Posts about Data Security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
by Daniel J. Solove A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama. The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom […]
by Daniel J. Solove I was recently interviewed in HR Horizons, the magazine of the National Association of College and University Business Officers (NACUBO) on the topic of privacy and data security in higher education. Here are a few excerpts: What is the difference between data security and data privacy, and what risks do each […]
by Daniel J. Solove A PC World article discusses a new study by Forrester that reveals that internal threats are the “leading cause” of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve “inadvertent misuse of data by employees.” According to […]
by Daniel J. Solove I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training. I know about a number of training requirements, but didn’t have a formal list. I realized that such a list would be useful, so I created one […]
by Daniel J. Solove I recently posted a draft of my new article, The FTC and the New Common Law of Privacy (with Professor Woodrow Hartzog). You can download it for free on SSRN. One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has […]
by Daniel J. Solove A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including […]
by Daniel J. Solove The new HIPAA-HITECH regulation is here. Officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules,” this new regulation modifies HIPAA in accordance with the changes mandated by the HITECH Act of 2009. After years of waiting and many false alarms that the regulation was going to be […]
Posted by Daniel J. Solove According to a stat in SC Magazine, 90% of malware requires a human interaction to infect. One of the biggest data security threats isn’t technical – it’s the human factor. People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in […]
A new report by the Ponemon Institute reveals some startling statistics about data security in healthcare:
“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]