Here’s a cartoon on HIPAA and social media use to jump start your week. You can’t think enough about HIPAA these days. HIPAA audits are back, and OCR is having a vigorous enforcement year this year, something I plan to post about soon.
Why do phishers waste their time with such obvious phishing scams when they can do so much better? One possible answer: They don’t have to do better. They send out so many emails that they only need a very low percentage of people to click. And people always do. In fact, if phishing emails became […]
Contracting with cloud service providers has long been a world shrouded in fog. Across various organizations, cloud service agreements (CSAs) are all over the place, and often many people entering into these contracts have no idea what provisions they should have to protect their data.
Recently, the U.S. Court of Appeals for the 9th Circuit issued a decision with profound implications for consumer privacy protection law. In FTC v. AT&T Mobility (9th Cir. Aug. 29, 2016), a 3-judge panel of the 9th Circuit held that the Federal Trade Commission (FTC) lacks jurisdiction over companies that engage in common carrier activity. […]
I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy. More work gets thrown onto the shoulders of under-resourced privacy departments. It is time that the C-Suite (upper management) wakes up to the […]
I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework. Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US. Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in […]
A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are: In what city were you born? What is your mother’s maiden name? Where did you go to high school?
HIPAA is famously impenetrable, with so many special terms and definitions. I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here.
Here’s a cartoon I created. It involves several Fair Information Practice Principles (FIPPs) and privacy best practices. The ones involved (and not heeded) in this cartoon are doing a data inventory, informing people about the purposes of the collection of their data, using data for only those purposes, and not keeping data longer than necessary […]
I have good news and bad news about ransomware. First, the good news — here’s a cartoon I created. I hope you enjoy it, because that’s the only good news i have. Now, for the bad news . . . The Bad News: Be Afraid, Very Afraid Everyone seems to be afraid of ransomware these […]