These days, there seems to be a lot of energy around a federal comprehensive privacy law in the United States. When the US Congress started passing privacy laws in the 1970s, 80s, and 90s, it eschewed the route of passing a comprehensive privacy law, opting instead for the sectoral approach — passing a series of […]
I am pleased to announce the publication of the new edition of PRIVACY LAW FUNDAMENTALS, my short guide to privacy law with Prof Paul Schwartz. The purpose of this compact treatise is to distill the vast terrain of privacy law to the essential cases, regulations, statutes, and other notable developments. We aim to provide what […]
For years, many policymakers, industry representatives, and commentators were opposed to a comprehensive federal privacy law. They typical federalism arguments were often trotted out. Then, in 2018, California passed the California Consumer Privacy Act (CCPA). Now, there seems to be a chorus for a comprehensive federal privacy law with preemption. I’ll be posting soon about […]
I hope that you can join us for the International Privacy+Security Forum (April 3-5, 2019 in Washington, DC). The International Privacy+Security Forum is an annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC. The Int’l Forum event focuses on privacy and security laws from […]
This cartoon is about data breach notification. All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe. And, as is often said in data security, it’s not whether a breach will happen, but when . . .
Last year was a record-setting year for HIPAA enforcement. On HHS’s website, OCR has touted its 2018 enforcement: OCR has concluded an all-time record year in HIPAA enforcement activity. In 2018, OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This total surpassed the previous record of $23.5 million from 2016 by […]
There have been quite a number of state HIPAA enforcement cases this year, and one expert points out a trend toward increasing state enforcement of HIPAA. An article in Data Breach Today discusses a number of state HIPAA enforcement cases. Here are some of the ones discussed: Massachusetts — $75,000 settlement with McLean Hospital for […]
I’ve been creating security and privacy awareness training for years, and I am always in the hunt for good stock photos to illustrate these issues. I thought I’d share with you some of the most ridiculous ones I’ve come across. For the past four years, I’ve posted just the funniest hacker stock photos, but this year, I […]
This cartoon about artificial intelligence is based on something I often hear — that it is impossible to understand how certain decisions are made by certain algorithms. I wonder whether this problem is due to the fact that not enough effort is being devoted to addressing ethical issues such as the transparency of the decisionmaking […]
A recent case involving the Illinois Biometric Information Privacy Act (BIPA), Rivera v Google (N.D. Ill. No. 16 C 02714, Dec. 28, 2018), puts the ills of Spokeo Inc. v. Robins on full display. In Rivera, plaintiffs sued Google under BIPA, which prohibits companies from collecting and storing specific types of biometric data without people’s consent. The plaintiffs alleged that Google […]