PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

A List of Privacy Training and Data Security Training Requirements in Laws, Regulations, and Industry Codes

by Daniel J. Solove I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training.  I know about a number of training requirements, but didn’t have a formal list.  I realized that such a list would be useful, so I created one […]

The Stunning Need for Improvement on Mobile and Cloud Risks

by Daniel J. Solove A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including […]

The HIPAA-HITECH Regulation, the Cloud, and Beyond

by Daniel J. Solove The new HIPAA-HITECH regulation is here. Officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules,” this new regulation modifies HIPAA in accordance with the changes mandated by the HITECH Act of 2009. After years of waiting and many false alarms that the regulation was going to be […]

Data Security and the Human Factor: Training and Its Challenges

Posted by Daniel J. Solove According to a stat in SC Magazine, 90% of malware requires a human interaction to infect.  One of the biggest data security threats isn’t technical – it’s the human factor.  People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in […]

Are People Really Harmed By a Data Breach?

Data Breach

“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]

Data Security: When Will the Thick Skulls Learn?

Stolen USB Drive

The Wall Street Journal reports the theft of 3.3 million student loan records, including Social Security numbers: Company and federal officials said they believed last week’s theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan […]

Final Version Available: Data Mining and the Security-Liberty Debate

Data Mining

My short essay, Data Mining and the Security-Liberty Debate, 74 U. Chi. L. Rev. 343 (2008) has just been published. I’ve posted the final version on SSRN. You can find the abstract and more information about the essay in a previous post I wrote about the subject here. The essay critiques arguments by Richard Posner […]

Data Security Laws, the States, and Federalism

Federalism and Privacy

Remember well over a year ago, when last February ChoicePoint announced it had a major data security breach? Since then hundreds of breaches have been announced — over 200 instances involving data on 88 million people. Several bills were proposed in Congress; many Senators and Representatives quickly emphasized the importance of privacy and data security. […]