Recently, Congress voted to overturn new FCC rules that regulated the privacy of broadband Internet Service Providers (ISPs). The rules implemented the Communications Act, 47 U.S.C. § 222 to ISPs, requiring opt in for sharing sensitive customer data, opt out for sharing non-sensitive customer data, as well as transparency requirements. Sensitive data includes precise geo-location, children’s […]
The first quarter of 2017 is not yet over and the OCR has already released details of four HIPAA enforcement penalties totaling over $11 million. 2016 set a record with $20 million in fines for the year, with $5.2 million of that coming in the first quarter. In just the first 2 months of […]
This cartoon depicts the potential future of the Internet of Things. As more and more devices are connected to the Internet, including ones implanted in people’s bodies, increasing thought must be given to the privacy and security implications. The speed of technological development is moving at a far greater pace than the speed of policy […]
Misspelled words and bad grammar are tell-tale signs of phishing. Why don’t phishers learn spelling and grammar? Can’t they afford a copy of Strunk and White? Phishers don’t need to spell better because their poorly-written schemes still fool enough people. It’s just math for the phishers — a numbers game. If you handle IT […]
My cartoon depicts the discrepancy in the security and privacy budgets at many organizations. Of course, the cartoon is an exaggeration. In an IAPP survey of Chief Privacy Officers at Fortune 1000 companies in 2014, privacy budgets were nearly half of what security budgets were. That’s actually better for privacy than many might expect. […]
Time to call the Guinness Book of World Records because HHS has set a new world record in HIPAA enforcement. 2016 saw a considerable increase in HIPAA enforcement resolution agreements and monetary penalties. At the end of 2016, the OCR logged over $20 million in fines for HIPAA violations from 15 enforcement actions with monetary […]
In response to government surveillance or massive data gathering, many people say that there’s nothing to worry about. “I’ve got nothing to hide,” they declare. “The only people who should worry are those who are doing something immoral or illegal.” The nothing-to-hide argument is ubiquitous. This is why I wrote an essay about it 10 […]
This cartoon is about snooping, one of the most common HIPAA violations. HIPAA prohibits accessing information that people don’t need to do their jobs. It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong. But the cartoon invites people to imagine how […]
Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.
I’m pleased to announce that a new 4th edition of my short guide, PRIVACY LAW FUNDAMENTALS (IAPP 2017) (co-authored with Professor Paul Schwartz) is now out in print. This edition incorporates extensive developments in privacy law and includes an introductory chapter summarizing key new laws, cases and enforcement actions. Privacy Law Fundamentals is designed with […]