PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

Blogging Highlights 2015: Cybersecurity Issues

Cybersecurity Training

I’ve been going through my blog posts from 2015 to find the ones I most want to highlight.  Here are some selected posts about security: The Worst Password Ever Created Should the FTC Kill the Password? The Case for Better Authentication

10 Implications of the New EU General Data Protection Regulation (GDPR)

EU GDPR Training General Data Protection Regulation

Last week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries.  Clocking in at more than 200 pages, this is quite a document to digest.  According to the European Commission press release: “The regulation will establish one single set of rules which […]

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Encryption Backdoors - Kafkaesque

By Daniel J. Solove Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka.  Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.” After the Paris attacks, national security proponents in the US and abroad have been […]

Ransomware’s Dilemma: Pay It or Not?

Ransomware cybersecurity training

Ransomware is one of the most frightening scourges to hit the Internet.  Ransomware is a form of malware (malicious code) that encrypts a person’s files and demands a ransom payment to decrypt them.  If the money isn’t paid, the encryption keys are destroyed, and the data is lost forever. Ransomware began to emerge in 2009, […]

Does Cybersecurity Law Work Well? An Interview with Ed McNicholas

Cyber Security

“The US is developing a law of cybersecurity that is incoherent and unduly complex,” says Ed McNicholas, one of the foremost experts on cybersecurity law.  McNicholas is a partner at Sidley Austin LLP and co-editor of the newly-published treatise, Cybersecurity: A Practical Guide to the Law of Cyber Risk (with co-editor Vivek K. Mohan).   The […]

K-12 Schools Must Teach Data Privacy and Security

By Daniel J. Solove It is essential that children learn about data privacy and security.  Their lives will be fully enveloped by technologies that involve data.  But far too little about these topics is currently taught in most schools.  Fortunately, there is a solution, one that I’m proud to have been involved in creating.  The […]

Modernizing Electronic Surveillance Law

By Daniel J. Solove Next year, there will be a milestone birthday for the Electronic Communications Privacy Act (ECPA) – the primary federal law that regulates how the government and private parties can monitor people’s Internet use, wiretap their communications, peruse their email, gain access to their files, and much more. This is no ordinary […]

Great Fictional Works About Privacy and Security

By Daniel J. Solove At my annual event, the Privacy+Security Forum, which was held last month, one of the sessions  involved privacy and security in fiction. The panelists had some terrific readings suggestions, and I thought I’d share with you the write-up that they generated for their session. The speakers were: Peter Winn, Assistant U.S. […]

Privacy+Security Forum Chart of Session Times + Speakers

Privacy+Security Forum

I’m very excited that the 1st annual Privacy + Security Forum (Oct. 21-23 in Washington, DC) is finally beginning! We have about 190 speakers and 60+ sessions.   Session Descriptions: Session Descriptions Guide [link no longer available] Readings: Readings for each session are on our schedule page [link no longer available] Session Times and Location: Session […]