This cartoon depicts how, after the GDPR, countless websites have cookie notices and require agreeing to accept cookies. I find these cookie notices to be form over substance. These notices are virtually meaningless and don’t help consumers. They are a nuisance. They give privacy a bad name because people start to think that privacy is […]
I had the chance to interview Daniel Barber, CEO and Co-founder of DataGrail. DataGrail is a purpose-built privacy management platform that ensures sustained compliance with the GDPR, CCPA, and forthcoming regulations. Their customers span a variety of industries and include Databricks, Plexus Worldwide, TRI Pointe Homes, Outreach, Intercom, and SaaStr. Daniel and I spoke about the lessons […]
Professor Paul Schwartz and I have posted the black letter text of the American Law Institute (ALI), Principles of the Law, Data Privacy. Professor Paul Schwartz and I were co-reporters on the project. Earlier this year, I wrote a post about our completion of the project. According to the ALI press release: “The Principles seek to […]
Recently, the International Association of Privacy Professionals (IAPP) released a ranking of law schools based on their educational programs in privacy law. Although I applaud the effort to focus more attention on the issue of teaching privacy law in law schools, there are many aspects of the project that I would do differently. In this […]
Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg. She requested the […]
One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance. More than […]
This cartoon depicts something that happens far too often with HIPAA — HIPAA is used as an excuse not to do something (such as make disclosures or provide access to records in ways that patients request) even though HIPAA doesn’t have such a restriction. This is often done out of a lack of knowledge about […]
Over at Lawfare, I have an essay co-authored by Chris Hoofnagle and Woodrow Hartzog called The FTC Can Rise to the Privacy Challenge, but Not Without Help From Congress. This piece is also posted at the Brooking Institution’s TechTank. The essay begins: Facebook’s recent settlement with the Federal Trade Commission (FTC) has reignited debate over whether the […]
This cartoon is about evolution of data breaches, which began to grab headlines back in 2005, thanks in large part to California’s data breach notification law — the first of such laws. Since that time, every state has passed breach notification laws, and there are breach notification laws sprouting up around the world. Every day, […]
I’m thrilled that, the American Law Institute (ALI) has approved the Principles of the Law, Data Privacy. Professor Paul Schwartz and I were co-reporters on the project. According to the ALI press release: “The Principles seek to provide a set of best practices for entities that collect and control data concerning individuals and guidance for […]