All posts tagged privacy training

Privacy Training for Data Privacy Day

Daniel Solove
Founder of TeachPrivacy

Data Prviacy Data Privacy Awareness Training Courses 01

Data Privacy Day Logo 01

For Data Privacy Day this year, I’m happy to make available for the day two new short privacy training programs I created in collaboration with Intel.  Ordinarily, I require a login to view my training programs, but for this day, I have put them outside the wall for anyone to see.  So click on the programs below to watch them — I’ll keep them up through the weekend.  Then, they’ll go behind the wall, so you’ll need to request an evaluation login to see them afterwards.

NOTE: These programs are now no longer publicly available.  To see them, please contact us.

The first program is a short 2-minute awareness video about Data Retention.

The second program is an 8.5 minute program called Defining Personal Information.  It seeks to explain how to identify personal information, which is a tricky issue because what counts as personal information is not static and is contextual and contingent in some cases.

These programs were created for Intel with their collaboration.  Intel graciously allowed me to add generic versions of these programs to my training course library.   And in support of Data Privacy Day, Intel was encouraging of my making them publicly available.

I. Data Retention

Privacy Awareness Training Module - Data Retention

II. Defining Personal Information

Privacy Awareness Training Module - Defining Personal Information

Continue Reading

GDPR Cartoon: Taking Privacy Seriously

Daniel Solove
Founder of TeachPrivacy

cartoon-gdpr-training-privacy-shield-training-02

I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy.  More work gets thrown onto the shoulders of under-resourced privacy departments.

It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization.  Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018.  It’s never too early for organizations to start preparing.  GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases.  For more information, see the FAQ page I created about the GDPR and privacy awareness training.

Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take.  Privacy office budgets and sizes should be going up by a lot these days.

Continue Reading

Privacy Shield Training

Daniel Solove
Founder of TeachPrivacy

Privacy Shield Training Course

I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework.  Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US.  Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in the case of Schrems v. Data Protection Commissioner.

Continue Reading

When Is a Person Harmed by a Privacy Violation? Thoughts on Spokeo v. Robins

Daniel Solove
Founder of TeachPrivacy

privacy

When is a person harmed by a privacy violation?

The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins.  

Spokeo Logo

Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile.  Spokeo’s profiles are used by potential employers and others to search for data about people.  FCRA requires that information in profiles for these purposes be accurate, and it allows people to sue if information is not.

 

Continue Reading

6 Reasons to Visit the TeachPrivacy Booth at the IAPP Summit 2016

Daniel Solove
Founder of TeachPrivacy

TeachPrivacy privacy and security awareness training 03 IAPP

Please stop by the TeachPrivacy booth at the expo at the IAPP Summit.

 

1. Play our new game. 

See if you can spot all the privacy and data security risks in this scene.  Pick up a copy of the scene, see our poster, and try out our interactive module.

Continue Reading

The Solution to All Privacy and Data Security Problems Worldwide

Daniel Solove
Founder of TeachPrivacy

Solution to Privacy and Security Problems 02
After years of careful study and extensive analysis, I have arrived at a solution to all the privacy and data security problems worldwide. Although I’ve been advised that I shouldn’t give away such a perfect solution to such a vexing problem for free, my drive to altruism is simply too strong.

Without further ado . . .

Read the Solution to All Privacy and Data Security Problems Worldwide

Don’t collect personal data.

Further Elaboration

April Fool’s!

There is another solution — not quite a miracle cure all, but definitely very helpful — privacy and cybersecurity training!  And that’s no joke.

With Professor Woodrow Hartzog, I have also solved the challenge of legal compliance more generally: The Ultimate Unifying Approach to Complying with All Laws and Regulations, 19 Green Bag 2d 223 (2016).

Continue Reading

The Triumph of the Privacy Profession: An Interview with Bamberger and Mulligan

Daniel Solove
Founder of TeachPrivacy

Woman in space

The past 20 years have seen the remarkable emergence of the privacy profession. Starting from nothing, this profession originally included a handful of people called Chief Privacy Officers (CPOs). Nobody grew up saying they wanted to be a CPO. Nobody knew what CPOs did.

Continue Reading

Without Scalia, Will There Be a 4th Amendment Revolution?

Daniel Solove
Founder of TeachPrivacy

title image

The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases.  One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering.  A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.

Continue Reading

A New US-EU Safe Harbor Agreement Has Been Reached

Daniel Solove
Founder of TeachPrivacy

EU-US Privacy Shield Safe Harbor Training

Last year, the death of the US-EU Safe Harbor Arrangement sent waves of shock and despair to the approximately 4500 companies that used this mechanism to transfer personal data from the US to the EU.  But a new day has dawned.

Continue Reading

New Privacy and Security Awareness Training Programs

Daniel Solove
Founder of TeachPrivacy

security awareness training

I created some new training programs last year, and here are some of the highlights:

Security Training Malware -- Ransomware Attack

The Ransomware Attack (~5 mins)

This short program (~5 minutes) consists of an interactive cartoon vignette about malware.  The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches apply broadly to all malware.  The program focuses on how to avoid having malware installed on one’s computer and what to do (and not to do) if this ever happens.

Module Lifecycle of Personal Data 01

The Life Cycle of Personal Data (~ 15 mins)

This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data.  The course has 8 quiz questions. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.

Continue Reading

Blogging Highlights 2015: Privacy Issues

Daniel Solove
Founder of TeachPrivacy

Privacy Training

I’ve been going through my blog posts from 2015 to find the ones I most want to highlight.  Here are some selected posts on privacy issues:

I. PHILOSOPHICAL

Privacy by Design:
4 Key Points

title image

What Is Privacy?

Solove Taxonomy of Privacy

II. PRIVACY LAW

Why All Law Schools Should Teach Privacy Law
— and Why Many Don’t

why law schools should teach privacy

Continue Reading

10 Implications of the New EU General Data Protection Regulation (GDPR)

Daniel Solove
Founder of TeachPrivacy

EU GDPR Training General Data Protection Regulation

EU Flag EU Privacy TrainingLast week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries.  Clocking in at more than 200 pages, this is quite a document to digest.  According to the European Commission press release: “The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.”

The GDPR has been many years in the making, and it will have an enormous impact on the transfer of data between the US and EU, especially in light of the invalidation of the Safe Harbor Arrangement earlier this year.  It will has substantial implications for any global company doing business in the EU.  The GDPR is anticipated to go into effect in 2017.

Here are some of the implications I see emerging from the GDPR as well as some questions for the future:

1. Penalties and Enforcement

Under Article 79, violations of certain provisions will carry a penalty of “up to 2% of total worldwide annual turnover of the preceding financial year.”  Violations of other provisions will carry a penalty of “up to 4% of total worldwide annual turnover of the preceding financial year.”  The 4% penalty applies to “basic principles for processing, including conditionals for consent,” as well as “data subjects’ rights” and “transfers of personal data to a recipient in a third country or an international organisation.”

These are huge penalties.  Such penalties will definitely be a wake-up call for top management at companies to pay more attention to privacy and to provide more resources to the Chief Privacy Officer (CPO).  Now we can finally imagine the CEO at a meeting, with her secretary rushing over to her and whispering in her ear that the CPO is calling.  The CEO will stand up immediately and say: “Excuse me, but I must take this call.  It’s my CPO calling!”

EU Privacy Training Money

To date, EU enforcement of its privacy laws has been spotty and anemic, so much so that many characterize it as barely existent.  Will the new GDPR change enforcement?  With such huge fines, the payoff for enforcement will be enormous.  We could see a new enforcement culture emerge, with more robust and consistent enforcement.  If privacy isn’t much of a priority of upper management at some global companies, it will be soon.

Continue Reading

Big Brother on the Cover: 50+ Covers for George Orwell’s 1984

Daniel Solove
Founder of TeachPrivacy

Privacy Training Blog Big Brother Is Watching You Poster

by Daniel J. Solove

Privacy Training Blog George Orwell

George Orwell

One of the most well-known classic privacy books is George Orwell’s 1984, and it has been published in countless editions around the world.  I enjoy collecting things, and I’ve gathered up more than 50 book covers of various editions of the novel.  I find it interesting how various artists and designers try to capture the novel’s themes.  I thought I’d share the covers with you.

Orwell’s 1984 chronicles a harrowing totalitarian society, one that engages in massive surveillance of its citizenry.  Everywhere are posters that say “NSA Big Brother Is Watching You.”   From the novel:

Continue Reading

Understanding the FTC on Privacy and Security

Daniel Solove
Founder of TeachPrivacy

Privacy Training Blog FTC

by Daniel J. Solove

Privacy Awareness Training Blog TRUSTe FTC WebinarI recently held a webinar about the Federal Trade Commission (FTC) for TRUSTe called Understanding the FTC on Privacy and Security.   The webinar is free and is archived at TRUSTe’s site.

Here is a brief synopsis of the webinar:

For the past nearly two decades, the FTC has risen to become the leading federal agency that regulates privacy and data security. In this webinar, Professor Daniel J. Solove will discuss how the Federal Trade Commission (FTC) is enforcing privacy and data security.  What are the standards that the FTC is developing for privacy and data security?  What sources does the FTC use for the standards it develops?

A common misconception is that the FTC’s jurisprudence has been rather thin, merely focuses on enforcing promises made in privacy policies. To the contrary, a deeper look the FTC’s jurisprudence demonstrates that it is quite thick and has extended far beyond policing promises. The FTC has codified certain norms and best practices and has developed some baseline privacy and security protections. The FTC has laid the foundation for an even more robust law of privacy and data security. Professor Solove will discuss some of the potential ways this body of regulation could develop in the future.

My webinar was written up at the Wall Street Journal.  If you’re interested in seeing it, it’s free and available here.   Below is some background about the FTC as well as some of my writings about the FTC that may be of interest if you want a deeper dive.

Continue Reading

Baseball’s “Hacking” Case: Are You a Hacker Too?

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

 

I’m a St. Louis Cardinals fan, so I guess it is fitting that my favorite team becomes embroiled in a big privacy and data security incident.  At the outset, apologies for the feature photo above.  It pulled up under a search for “baseball hacker,” and as a collector of ridiculous hacker stock photos, I couldn’t resist adding this one to my collection.  I doctored it up by adding in the background, but I applaud the prophetic powers of the photographer who had a vision that one day such an image would be needed.

Continue Reading

Does Training Really Work? Can It Reduce Data Security Breaches?

Daniel Solove
Founder of TeachPrivacy

does training work 1

by Daniel J. Solove

According to a recent report by Enterprise Management Associates, 56% of employees are not receiving any sort of data security awareness training.

This is a rather distressing statistic. It is particularly distressing because according to another study, “when specific employee behaviors are addressed in a meaningful way to bring about a security-aware culture, the incidence and cost of non-compliance plummets.”

Continue Reading

Follow Professor Solove on Social Media

Daniel Solove
Founder of TeachPrivacy

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:

Professor Solove’s LinkedIn Influencer blog

LinkedIn Influencer 02 You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has more than 600,000 followers.

LinkedIn Influencer 01

*    *    *    *

Professor Solove’s Twitter Feed

Twitter 01Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.

*    *    *    *

Professor Solove’s Newsletter

Newsletter 01Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.

*    *    *    *

Professor Solove’s LinkedIn Discussion Groups

Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:

Privacy and
Data Security
HIPAA Privacy
and Security
Education Privacy
and Data Security
Image Group LinkedIn Logo Education Privacy 01 Image Group LinkedIn Logo HIPAA 01 Image Group LinkedIn Logo Privacy Security 01

The Most Effective Factor in Education

Daniel Solove
Founder of TeachPrivacy

most effective education blog 1

by Daniel J. Solove

I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.

Simply put, students must care about learning the material. The more they care, the more they learn.

The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.

Continue Reading