Recently, I created two new GDPR training resources. GDPR Whiteboard I created a 1-page visual summary of the GDPR, which I call the GDPR Whiteboard. The idea was to capture the key points of the General Data Protection Regulation (GDPR) in a succinct and visually-engaging way. It has become quite popular, receiving thousands of downloads. You […]
Recently, I created two new HIPAA training resources. HIPAA Whiteboard I created a 1-page visual summary of HIPAA, which I call the HIPAA Whiteboard. The idea was to summarize HIPAA in a concise and visually-engaging way. You can download a PDF handout version here. We’ve been licensing it to many organizations for training and awareness purposes. […]
My new article was just published: Risk and Anxiety: A Theory of Data Breach Harms, 96 Texas Law Review 737 (2018). I co-authored the piece with Professor Danielle Keats Citron. We argue that the issue of harm needs a serious rethinking. Courts are too quick to conclude that data breaches don’t create harm. There are two […]
It’s time for another installment of the funniest hacker stock photos. Because I create information security awareness training (and HIPAA security training too), I’m always in the hunt for hacker photos. For this round, I focus on the future of hacking, so I looked closely for hacker stock photos that depicted the most state-of-the-art hacking […]
The GDPR Article 17 provides for a right to erasure — commonly known as the “right to be forgotten.” Data subjects may request that an organization erase their personal data “without undue delay” under a number of circumstances. These circumstances include when the data is no longer relevant to the purposes of collection, when consent […]
In a very important decision, FTC v. AT&T Mobility (9th Cir. 2018 en banc), the U.S. Court of Appeals for the 9th Circuit en banc reversed an earlier panel decision that severely limited the FTC’s jurisdiction to protect privacy and data security. I strongly criticized the panel decision in an previous blog post. The FTC has taken […]
I turned my short GDPR vignette about GDPR’s territorial scope into a cartoon. The GDPR applies not just to all EU organizations that process personal data. The GDPR also applies to non-EU established organizations that offer goods and services to EU citizens or that monitor behavior within the EU. The GDPR thus has quite a long […]
The International Privacy+Security Forum (February 26-27, 2018 in Washington DC) is next week. The International Forum is a new annual sister event to the Privacy+Security Forum, an annual event held in October at George Washington University in Washington, DC. The regular Privacy+Security Forum will be in its 4th year in 2018. This past year, we […]
Every year, we hear about how climate change is worsening. It seems the same story is happening with data security. Last year was the worst year in recorded data breach history. More than 5,200 breaches were reported in 2017, with more than 7.8 billion records compromised. By comparison, there are 7.6 billion people on Earth, […]
The FTC released the above chart showing the history of Commissioners, Chairwomen and Chairman of the FTC from 1915 through the present day. According to the chart, The Federal Trade Commission is composed of five Commissioners, and their terms extend for seven years. The Commissioners are appointed by the President with the advice and consent […]