Posts about Data Security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
I created a new poster about information security training, which is debuting at the RSA conference. This poster is based on the fact that the vast majority of information security incidents and data breaches occur because of human mistakes. Information security is only in small part a technology problem; it is largely a human problem. […]
I’m pleased to announce a new training program: Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete. Trainees are asked to spot the risks in an office. Feedback is provided about each risk so trainees learn many of the most important best […]
For several years, I have been posting about notable books on privacy and security, and this post lists some of the notable books from 2015. To see a more comprehensive list of nonfiction works about privacy and security, you might consult this resource page that Professor Paul Schwartz and I maintain: Nonfiction Privacy + Security […]
By Daniel J. Solove The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015. The list is compiled annually by examining passwords leaked during a particular year. Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to […]
I created some new training programs last year, and here are some of the highlights: The Ransomware Attack (~5 mins) This short program (~5 minutes) consists of an interactive cartoon vignette about malware. The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches […]
Professor Woodrow Hartzog and I have just published our new article, The Ultimate Unifying Approach to Complying with All Laws and Regulations, 19 Green Bag 2d 223 (2016). Our article took years of research and analysis, intensive writing, countless drafts, and endless laboring over every word. But we hope we achieved a monumental breakthrough in the […]
A new report by Verizon, the PHI Data Breach report, analyzes 1,931 data breaches of protected health information (PHI) under HIPAA, The incidents occurred between 1994 and 2014, with most occurring from 2004-2014. An article from Computer World sums up the findings of the report. One interesting statistic is that 392 million PHI records were […]
By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]
I am pleased to announce the publication of my article, The Scope and Potential of FTC Data Protection., 83 George Washington Law Review 2230 (2015). I wrote the article with Professor Woodrow Hartzog. The article addresses the scope of FTC authority in the areas of privacy and data security (which together we refer to as […]
I’ve been going through my blog posts from 2015 to find the ones I most want to highlight. Here are some selected posts about security: The Worst Password Ever Created Should the FTC Kill the Password? The Case for Better Authentication