by Daniel J. Solove I was recently interviewed in HR Horizons, the magazine of the National Association of College and University Business Officers (NACUBO) on the topic of privacy and data security in higher education. Here are a few excerpts: What is the difference between data security and data privacy, and what risks do each […]
Category: Data Security
Posts about Data Security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Data Security: The Greatest Threat Is Internal
by Daniel J. Solove A PC World article discusses a new study by Forrester that reveals that internal threats are the “leading cause” of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve “inadvertent misuse of data by employees.” According to […]
A List of Privacy Training and Data Security Training Requirements in Laws, Regulations, and Industry Codes
by Daniel J. Solove I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training. I know about a number of training requirements, but didn’t have a formal list. I realized that such a list would be useful, so I created one […]
The FTC and the New Common Law of Privacy
by Daniel J. Solove I recently posted a draft of my new article, The FTC and the New Common Law of Privacy (with Professor Woodrow Hartzog). You can download it for free on SSRN. One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has […]
The Stunning Need for Improvement on Mobile and Cloud Risks
by Daniel J. Solove A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including […]
The HIPAA-HITECH Regulation, the Cloud, and Beyond
by Daniel J. Solove The new HIPAA-HITECH regulation is here. Officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules,” this new regulation modifies HIPAA in accordance with the changes mandated by the HITECH Act of 2009. After years of waiting and many false alarms that the regulation was going to be […]
Data Security and the Human Factor: Training and Its Challenges
Posted by Daniel J. Solove According to a stat in SC Magazine, 90% of malware requires a human interaction to infect. One of the biggest data security threats isn’t technical – it’s the human factor. People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in […]
Data Security in Healthcare: Some Startling Statistics
A new report by the Ponemon Institute reveals some startling statistics about data security in healthcare:
Are People Really Harmed By a Data Breach?
“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]
Data Security: When Will the Thick Skulls Learn?
The Wall Street Journal reports the theft of 3.3 million student loan records, including Social Security numbers: Company and federal officials said they believed last week’s theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan […]