disfavored speech by disfavored speakers.”

Continue Reading

Chart of the Largest Data Breaches in the World

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

Over at the website, Information Is Beautiful, is this amazing chart of the biggest data breaches in the world

Who knew data breaches could be so beautiful?  For those who have suffered from their data being lost in a data breach to those who have suffered because they had to clean up after a data breach, there is a larger meaning to all your pain — it was for art!

This chart is so cool that it would almost be worth all the pain.

Data Breaches Security Training 02 Continue Reading

Troublesome Password Practices and the Need for Data Security Training

Daniel Solove
Founder of TeachPrivacy

login  password on lcd screen macro

By Daniel J. Solove

A recent study by TeleSign revealed that many people engage in some troublesome password practices. Some of the most alarming findings from the report include:

— 73% of accounts use duplicate passwords.

— Nearly half of consumers have a password they haven’t changed in 5+ years

— “Consumers have an average of 24 online accounts, but use only 6 unique passwords.”

— “Only 30 percent of consumers are confident that their passwords will protect the security of their online accounts.”

These findings demonstrate why better authentication is needed. Enforcing good password practices is tremendously difficult. People have so many passwords that they must memorize, and if they must be long and complex, this compounds the challenge.  Alternative means of authentication — such as two-factor authentication — should be explored, as they can be affordable and efficient.

Continue Reading

5 Great Novels About Privacy and Security

Daniel Solove
Founder of TeachPrivacy

title

I am a lover of literature (I teach a class in law and literature), and I also love privacy and security, so I thought I’d list some of my favorite novels about privacy and security.

I’m also trying to compile a more comprehensive list of literary works about privacy and security, and I welcome your suggestions.

Continue Reading

Big Data, Big Data Breaches, Big Fines and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove
Co-authored by Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. This post includes developments from the first part of 2015. For a PDF version of this post, and for archived issues of previous posts, click here.

NOTE: Health privacy and security issues will now be covered in a separate update post. 

Continue Reading

If the Empire in Star Wars Had Big Data

Daniel Solove
Founder of TeachPrivacy

Star Wars Privacy and Security Awareness Darth Vader

. . . the Empire would have won. A search of records would have revealed where Luke Skywalker was living on Tatooine.  A more efficient collection and aggregation of Jawa records would have located the droids immediately.  Simple data analysis would have revealed that Ben Kenobi was really Obi Wan Kenobi. A search of birth records would have revealed that Princess Leia was Luke’s sister. Had the Empire had anything like the NSA, it would have had all the data it needed, and it could have swept up the droids and everyone else, and that would have been that.

There is an important lesson to be learned from Star Wars: If you are trying to establish and maintain a ruthless Empire, you can greatly benefit from better data aggregation and analysis.

Continue Reading

Law Firm Cyber Security and Privacy Risks

Daniel Solove
Founder of TeachPrivacy

Title image

By Daniel J. Solove

Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be catastrophic. On a scale of 1 to 10, the risks law firms are facing are an 11.

This is not time for firms to keep calm and carry on. The proper response is to freak out.

Continue Reading

Why We Should Persuade and Train with Stories

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

 

Once upon a time, there was a teacher who wanted to train people. At first, the teacher stated a list of things to do and not do. But this had little effect. The teacher was upset and started to doubt whether he could ever get through to people. But then the teacher tried a new approach – using stories. People remembered the stories, and the training started to change people’s behavior. And the teacher and everyone he taught lived happily ever after.

Continue Reading

Privacy Law: From a National Dish to a Global Stew

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove
This post is co-authored by Professor Neil Richards

The recent case of Google v. Vidal-Hall in the UK has generated quite a buzz, with Omer Tene calling it the “European privacy judicial decision of a decade.”

The case illustrates several fascinating aspects of the developing global law of privacy, with big implications for online marketing, Big Data, and the Internet of Things.

At first blush, it is easy to see the case as one more divergence between how privacy is protected in the EU and US, with a European Court once again showing how much eager it is to protect privacy than an American one. But the biggest takeaway from the case is not one of divergence; it is one of convergence!

Continue Reading

The Health Data Breach and ID Theft Epidemic

Daniel Solove
Founder of TeachPrivacy

Title image

By Daniel J. Solove

When you go to the hospital, you might worry about catching a staph infection or pneumonia, but you should also worry about contracting a nasty case of medical identity theft. Most people suffer significant harm from medical ID theft, and few are completely cured. This ailment is spreading dramatically as data spurts out of healthcare organizations these days as if from a ruptured aorta.

In January of this year, an article citing U.S. Department of Health and Human Services (HHS) statistics noted that in the past 5 years, there have been roughly 120,000 reported data breaches involving HIPAA protected health information. These breaches have involved more than 31 million individuals.

Continue Reading

Does Scholarship Really Have an Impact? The Article that Revolutionized Privacy Law

Daniel Solove
Founder of TeachPrivacy

Title image

 

By Daniel J. Solove

Does scholarship really have an impact? For a long time, naysayers have attacked scholarship, especially scholarship about law. U.S. Supreme Court Chief Justice Roberts once remarked: “Pick up a copy of any law review that you see, and the first article is likely to be, you know, the influence of Immanuel Kant on evidentiary approaches in 18th Century Bulgaria, or something.” He noted that when the academy addresses legal issues at “a particularly abstract, philosophical level . . . they shouldn’t expect that it would be of any particular help or even interest to the members of the practice of the bar or judges.” Judge Harry Edwards also has attacked legal scholarship as largely irrelevant.

Continue Reading

Surveillance Law in Dire Need of Reform: The Promise of the LEADS Act

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

The law regulating government surveillance and information gathering is in dire need of reform. This law, which consists of the Fourth Amendment and several statutes, was created largely in the 1970s and 1980s and has become woefully outdated. The result is that law enforcement officials and intelligence agencies can readily find ways to sidestep oversight and protections when engaging in surveillance and data collection.

Continue Reading

Burn Before You Learn or Learn Rather than Burn

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

It seems as though every week brings news of another batch of data breaches . . . and they’re getting bigger. Target. Home Depot. Sony. Anthem. The list goes on and on.

The costs of many of these breaches are devastatingly large. And yet most data breaches are readily preventable. After reviewing more than 1,000 data breaches from 2014, the Online Trust Alliance (OTA) found that more than 90% of them could have been avoided.

Continue Reading

Facebook Privacy Sherpas, the Internet of Things, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

p+s update image

By Daniel J. Solove and Paul M. Schwartz

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading

Why the Anthem Data Breach Is Needlessly Harmful

Daniel Solove
Founder of TeachPrivacy

Title image

By Daniel J. Solove

Recently, Anthem, one of the largest health insurance providers, suffered a massive data breach involving personal data on up to 80 million people. According to Anthem, the data breached includes “names, dates of birth, member ID/ social security numbers, addresses, phone numbers, email addresses and employment information.”

Continue Reading

The Funniest Hacker Stock Photos

Daniel Solove
Founder of TeachPrivacy

stock photos

By Daniel J. Solove

 

I produce computer-based privacy and data security training, so I’m often in the hunt for stock photos. One of the hardest things in the world to do is to find a stock photo of a hacker that doesn’t look absolutely ridiculous.

I’ve gone through hundreds of hacker stock photos, and I’ve discovered some that are so absurdly funny that they are true classics and deserve to be celebrated in a hall of fame. So I bought some of these gems to share them with you — because if there’s any sense of justice in the universe, when so much thought, creativity, and effort goes into a stock photo, it deserves to be sold.

Continue Reading

The Worst Password Ever Created

Daniel Solove
Founder of TeachPrivacy

worst password ever created

by Daniel J. Solove

People create some very bad passwords. In the list of the most popular passwords of 2014, all of them are terrible. Just look at the top 10:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. Qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football

Continue Reading

Drones, Data Breaches, Cramming, and Other Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

drones and data breaches

by Daniel J. Solove

This post is co-authored with Professor Paul M. Schwartz.

This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here.

We became quite busy after the last update, so we’re a bit backlogged. We are catching up on developments late last year and we have a lot of material. We will release the next issue soon, as there is too much material to fit into this issue.

For a PDF version of this post, click here.

Continue Reading

The Undying Death of Privacy

Daniel Solove
Founder of TeachPrivacy

will privacy ever stop dyingby Daniel J. Solove

“Reports of my death have been greatly exaggerated.”
— Privacy

I am growing weary of hearing news of the end of privacy or the death of privacy. Like news of the apocalypse, it seems as though declarations of the looming end of privacy are endless.

Continue Reading

Why All Law Schools Should Teach Privacy Law — and Why Many Don’t

Daniel Solove
Founder of TeachPrivacy

why law schools should teach privacy

by Daniel J. Solove

Since 2000, I have taught a law school course in information privacy law. When I started teaching, I could count the number of law schools that had such a course on one hand.

Today, by my rough estimate, I believe that the course is offered in about 40-50 law schools.

Continue Reading

Notable Privacy and Security Books in 2014

Daniel Solove
Founder of TeachPrivacy

notable privacy books 2014

by Daniel J. Solove

There were quite a number of books published about privacy and security issues last year, and I would like to highlight a few notable ones. A few books came out in late 2014 and have an early 2015 publication date. I’m including them here. The books are in no particular order.

Continue Reading

The Sony Data Breach: 3 Painful Lessons

Daniel Solove
Founder of TeachPrivacy

 

sony blog 1

by Daniel J. Solove

The Sony data breach is an exclamation mark on a year that is already known as the” Year of the Data Breach.” This data breach is the kind that makes even the least squeamish avert their eyes and wince. There are at least three things that this breach can teach us:

Continue Reading

Privacy and Security Developments 2014 Issue 1

Daniel Solove
Founder of TeachPrivacy

privacy and security update

by Daniel J. Solove

Issue 2014 No. 1

This post is co-authored with Professor Paul M. Schwartz.

We spend a lot of time staying up to date so we can update our casebooks and reference books, so we thought we would share with you some of the interesting news and resources we’re finding. We plan to post a series of posts like this one throughout the year.

For a PDF version of this post, click here.

Continue Reading

The $500,000 Value of Data Security Awareness Training

Daniel Solove
Founder of TeachPrivacy

data security awareness training

by Daniel J. Solove

It has long been difficult to quantify the ROI of data security awareness training.

But finally, I have been able to locate a number. According to a 2014 PricewaterhouseCoopers study: “The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs—in particular, training for new employees—report significantly higher average financial losses from cybersecurity incidents. Companies without security training for new hires reported average annual financial losses of $683,000, while those do have training said their average financial losses totaled $162,000.”

Continue Reading

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

Daniel Solove
Founder of TeachPrivacy

hipaa lawsuits 1

by Daniel J. Solove

At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with a way to sue when their rights under these laws are violated. Instead, these laws are enforced by agencies.

Continue Reading

Should Celebrities Have Privacy? A Response to Jennifer Lawrence

Daniel Solove
Founder of TeachPrivacy

celebrities

by Daniel J. Solove

In a recent AP story, actress Jennifer Lawrence had some rather extensive and passionate quotes about her loss of privacy. Not too long ago, Lawrence’s nude photos were stolen and leaked on the Internet by a hacker who hacked into her iCloud account. In her comments for the AP story, she lamented how much paparazzi were harassing her: “I knew the paparazzi were going to be a reality in my life. . . . But I didn’t know that I would feel anxiety every time I open my front door, or that being chased by 10 men you don’t know, or being surrounded, feels invasive and makes me feel scared and gets my adrenaline going every day.”

Continue Reading

People Care About Privacy Despite Their Behavior

Daniel Solove
Founder of TeachPrivacy

people care about privacy

by Daniel J. Solove

It is often said that people don’t care much about privacy these days given how much information they expose about themselves. But survey after survey emphatically concludes that people really do care about privacy.

Continue Reading