PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

What Can We Learn From Bad Passwords?

By Daniel J. Solove The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015.  The list is compiled annually by examining passwords leaked during a particular year.  Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to […]

Read More…

The Scope and Potential of FTC Data Protection

FTC Privacy and Security

I am pleased to announce the publication of my article, The Scope and Potential of FTC Data Protection., 83 George Washington Law Review 2230 (2015).  I wrote the article with Professor Woodrow Hartzog. The article addresses  the scope of FTC authority in the areas of privacy and data security (which together we refer to as […]

Read More…

The Kafkaesque Sacrifice of Encryption Security in the Name of Security

Encryption Backdoors - Kafkaesque

By Daniel J. Solove Proponents for allowing government officials to have backdoors to encrypted communications need to read Franz Kafka.  Nearly a century ago, Kafka deftly captured the irony at the heart of their argument in his short story, “The Burrow.” After the Paris attacks, national security proponents in the US and abroad have been […]

Read More…

Does Cybersecurity Law Work Well? An Interview with Ed McNicholas

Cyber Security

“The US is developing a law of cybersecurity that is incoherent and unduly complex,” says Ed McNicholas, one of the foremost experts on cybersecurity law.  McNicholas is a partner at Sidley Austin LLP and co-editor of the newly-published treatise, Cybersecurity: A Practical Guide to the Law of Cyber Risk (with co-editor Vivek K. Mohan).   The […]

Read More…

K-12 Schools Must Teach Data Privacy and Security

By Daniel J. Solove It is essential that children learn about data privacy and security.  Their lives will be fully enveloped by technologies that involve data.  But far too little about these topics is currently taught in most schools.  Fortunately, there is a solution, one that I’m proud to have been involved in creating.  The […]

Read More…

Alan Westin’s Privacy and Freedom

Alan Westin Privacy and Freedom

I am pleased to announce that Alan Westin’s classic work, Privacy and Freedom, is now back in print.  Originally published in 1967, Privacy and Freedom had an enormous influence in shaping the discourse on privacy in the 1970s and beyond, when the Fair Information Practice Principles (FIPPs) were developed. The book contains a short introduction […]

Read More…

Privacy+Security Forum Chart of Session Times + Speakers

Privacy+Security Forum

I’m very excited that the 1st annual Privacy + Security Forum (Oct. 21-23 in Washington, DC) is finally beginning! We have about 190 speakers and 60+ sessions.   Session Descriptions: Session Descriptions Guide [link no longer available] Readings: Readings for each session are on our schedule page [link no longer available] Session Times and Location: Session […]

Read More…

Sunken Safe Harbor: 5 Implications of Schrems and US-EU Data Transfer

By Daniel J. Solove In a profound ruling with enormous implications,the European Court of Justice (ECJ) has declared the Safe Harbor Arrangement to be invalid. [Press Release]  [Opinion] The Safe Harbor Arrangement The Safe Harbor Arrangement has been in place since 2000, and it is a central means by which data about EU citizens can […]

Read More…

Phishing Your Employees: 3 Essential Tips

Phishing Training

A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce.  Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective. 1. Be careful about data collection and discipline Think about the data […]

Read More…