By Daniel J. Solove The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015. The list is compiled annually by examining passwords leaked during a particular year. Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to […]
For several years, I have been posting about notable books on privacy and security, and this post lists some of the notable books from 2015. To see a more comprehensive list of nonfiction works about privacy and security, you might consult this resource page that Professor Paul Schwartz and I maintain: Nonfiction Privacy + Security […]
I created some new training programs last year, and here are some of the highlights: The Ransomware Attack (~5 mins) This short program (~5 minutes) consists of an interactive cartoon vignette about malware. The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches […]
It’s Data Privacy Day — January 28, 2016 — and to celebrate, here’s a cartoon I created about the Internet of Things.
A new report by Verizon, the PHI Data Breach report, analyzes 1,931 data breaches of protected health information (PHI) under HIPAA, The incidents occurred between 1994 and 2014, with most occurring from 2004-2014. An article from Computer World sums up the findings of the report. One interesting statistic is that 392 million PHI records were […]
By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]
I originally posted a version of this post more than 10 years ago, in 2005. I think it is important to re-post it, with a few updates. I strongly recommend teaching information privacy law in law schools. I have authored several textbooks in the field, and I know that this might seem like a self-plug. […]
I am pleased to announce the publication of my article, The Scope and Potential of FTC Data Protection., 83 George Washington Law Review 2230 (2015). I wrote the article with Professor Woodrow Hartzog. The article addresses the scope of FTC authority in the areas of privacy and data security (which together we refer to as […]
HIPAA expert Rebecca Herold offers a very compelling explanation of the value of HIPAA training. She writes: Information security and privacy education is more important than ever because new gadgets and technologies enable more healthcare workers to collect and share data. In September 2015, Cancer Care Group agreed to settle HIPAA violations by paying a […]
I’ve long been saying that privacy need not be sacrificed for security, and it makes me delighted to see that public attitudes are aligning with this view. A Pew survey revealed that a “majority of Americans (54%) disapprove of the U.S. government’s collection of telephone and internet data as part of anti-terrorism efforts.” The anti-NSA […]