PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

NSA Metadata Surveillance and the Fourth Amendment

by Daniel J. Solove A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama. The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom […]

Privacy and Data Security in Higher Education

by Daniel J. Solove I was recently interviewed in HR Horizons, the magazine of the National Association of College and University Business Officers (NACUBO) on the topic of privacy and data security in higher education. Here are a few excerpts: What is the difference between data security and data privacy, and what risks do each […]

Data Security: The Greatest Threat Is Internal

by Daniel J. Solove A PC World article discusses a new study by Forrester that reveals that internal threats are the “leading cause” of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve “inadvertent misuse of data by employees.” According to […]

A List of Privacy Training and Data Security Training Requirements in Laws, Regulations, and Industry Codes

by Daniel J. Solove I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training.  I know about a number of training requirements, but didn’t have a formal list.  I realized that such a list would be useful, so I created one […]

The Stunning Need for Improvement on Mobile and Cloud Risks

by Daniel J. Solove A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including […]

The HIPAA-HITECH Regulation, the Cloud, and Beyond

by Daniel J. Solove The new HIPAA-HITECH regulation is here. Officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules,” this new regulation modifies HIPAA in accordance with the changes mandated by the HITECH Act of 2009. After years of waiting and many false alarms that the regulation was going to be […]

Data Security and the Human Factor: Training and Its Challenges

Posted by Daniel J. Solove According to a stat in SC Magazine, 90% of malware requires a human interaction to infect.  One of the biggest data security threats isn’t technical – it’s the human factor.  People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in […]

Are People Really Harmed By a Data Breach?

Data Breach

“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]