These days, the debate about a federal comprehensive privacy law is buzzing louder than ever before. A number of bills are floating around Congress, and there are many proposals for privacy legislation by various groups, organizations, and companies. As proposals to regulate privacy are debated, it is helpful to distinguish between three general approaches to […]
In this video, Daniel Solove and Tracy Mitrano (former IT Policy at Cornell and now Democratic candidate for US Senate in New York’s 23rd district) discuss Covid, privacy, education, work-from-home, and other privacy, security, and technology issues.
In this video, Daniel Solove (TeachPrivacy, GW Law), Justin Antonipillai (Wirewheel), and Andy Dale (Alyce) discuss the challenge of writing privacy notices, Schrems II, and other privacy issues.
Ransomware has long been a scourge, and it has been growing into a pandemic with no signs of slowing down. I recently had the opportunity to discuss ransomware with several experts at Beazley. Based in Chicago, Ken Suh is the focus group leader for cyber & tech claims at Beazley. Mark Singer is a cyber & tech […]
HIPAA training is an specific requirement of HIPAA. HIPAA requires that covered entities (CEs) and business associates (BAs) provide HIPAA training to members of their workforce who handle protected health information (PHI). This means administrative and clinical personnel need to be trained. Business associates — and any of their subcontractors — must have training. Basically, […]
What are the requirements for California Consumer Privacy Act (CCPA) training? At Section 1798.135(a)(3), the CCPA requires that businesses “ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Section 1798.120 and this section and how to direct […]
This cartoon is about de-identifying PHI under HIPAA. De-identifying personal data is quite complicated. Researchers have been able to re-identify sets of personal data with just names, birth dates, and gender. The reason why de-identifying data is difficult is that there is more and more identified personal data online that can be matched up […]
The European Court of Justice just issued its decision in Facebook Ireland v. Schrems, and the court’s opinion sent shock waves throughout the privacy world. I had a terrific discussion with Justin Antonipillai (Wirewheel), Gabriela Zanfir-Fortuna (Future of Privacy Forum), Ralf Sauer (European Commission), and Bob Litt (Morrison & Foerster, former General Counsel for the […]
Ransomware has long been a scourge, and it’s getting worse. I recently had the chance to talk about ransomware and cyber insurance with Kimberly Horn, the Global Claims Team Leader for Cyber & Tech Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to […]
This cartoon is about the “privacy paradox” — the phenomenon where people say that they value privacy highly, yet in their behavior relinquish their personal data for very little in exchange or fail to use measures to protect their privacy. I recently wrote an article about the privacy paradox: The Myth of the Privacy Paradox, […]