By Daniel Solove I previously shared 5 of my favorite novels about privacy and security, and I’d now like to share 6 of my favorite films about these topics — because I just couldn’t whittle the list down to 5. I was thinking about my favorite films because I’ve been putting together a session at […]
Category: Data Security
Posts about Data Security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
PCI Training: Reducing the Risk of Phishing Attacks
The Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks. Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS). One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, […]
Start with Security: The FTC’s Data Security Guidance
Recently, the FTC issued a short guide to what organizations can do to protect data security. It is called Start with Security (HTML) — a PDF version is here. This document provides a very clear and straightforward discussion of 10 good information security measures. It uses examples from FTC cases.
Why HIPAA Matters: Medical ID Theft and the Human Cost of Health Privacy and Security Incidents
By Daniel J. Solove Whenever I go to a doctor and am asked what I do for a living, I say that I focus on information privacy law. “HIPAA?” the doctors will ask. “Yes, HIPAA,” I confess. And then the doctor’s face turns grim. At first, it looks like the face of a doctor about […]
5 Things the FTC Should Do to Improve Data Security in the Wake of Wyndham
Over at Fierce IT Security, Professor Woodrow Hartzog and I have a new essay, 5 Things the FTC Should Do to Improve Data Security in the Wake of Wyndham. The piece discusses some enforcement strategies we believe the FTC should use to maximize its effectiveness in improving data security. Our suggestions include: Do more proactive […]
New Security Training Program: Social Engineering: Spies and Sabotage
I am pleased to announce the launch of our new training program, Social Engineering: Spies and Sabotage. This course is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and […]
The High Cost of Phishing and the ROI of Phishing Training
A study recently revealed that nearly 25% of data breaches involve phishing, and it is the second most frequent data security threat companies face. Phishing is an enormous problem, and it is getting worse. In a staggering statistic, on average, a company with 10,000 employees will spend $3.7 million per year handling phishing attacks.
The FTC Has the Authority to Enforce Data Security: FTC v. Wyndham Worldwide Corp.
by Daniel J. Solove The U.S. Court of Appeals for the 3rd Circuit just affirmed the district court decision in FTC v. Wyndham Worldwide Corp., No. 14-3514 (3rd. Cir. Aug. 24, 2015). The case involves a challenge by Wyndham to an Federal Trade Commission (FTC) enforcement action emerging out of data breaches at the Wyndham. […]
Should the FTC Kill the Password? The Case for Better Authentication
Co-authored by Professor Woodrow Hartzog. Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being […]
Understanding the FTC on Privacy and Security
by Daniel J. Solove I recently held a webinar about the Federal Trade Commission (FTC) for TRUSTe called Understanding the FTC on Privacy and Security. The webinar is free and is archived at TRUSTe’s site. Here is a brief synopsis of the webinar: For the past nearly two decades, the FTC has risen to […]