by Daniel J. Solove In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider. Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible […]
by Daniel J. Solove A recent article in CIO explores the question: Is data security awareness training effective? The answer: Yes. The article points to an ISACA study that seeks to measure the effectiveness of data security awareness training. The study concludes: “Security awareness training is a vital nontechnical component to information security. As such, […]
by Daniel J. Solove Far too often, the mandate for data security is simply to “secure it,” and people often think of data security as a set of clear choices. This is in contrast to privacy, which is understood as a set of muddy policy issues. But data security is, in fact, quite muddy itself. […]
by Daniel J. Solove There seems to be a surge in data security attacks lately. First came news of the Target attack. Then Neiman Marcus. Then the U.S Courts. Then Michael’s. Here are four points to consider about data security: 1. Beware of fraudsters engaging in post-breach fraud. After the Target breach, fraudsters sent out […]
by Daniel J. Solove Why does privacy matter? Often courts and commentators struggle to articulate why privacy is valuable. They see privacy violations as often slight annoyances. But privacy matters a lot more than that. Privacy is not just a concept—it’s your personal shield in an era where data is gold. Here are 10 compelling […]
by Daniel J. Solove 2013 was a remarkable year in privacy developments. Here are four main trends I saw occurring this year: 1. The heat on the NSA for its broad surveillance programs has been sustained and productive. The Edward Snowden leaks revealed massive NSA surveillance efforts. What is most interesting in the aftermath of […]
Here are some notable books on privacy and security from 2013. To see a more comprehensive list of nonfiction works about privacy and security, Professor Paul Schwartz and I maintain a resource page on Nonfiction Privacy + Security Books.
by Daniel J. Solove A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama. The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom […]
by Daniel J. Solove Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called Privacy and Cloud Computing in Public Schools, and it is well worth […]
by Daniel J. Solove Over at Slate, Dahlia Lithwick and Steve Vladeck have a great piece about why “metadata” matters. It is very much worth reading. Here are some of my thoughts on the matter. Several National Security Agency (NSA) surveillance programs involve gathering metadata about our communications (the numbers we call or the email […]