What are the requirements for California Consumer Privacy Act (CCPA) training? At Section 1798.135(a)(3), the CCPA requires that businesses “ensure that all individuals responsible for handling consumer inquiries about the business’s privacy practices or the business’s compliance with this title are informed of all requirements in Section 1798.120 and this section and how to direct […]
This cartoon is about de-identifying PHI under HIPAA. De-identifying personal data is quite complicated. Researchers have been able to re-identify sets of personal data with just names, birth dates, and gender. The reason why de-identifying data is difficult is that there is more and more identified personal data online that can be matched up […]
The European Court of Justice just issued its decision in Facebook Ireland v. Schrems, and the court’s opinion sent shock waves throughout the privacy world. I had a terrific discussion with Justin Antonipillai (Wirewheel), Gabriela Zanfir-Fortuna (Future of Privacy Forum), Ralf Sauer (European Commission), and Bob Litt (Morrison & Foerster, former General Counsel for the […]
Ransomware has long been a scourge, and it’s getting worse. I recently had the chance to talk about ransomware and cyber insurance with Kimberly Horn, the Global Claims Team Leader for Cyber & Tech Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to […]
This cartoon is about the “privacy paradox” — the phenomenon where people say that they value privacy highly, yet in their behavior relinquish their personal data for very little in exchange or fail to use measures to protect their privacy. I recently wrote an article about the privacy paradox: The Myth of the Privacy Paradox, […]
This cartoon is about the GDPR’s lawful basis requirement to process personal data. One of the biggest differences between U.S. and EU privacy law is that in the U.S., organizations can collect and use personal data in nearly any way they choose as long as they state what they are doing in their privacy notice […]
I have posted to SSRN a copy of my latest draft article, The Myth of the Privacy Paradox. It’s available for download for free. Here’s the abstract:
This cartoon is about new technology and privacy. With each new technology, there have been outcries that privacy will be lost forever. A while ago, I wrote a post collecting headlines and book covers that proclaimed “the death of privacy” throughout the ages. Despite being under constant threat, privacy has somehow has managed to survive. […]
For Data Privacy Day, here’s a cartoon about the history of privacy. A constant stream of articles and books proclaim that privacy is dead. But people have been saying that privacy is dead for quite some time. This is either the longest death scene in history, or privacy isn’t dying.
Ransomware has long been a scourge. Since at least 2012, ransomware has grown dramatically. Ransoms have increased — the average ransom payout is now more than $40,000. Organizations most hit are public sector, software services, professional services, and healthcare. Healthcare, in particular, is a soft target because of the need to get systems back and […]