PRIVACY + SECURITY BLOG

News, Developments, and Insights

HIPAA Cartoon: Notice of Privacy Practices

This HIPAA cartoon involves the notice of privacy practices (NPP) under HIPAA.  HIPAA has a set of detailed requirements for the NPP.  See 45 CFR 164.520 for the text of HIPAA’s requirement for NPPs. The biggest challenge regarding privacy notices is that hardly anyone actually reads the notice, and notices are often a chore to read. There is […]

The Future of Cybersecurity Insurance and Litigation: An Interview with Kimberly Horn

Cybersecurity litigation is currently at a crossroads. Courts have struggled in these cases, coming out in wildly inconsistent ways about whether a data breach causes harm. Although the litigation landscape is uncertain, there are some near certainties about cybersecurity generally: There will be many data breaches, and they will be terrible and costly. We thus […]

Locating Personal Data and Tracking Privacy Rights: An Interview with Dimitri Sirota

One of the biggest challenges for organizations is locating all the personal data they have. This task must be done, however, to comply with the General Data Protection Regulation (GDPR) and other privacy laws. Moreover, the GDPR and the new California Consumer Privacy Act provide that individuals have rights regarding their data. These rights often […]

The Supreme Court on Smart Phones: An Interview of Bart Huffman about Law and Technology

The U.S. Supreme Court has been notoriously slow to tackle new technology. In 2002, Blackberry launched its first smart phone. On June 29, 2007, Steve Jobs announced the launch of the original Apple iPhone. But it took the Supreme Court until 2014 to decide a case involving the Fourth Amendment and smart phones – Riley […]

HIPAA Cartoon: Breach of Confidentiality

This HIPAA cartoon involves confidentiality. There are countless cases of misdirected PHI that is emailed or faxed to the wrong people. I recently created a new short course on HIPAA Confidentiality.  You can learn more about it here. HIPAA Resources HIPAA Training Courses HIPAA Training Guide HIPAA Training Requirements FAQ HIPAA Whiteboard HIPAA Resources

The Ethics of Artificial Intelligence: An Interview of Kurt Long

In recent years, there have been tremendous advances in artificial intelligence (AI). These rapid technological advances are raising a myriad of ethical issues, and much work remains to be done in thinking through all of these ethical issues. I am delighted to be interviewing Kurt Long about the topic of AI. Long is the creator and CEO […]

Why Blockchain Is a Game-Changer for Privacy: An Interview with Steve Shillingford

Blockchain is taking the world by storm. I am delighted to have the opportunity to interview Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company. Steve was previously at Oracle and Novell, then was President of Solera Networks before founding Anonyome. Steve speaks and writes extensively on identity management, cybersecurity, privacy, and […]

FTC Hearings on Competition and Consumer Protection in the 21st Century

I’ll be speaking at the FTC Hearings on Competition and Consumer Protection in the 21st Century on a panel about consumer data on Thursday, September 13, 2018 at 3:15 PM. UPDATE: You can see video of my panel at that hearing here.  Here’s a transcript. My panel information is here: The Regulation of Consumer Data Participants: […]

Cartoon: GDPR Consent

This cartoon is about consent under the GDPR.  Under the GDPR Article 6, consent is one of the six lawful bases to process personal data.  Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent.  The meaning of what “consent” requires is most thoroughly stated in Recital 32: Consent should […]