PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Law Firm Cyber Security and Privacy Risks

law firm data security

By Daniel J. Solove Law firms are facing grave privacy and security risks. Although a number of firms are taking steps to address these risks, the industry as a whole needs to grasp the severity of the risk. For firms, privacy and security risks can be significantly higher than for other organizations. Incidents can be […]

Drones, Data Breaches, Cramming, and Other Privacy + Security Updates

by Daniel J. Solove This post is co-authored with Professor Paul M. Schwartz. This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We became quite busy after […]

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

by Daniel J. Solove At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with […]

Jennifer Lawrence’s Nude Photos and Civil Rights Law: An Interview with Danielle Citron

Online Harm

“It is a sexual violation. It’s disgusting. The law needs to be changed, and we need to change.” — Jennifer Lawrence on her nude photos being non-consensually disclosed online Fairly recently, Jennifer Lawrence’s iCloud account was hacked and her private nude photos were stolen and posted online. She was mortified. Her case is just one […]

Why Do Lawsuits for Data Breaches Continue Even Though the Law Is Against Plaintiffs?

by Daniel J. Solove If there’s a big data breach, the class action lawyers will start nipping like a bunch of hungry crocodiles. Upwards of forty separate lawsuits were filed against Target after its data breach, and one was filed the day after the breach became public knowledge. The law, however, has thus far been […]

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

  by Daniel J. Solove As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme: The C-Suite must care The workforce must be aware In this post, I want to focus on the “C-Suite” – a term used […]

How Should the Law Handle Privacy and Data Security Harms?

by Daniel J. Solove In three earlier posts, I’ve been exploring the nature of privacy and data security harms. In the first post, Privacy and Data Security Violations: What’s The Harm?, I explored how the law often fails to recognize harm for privacy violations and data breaches. In the second post, Why the Law Often […]

Do Privacy Violations and Data Breaches Cause Harm?

by Daniel J. Solove In two earlier posts, I’ve been exploring the nature of privacy and data security harms. Post 1: Privacy and Data Security Violations: What’s The Harm? Post 2: Why the Law Often Doesn’t Recognize Privacy and Data Security Harms In this post, I want to explore two issues that frequently emerge in […]

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

by Daniel J. Solove In my previous post on privacy/security harms, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why. The Collective Harm Problem One of the challenges with data harms is that they are often created by the aggregation of many […]