News, Developments, and Insights

high-tech technology background with eyes on computer display

New Privacy Training Programs: US, EU, and Global Privacy Law

by Daniel J. Solove

We have launched several new privacy training programs, including a series with brief introductions to privacy law.  We have completed a privacy training program about US Privacy Law with a video and interactive material / quiz questions.  And we just completed a training program about EU Privacy Law.  This program has a 7.5 minute video (as well as an abridged version at 4.5 minutes), and there’s a separate excerpt on the Safe Harbor Arrangement for those who only want to cover Safe Harbor in their training programs.

These programs are illustrated-as-I-talk.  You can preview the European Union Privacy Law video.

Coming soon: Global Privacy Law, which will focus heavily on the OECD Privacy Guidelines and  the APEC Privacy Framework.

European Union Privacy Training



New Financial Privacy Training Programs

by Daniel J. Solove

We have begun producing a new program series about financial privacy.  The first two programs are completed.

The first part is an overview video that discusses the importance of financial privacy and the various laws and regulations that regulate.  These laws and regulations are discussed very broadly.  The video concludes with some key best practices for protecting financial data.  This video is made in a unique style — an animated piece of currency.

The second program focuses on the Gramm-Leach-Bliley Act (GLBA).  The video discusses the GLBA’s scope, notice, confidentiality, data sharing, and security.  The video also explains why protecting the privacy and security of financial data is important.

Gramm-Leach-Bliley Act Privacy Training GLBA

There are interactive materials and quiz questions to accompany the video.

New Privacy by Design Training Video

I recently created this 2-minute comical cartoon vignette to teach about the importance of privacy and apps.  Far too often, apps are not designed with privacy in mind, and people install apps without considering the privacy implications.

[Video no longer available online – please contact us if you’d like to see it]

More About Apps and Privacy

FPF & CDT, Best Practices for Mobile App Developers

Pew Internet Survey, Privacy and Data Management on Mobile Devices

TRUSTe, Get a Privacy Policy for Your Mobile App

FTC, Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing

New York Times Bits Blog, Consumers Say No to Mobile Apps That Grab Too Much Data

Washington Post Post Tech Blog, App Developers, Privacy Advocates Work Out Suggestions for Policy Disclosure

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics.  This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 600,000 followers.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter

Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security

Employer Social Media Policies: A Brave New World

Posted by Daniel J. Solove

Social Media Policies and TrainingThe frequent use of social media by employees has created a new domain of risk for employers – employees who reveal confidential or sensitive information or who otherwise say things that damage their institution’s reputation or create strife with their colleagues.

For example, in the healthcare context, in a number of widely-publicized incidents, employees revealed confidential information about patients on their blogs and social network profiles. For example, according to a Boston Globe story, an emergency room physician posted data online about the patient. The physician thought that it was safe to post about as long as she did not include the patient’s name. But others could identify the patient.  There are numerous recent cases where hospital staff have posted photos and other information about patients online.

Continue Reading

Data Security and the Human Factor: Training and Its Challenges

Posted by Daniel J. Solove

According to a stat in SC Magazine, 90% of malware requires a human interaction to infect.  One of the biggest data security threats isn’t technical – it’s the human factor.  People click when they shouldn’t click, put data on portable devices when they shouldn’t, email sensitive information, and engage in a host of risky behaviors.  A lot of hacking doesn’t involve technical wizardry but is essentially con artistry.  I’m a fan of the ex-hacker Kevin Mitnick’s books where he relates some of his clever tricks.  He didn’t need to hack in order to get access to a computer system – he could trick people into readily telling him their passwords.

There have been a number of good recent articles on data security and data security training.  Robert O’Harrow, Jr.’s recent piece in the Washington Post discusses the human element to data security in his piece, “In Cyberattacks, Hacking Humans is Highly Effective Way to Access Systems.”  The article describes the increasing sophistication of phishing.  The old misspelled lottery scam emails are now your grandfather’s phishing.  Today’s phishing is more personalized – and much more likely to trick people.  According to O’Harrow’s article: “The explosive growth of cyberspace has created a fertile environment for hackers. Facing the flood of e-mail, instant messages and other digital communication, many people have a hard time judging whether notes or messages from friends, family or colleagues are real. Many don’t even try.”  O’Harrow goes on to note that “Hackers are so confident about such permissiveness that they sometimes begin their attacks in social media three or four steps removed from their actual targets. The hackers count on the malicious code spreading to the proper company or government agency — passed along in photos, documents or Web pages.”

Continue Reading