Posts about Data Security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Ransomware has long been a scourge. Since at least 2012, ransomware has grown dramatically. Ransoms have increased — the average ransom payout is now more than $40,000. Organizations most hit are public sector, software services, professional services, and healthcare. Healthcare, in particular, is a soft target because of the need to get systems back and […]
It is an understatement to say that a lot has happened in privacy law during the past decade. Here is my list of the most notable developments. NOTE: I am giving a particular emphasis to what I find to be notable from a United States perspective. What is notable privacy law depends upon where one […]
This cartoon is about evolution of data breaches, which began to grab headlines back in 2005, thanks in large part to California’s data breach notification law — the first of such laws. Since that time, every state has passed breach notification laws, and there are breach notification laws sprouting up around the world. Every day, […]
This cartoon is about data breach notification. All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe. And, as is often said in data security, it’s not whether a breach will happen, but when . . .
There have been quite a number of state HIPAA enforcement cases this year, and one expert points out a trend toward increasing state enforcement of HIPAA. An article in Data Breach Today discusses a number of state HIPAA enforcement cases. Here are some of the ones discussed: Massachusetts — $75,000 settlement with McLean Hospital for […]
It is sad to say goodbye to ConcurringOpinions.com, a law professor blog I co-founded in 2005. The blog began when a group of us (Dave Hoffman, Kaimi Wenger, Nate Oman, and me) who were blogging at PrawfsBlawg decided we wanted more autonomy in blog governance, so we founded Concurring Opinions. Over the years, we added […]
12/13/18 Update: Here is the video from the session described below. On Wednesday, December 12, 2018, I’ll be speaking at the Data Security hearing, part of the FTC Hearings on Competition and Consumer Protection in the 21st Century. My panel begins at 1:00 PM: The U.S. Approach to Consumer Data Security Wednesday, December 12, 2018 from […]
In the annals of what must be one of the most ridiculous data security incidents, a law firm employee sent a client file on an unencrypted thumb drive in the mail. The file contained Social Security information and other financial data. Seriously? The envelope arrived without the USB drive. The firm contacted the post office. […]
Cybersecurity litigation is currently at a crossroads. Courts have struggled in these cases, coming out in wildly inconsistent ways about whether a data breach causes harm. Although the litigation landscape is uncertain, there are some near certainties about cybersecurity generally: There will be many data breaches, and they will be terrible and costly. We thus […]
In the period of just a week, California passed a bold new privacy law — the California Consumer Privacy Act of 2018. This law was hurried through the legislative process to avoid a proposed ballot initiative with the same name. The ballot initiative was the creation of Alastair Mactaggart, a real estate developer who spent […]