PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Most Effective Factor in Education

most effective education blog 1

by Daniel J. Solove

I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.

Simply put, students must care about learning the material. The more they care, the more they learn.

The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.

Continue Reading

5 Things School Officials Must Know About Privacy

schools must know blog 1

by Daniel J. Solove

I have produced a new short video for the newly-launched education privacy website of SafeGov. The site is called edu.SafeGov.org, and it contains a wonderful array of resources for parents, school officials, and policymakers regarding education privacy issues.

Continue Reading

Is Data Security Awareness Training Effective?

data security awareness blog 1

by Daniel J. Solove

A recent article in CIO explores the question: Is data security awareness training effective?

The answer: Yes.

The article points to an ISACA study that seeks to measure the effectiveness of data security awareness training. The study concludes: “Security awareness training is a vital nontechnical component to information security. As such, it is in the interest of the public and private sectors to continue to research this component that directly impacts security’s weakest link: humans.”

Continue Reading

A List of Privacy Training and Data Security Training Requirements in Laws, Regulations, and Industry Codes

Privacy Writing 04by Daniel J. Solove

I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training.  I know about a number of training requirements, but didn’t have a formal list.  I realized that such a list would be useful, so I created one with the help of Joe Newman, a former student who now does some work for my company.

The PDF is here.  It provides information about each requirement, citations, and quotations of the relevant provisions.  Below is a summary.   If there are any training requirements we missed, please let me know.

Continue Reading

The Stunning Need for Improvement on Mobile and Cloud Risks

Cloud and Mobile 02by Daniel J. Solove

A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.

The study concluded that “the greatest data protection risks to regulated data exist on mobile devices and the cloud.” 69% of respondents listed mobile devices as posing the greatest risk followed by 45% who listed cloud computing.

Continue Reading