PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Drones, Data Breaches, Cramming, and Other Privacy + Security Updates

by Daniel J. Solove This post is co-authored with Professor Paul M. Schwartz. This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We became quite busy after […]

Read More…

Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole

by Daniel J. Solove At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with […]

Read More…

Jennifer Lawrence’s Nude Photos and Civil Rights Law: An Interview with Danielle Citron

Online Harm

“It is a sexual violation. It’s disgusting. The law needs to be changed, and we need to change.” — Jennifer Lawrence on her nude photos being non-consensually disclosed online Fairly recently, Jennifer Lawrence’s iCloud account was hacked and her private nude photos were stolen and posted online. She was mortified. Her case is just one […]

Read More…

Why Do Lawsuits for Data Breaches Continue Even Though the Law Is Against Plaintiffs?

by Daniel J. Solove If there’s a big data breach, the class action lawyers will start nipping like a bunch of hungry crocodiles. Upwards of forty separate lawsuits were filed against Target after its data breach, and one was filed the day after the breach became public knowledge. The law, however, has thus far been […]

Read More…

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

  by Daniel J. Solove As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme: The C-Suite must care The workforce must be aware In this post, I want to focus on the “C-Suite” – a term used […]

Read More…

How Should the Law Handle Privacy and Data Security Harms?

by Daniel J. Solove In three earlier posts, I’ve been exploring the nature of privacy and data security harms. In the first post, Privacy and Data Security Violations: What’s The Harm?, I explored how the law often fails to recognize harm for privacy violations and data breaches. In the second post, Why the Law Often […]

Read More…

Do Privacy Violations and Data Breaches Cause Harm?

by Daniel J. Solove In two earlier posts, I’ve been exploring the nature of privacy and data security harms. Post 1: Privacy and Data Security Violations: What’s The Harm? Post 2: Why the Law Often Doesn’t Recognize Privacy and Data Security Harms In this post, I want to explore two issues that frequently emerge in […]

Read More…

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

by Daniel J. Solove In my previous post on privacy/security harms, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why. The Collective Harm Problem One of the challenges with data harms is that they are often created by the aggregation of many […]

Read More…