PRIVACY + SECURITY BLOG

News, Developments, and Insights

The Funniest Password Recovery Questions and Why Even These Don’t Work

  A recent article in Wired argues that it is time to kill password recovery questions. Password recovery questions are those questions that you set up in case you forget your password. Common questions are: In what city were you born? What is your mother’s maiden name? Where did you go to high school?

HIPAA Cartoon on HIPAA’s Jargon

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here.

Privacy Cartoon: Know Your Data

Here’s a cartoon I created.  It involves several Fair Information Practice Principles (FIPPs) and privacy best practices.  The ones involved (and not heeded) in this cartoon are doing a data inventory, informing people about the purposes of the collection of their data, using data for only those purposes, and not keeping data longer than necessary […]

Ransomware: A Cartoon to Brighten More Bad News

I have good news and bad news about ransomware.  First, the good news — here’s a cartoon I created.  I hope you enjoy it, because that’s the only good news i have.  Now, for the bad news . . . The Bad News: Be Afraid, Very Afraid Everyone seems to be afraid of ransomware these […]

An Updated List of Privacy Law Fellowships

Fellowships can be a great way to kick start a career in privacy law.  I have added new fellowships the list I published in February 2016, as well as updated deadlines and other relevant information.  Click here to see the fully updated list of privacy fellowships.  If you know of others I should add, please email me.

HIPAA Cartoon – HIPAA Compliance Program

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]

Is a Ransomware Attack a HIPAA Data Breach?

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]

Passwords Cartoon – Security Awareness Training

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

“Privacy”: A Unique Play Starring Your Smart Phone

I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City.  The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers.  Technology is adeptly woven into the play.  At many points during […]