PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Strategic Privacy by Design: An Interview with Jason Cronk

Privacy by Design

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be so focused on one particular dimension of privacy that it might overlook many other dimensions.”

Continue Reading

HIPAA Training Overview Page

HIPAA Training - TeachPrivacy 01
We recently developed a new overview page that discusses my approach to HIPAA training.  The page discusses several dimensions about our training, including:

  • different comprehensive annual HIPAA privacy and security modules depending upon whether an entity is a covered entity or business associate
  • courses to cover the material at different lengths
  • short modules (most 5 minutes or less) designed for on-demand or periodic training
  • many humorous cartoon vignettes to reinforce essential points about HIPAA
  • HIPAA games

Learn more about our 60+ HIPAA training topics for your workforce.

Continue Reading

Did the LabMD Case Weaken the FTC’s Approach to Data Security?

Federal Trade Commission - Washington, DC

Co-Authored by Prof. Woodrow Hartzog

On Wednesday, the U.S. Court of Appeals for the 11th Circuit issued its long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018). While there is some concern that the opinion will undermine the FTC’s power to enforce Section 5 for privacy and security issues, the opinion actually is quite narrow and is far from crippling.

While the LabMD opinion likely does have important implications for how the FTC will go about enforcing reasonable data security requirements, we think the opinion still allows the FTC to continue to build upon a coherent body of privacy and security complaints in an incremental way similar to how the common law develops. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia Law Review 584 (2014).

Continue Reading

GDPR Humor: A Collection of GDPR Cartoons and More

GDPR Humor - TeachPrivacy GDPR Training 02

Feeling stressed out about GDPR?  I can help!  Here are all of my GDPR cartoons and attempts at GDPR humor in one post.  It’s much better to laugh than to cry . . .

Continue Reading

FERPA Whiteboard and FERPA Interactive Whiteboard

FERPA Whiteboard - TeachPrivacy FERPA Training

Recently, I created two new FERPA training resources.

FERPA Whiteboard

I created a 1-page visual summary of FERPA, which I call the FERPA WhiteboardThe idea was to summarize HIPAA in a concise and visually-engaging way.  You can download a PDF handout version here.  We’ve been licensing it to many organizations for training and awareness purposes.

FERPA Interactive Whiteboard

I subsequently created a new training module — an interactive version of the FERPA Whiteboard — the FERPA Interactive Whiteboard When people click on each topic, the program provides brief narrated background information, presented in a very understandable and memorable way.  Trainees can learn at their own pace.  This program is designed to be very short — it is about 5 minutes long.

It can readily be used on internal websites to raise awareness and teach basic information about FERPA.  It can also be used in learning management systems.

Continue Reading