All posts tagged Security

The 5 Things Every Privacy Lawyer Needs to Know about the FTC: An Interview with Chris Hoofnagle

Daniel Solove
Founder of TeachPrivacy

Privacy and Security Training

The Federal Trade Commission (FTC) has become the leading federal agency to regulate privacy and data security. The scope of its power is vast – it covers the majority of commercial activity – and it has been enforcing these issues for decades. An FTC civil investigative demand (CID) will send shivers down the spine of even the largest of companies, as the FTC requires a 20-year period of assessments to settle the score. Continue Reading

Information Security Training: Focus on the Human Problem

Daniel Solove
Founder of TeachPrivacy

Information Security Awareness Training Plan B

I created a new poster about information security training, which is debuting at the RSA conference.  This poster is based on the fact that the vast majority of information security incidents and data breaches occur because of human mistakes.   Information security is only in small part a technology problem; it is largely a human problem.

If you’re at RSA and are interested in information security awareness training, please drop by the TeachPrivacy booth at Moscone North 4802.

RSA Conference 2016

You can pick up a copy of this poster.  And you can also learn about our newest training, which includes a really neat Where’s Waldo style game where users spot privacy and security risks.

Continue Reading

Spot the Privacy and Security Risks Training Game

Daniel Solove
Founder of TeachPrivacy

Spot the Risks Privacy and Information Security Awareness Training

I’m pleased to announce a new training program:  Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete.  Trainees are asked to spot the risks in an office.  Feedback is provided about each risk so trainees learn many of the most important best practices.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Daniel Solove
Founder of TeachPrivacy

title image

A dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Daniel Solove
Founder of TeachPrivacy

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

By Daniel J. Solove

Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka.  Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.”

After the Paris attacks, national security proponents in the US and abroad have been making even more vigorous attempts to mandate a backdoor to encryption.

Continue Reading

Does Cybersecurity Law Work Well? An Interview with Ed McNicholas

Daniel Solove
Founder of TeachPrivacy

Does Cybersecurity Law Work Well?  An Interview with Ed McNicholas

By Daniel J. Solove

“The US is developing a law of cybersecurity that is incoherent and unduly complex,” says Ed McNicholas, one of the foremost experts on cybersecurity law. 

McNicholas is a partner at Sidley Austin LLP and co-editor of the newly-published treatise, Cybersecurity: A Practical Guide to the Law of Cyber Risk (with co-editor Vivek K. Mohan).   The treatise is a superb guide to this rapidly-growing body of law, and it is nicely succinct as treatises go.  It is an extremely useful volume that I’m delighted I have on my desk.  If you practice in this field, get this book.  

Continue Reading

The Growing Problems with the Sectoral Approach to Privacy Law

Daniel Solove
Founder of TeachPrivacy

Sectoral Omnibus Privacy Regulation

By Daniel J. Solove

The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries.  In contrast, the EU and many other countries have an omnibus approach — one overarching law that regulates privacy consistently across all industries.  The US is an outlier from the way most countries regulate privacy.

About 15 years ago, the sectoral approach was hailed by many US organizations as vastly preferable to an omnibus approach.  Each industry wanted to be regulated differently, in a more nuanced way focused on its particular needs.  Industries could lobby and exert their influence much more on laws focused on their industry.  Additionally, some organizations liked the sectoral approach because they fell into one of the big gaps in regulation.

But today, ironically, the sectoral approach is not doing many organizations any favors.  There are still gaps in protection under the US approach, but these have narrowed.  In fact, many organizations do not fall into gaps in protection — they are regulated by many overlapping laws.  The result is a ton of complexity, inconsistency, and uncertainty in the law.

Continue Reading

Alan Westin’s Privacy and Freedom

Daniel Solove
Founder of TeachPrivacy

Alan Westin Privacy and Freedom

Alan Westin Privacy and FreedomI am pleased to announce that Alan Westin’s classic work, Privacy and Freedom, is now back in print.  Originally published in 1967, Privacy and Freedom had an enormous influence in shaping the discourse on privacy in the 1970s and beyond, when the Fair Information Practice Principles (FIPPs) were developed.

The book contains a short introduction by me.  I am truly honored to be introducing such a great and important work.  When I began researching and writing about privacy in the late 1990s, I kept coming across citations to Westin’s book, and I was surprised that it was no longer in print.  I tracked down a used copy, which wasn’t as easy to do as today.  What impressed me most about the book was that it explored the meaning and value of privacy in a rich and interdisciplinary way.

A very brief excerpt from my intro:

At the core of the book is one of the most enduring discussions of the definition and value of privacy. Privacy is a very complex concept, and scholars and others have struggled for centuries to define it and articulate its value. Privacy and Freedom contains one of the most sophisticated, interdisciplinary, and insightful discussions of privacy ever written. Westin weaves together philosophy, sociology, psychology, and other disciplines to explain what privacy is and why we should protect it.

Alan WestinI was fortunate to get to know Alan Westin, as I began my teaching career at Seton Hall Law School in Newark, New Jersey, and Alan lived and worked nearby.  I had several lunches with him, and we continued our friendship when I left to teach at George Washington University Law School.  Alan was kind, generous, and very thoughtful. He was passionate about ideas.  I miss him greatly.

So it is a true joy to see his book live on in print once again.

Here’s the blurb from the publisher:

Continue Reading

Sunken Safe Harbor: 5 Implications of Schrems and US-EU Data Transfer

Daniel Solove
Founder of TeachPrivacy

sunken safe harbor

By Daniel J. Solove

In a profound ruling with enormous implications,the European Court of Justice (ECJ) has declared the Safe Harbor Arrangement to be invalid.

[Press Release]  [Opinion]

The Safe Harbor Arrangement

The Safe Harbor Arrangement has been in place since 2000, and it is a central means by which data about EU citizens can be transferred to companies in the US.  Under the EU Data Protection Directive, data can only be transferred to countries with an “adequate level of protection” of personal data.  The EU has not deemed the US to provide an adequate level of protection, so Safe Harbor was created as a work around.

Continue Reading

6 Great Films About Privacy and Security

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel Solove

I previously shared 5 of my favorite novels about privacy and security, and I’d now like to share 6 of my favorite films about these topics — because I just couldn’t whittle the list down to 5.

I was thinking about my favorite films because I’ve been putting together a session at my Privacy+Security Forum event next month — the “Privacy and Security Film and TV Club” — where a group of experts will share their favorite films and TV series that have privacy and security themes.

Without further ado, here are my film choices:

Continue Reading

The OPM Data Breach: Harm Without End?

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, this is not nearly enough:

If the data is in the hands of traditional cyber criminals, the 18-month window of protection may not be enough to protect workers from harm down the line. “The data is sold off, and it could be a while before it’s used,” said Michael Sussmann, a partner in the privacy and data security practice at law firm Perkins Coie. “There’s often a very big delay before having a loss.”

Continue Reading

Cybersecurity in the Boardroom

Daniel Solove
Founder of TeachPrivacy

??????????

by Daniel J. Solove

A few days ago, I posted about how boards of directors must grapple with privacy and cybersecurity.   Today, I came across a survey by NYSE Governance Services and Vericode of 200 directors in various industries.

According to the survey, about two-thirds of directors are less than confident about their company’s cybersecurity.  This finding is not surprising given the frequency of data breaches these days.  There is a growing sense of exasperation, as if we are living in an age of a great plague, with bodies piling up in the streets.

Plague 01

Continue Reading

Boards of Directors Must Grapple with Privacy and Cybersecurity

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

Privacy and cybersecurity have become issues that should be addressed at the board level. No longer minor risks, privacy and cybersecurity have become existential issues. The costs and reputational harm of privacy and security incidents can be devastating.

Yet not enough boards are adequately engaged with these issues. According to a survey last year, 58% of members of boards of directors believed that they should be actively involved in cyber security. But only 14% of them stated that they were actively involved.

Continue Reading

Health Data Security in Crisis, Phase 2 Audits, and Other HIPAA Privacy + Security Updates

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

Co-authored with Professor Paul Schwartz

This post is part of a post series where we round up some of the interesting news and resources we’re finding. We have split the health/HIPAA material from our updates on other topics. To see our updates for other topics, click here.

For a PDF version of this post, and for archived issues of previous posts, click here.

Continue Reading