I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City. The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers. Technology is adeptly woven into the play. At many points during […]
Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation.
Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA).
Security experts are sounding the alarm bell as ransomware attacks continue to increase rapidly since my last post on the subject.
There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys […]
In previous posts, I have listed some of my favorite novels and movies about privacy and security issues. I don’t want to leave out TV, as there are some great TV series too.
I recently created a new resource page — How to Make Security Training Effective. The page contains my advice for how to make security training memorable and effective in changing behavior. Training the workforce is an essential way to protect data security, but not all training endeavors are successful. Poor training is akin to shouting […]
What laws require security awareness training? What topics do the laws require to be covered? What should be covered? How frequently should training be given? I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more. I discuss various legal and industry requirements for security awareness […]
When is a person harmed by a privacy violation? The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins. Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile. Spokeo’s profiles are used by potential employers […]
The privacy law profession is growing tremendously, but there is a challenge that we’re facing, one that I’d like to enlist your help in addressing – the bottleneck problem. There is a huge bottleneck at the entry point to the field. So I am calling on organizations to address this bottleneck by offering fellowships to […]