by Daniel J. Solove Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in […]
by Daniel J. Solove I recently had the opportunity to interview Christopher Kuner, Senior Of Counsel with Wilson Sonsini Goodrich & Rosati in Brussels. He is also an Honorary Professor at the University of Copenhagen, a visiting fellow at the London School of Economics, and teaches at the University of Cambridge. He is editor-in-chief of […]
by Daniel J. Solove This post was co-authored by Professor Woodrow Hartzog. The long-awaited federal district court opinion in FTC v. Wyndham was finally released last week. The U.S. District Court for the District of New Jersey rejected Wyndham’s arguments that the FTC lacks the authority to regulate unfair data security practices, that the FTC […]
by Daniel J. Solove It sounds like a late April Fool’s joke, but it isn’t. Heartbleed, a data security bug in Open SSL, allows hackers to access personal data and encryption keys. This vulnerability has existed for 2+ years, and there is no way to know if your data has been compromised. And the majority […]
by Daniel J. Solove The case has been quite long in the making. The opinion has been eagerly anticipated in privacy and data security circles. Fifteen years of regulatory actions have been hanging in the balance. We have waited and waited for the decision, and yesterday, it finally arrived. The case is FTC v. Wyndham, […]
by Daniel J. Solove I was recently interviewed in the Journal of AHIMA on how the C-suite is waking up to the new realities of privacy and data security risks. Before the HITECH Act in 2009, HIPAA enforcement was based on a cooperative model where HHS was not punitive in its approach. Now, big fines […]
by Daniel J. Solove This post was co-authored by Professor Paul Schwartz, Berkeley Law School. Education was one of the first areas where privacy was regulated by a federal statute. Passed in the early 1970s, the Family Educational Rights and Privacy Act (FERPA) was on the frontier of federal privacy regulation. But now it is […]
by Daniel J. Solove I have produced a new short video called 5 Things School Officials Must Know About Privacy. The video addresses the most important points that school officials should know when it comes to privacy. These points are: Protecting privacy involves much more than following FERPA. Just because software and services can do […]
by Daniel J. Solove I was fortunate to pick up a copy of The Privacy Engineer’s Manifesto, a new book by Michelle Finneran Dennedy, Jonathan Fox, and Thomas Finneran. I’ve read a lot of practical “how to” stuff about privacy before that’s vague and not very specific, but this book is so refreshingly detailed, has […]
by Daniel J. Solove In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider. Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible […]