PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Should Privacy Law Regulate Technological Design? An Interview with Woodrow Hartzog

Blueprint Privacy 03

Hot off the press is Professor Woodrow Hartzog’s new book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies (Harvard Univ. Press 2018). This is a fascinating and engaging book about a very important and controversial topic: Should privacy law regulate technological design? […]

Read More…

Data Security Is Worsening: 2017 Was the Worst Year Yet

Every year, we hear about how climate change is worsening. It seems the same story is happening with data security. Last year was the worst year in recorded data breach history. More than 5,200 breaches were reported in 2017, with more than 7.8 billion records compromised. By comparison, there are 7.6 billion people on Earth, […]

Read More…

My Privacy and Security Scholarship in 2017

Scholarship about Privacy and Security

In this post, I provide a brief overview of my scholarship last year. Risk and Anxiety: A Theory of Data Breach Harms  I co-authored  Risk and Anxiety: A Theory of Data Breach Harms with Professor Daniel Keats Citron.  The piece is forthcoming in Texas Law Review this year.  Even though there continues to be a steady […]

Read More…

GDPR Training, Writings, and Resources: Roundup from the Past Year

General Data Protection Regulation - GDPR - Training Resources by Prof. Daniel Solove

The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs.  In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task.   GDPR Whiteboard 200+ pages of […]

Read More…

The Hidden Force That Will Drive GDPR Privacy Compliance

GDPR Compliance

  The clock is ticking on getting ready to comply with the EU General Data Protection Regulation (GDPR). EU regulators will start enforcing it on May 25, 2018. GDPR is less than a year away, and it’s quite a challenge to get ready for. Becoming compliant is not something that can be achieved overnight, or in a […]

Read More…

Student Privacy in Peril: Massive Data Gathering With Inadequate Privacy and Security

TeachPrivacy Ad Privacy Training Security Training 01

In October, personal financial data — including social security numbers, loan repayment histories and bank-routing numbers – of thousands of college students was exposed on the Department of Education’s (ED) direct loan website. For seven minutes, anyone surfing the direct loan website could find personal information about students who had borrowed from the Department of […]

Read More…

Education Privacy in Peril

Education Privacy

I have been spending a lot of time examining education privacy lately, and there are some very troubling things going on in this field.   At a general level, schools lack much sophistication in how they handle privacy issues.  Other industry sectors that handle sensitive personal data have Chief Privacy Officers and a comprehensive privacy program.  […]

Read More…

Are People Really Harmed By a Data Breach?

Data Breach

“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]

Read More…