By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]
Category: Training
Posts about Privacy, Security & HIPAA Training by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness & security training company.
The Value of HIPAA Training
HIPAA expert Rebecca Herold offers a very compelling explanation of the value of HIPAA training. She writes: Information security and privacy education is more important than ever because new gadgets and technologies enable more healthcare workers to collect and share data. In September 2015, Cancer Care Group agreed to settle HIPAA violations by paying a […]
Blogging Highlights 2015: Cybersecurity Issues
I’ve been going through my blog posts from 2015 to find the ones I most want to highlight. Here are some selected posts about security: The Worst Password Ever Created Should the FTC Kill the Password? The Case for Better Authentication
Blogging Highlights 2015: Privacy+Security Humor
I’ve been going through my blog posts from 2015 to find the ones I most want to highlight. Here are some selected humor posts about privacy and security: The Funniest Hacker Stock Photos
Blogging Highlights 2015: Privacy Issues
I’ve been going through my blog posts from 2015 to find the ones I most want to highlight. Here are some selected posts on privacy issues: I. PHILOSOPHICAL Privacy by Design: 4 Key Points What Is Privacy? II. PRIVACY LAW Why All Law Schools Should Teach Privacy Law — and Why Many Don’t
10 Implications of the New EU General Data Protection Regulation (GDPR)
Last week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries. Clocking in at more than 200 pages, this is quite a document to digest. According to the European Commission press release: “The regulation will establish one single set of rules which […]
Ransomware’s Dilemma: Pay It or Not?
Ransomware is one of the most frightening scourges to hit the Internet. Ransomware is a form of malware (malicious code) that encrypts a person’s files and demands a ransom payment to decrypt them. If the money isn’t paid, the encryption keys are destroyed, and the data is lost forever. Ransomware began to emerge in 2009, […]
The Privacy+Security Forum
My new annual event, the Privacy + Security Forum (Oct. 21-23 in Washington, DC), is just a week away. I’m very excited about it. The goals of the event are to better unite privacy and security and to have sessions that are substantive and interactive
Phishing Your Employees: 3 Essential Tips
A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce. Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective. 1. Be careful about data collection and discipline Think about the data […]
PCI Training: Reducing the Risk of Phishing Attacks
The Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks. Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS). One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, […]