PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact

by Daniel J. Solove In the April issue of the Journal of AHIMA, I authored two short pieces about HIPAA: HIPAA Turns 10: Analyzing the Past, Present, and Future Impact 84 Journal of AHIMA 22 (April 2013) HIPAA Mighty and Flawed: Regulation has Wide-Reaching Impact on the Healthcare Industry 84 Journal of AHIMA 30 (April […]

The HIPAA-HITECH Regulation, the Cloud, and Beyond

by Daniel J. Solove The new HIPAA-HITECH regulation is here. Officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules,” this new regulation modifies HIPAA in accordance with the changes mandated by the HITECH Act of 2009. After years of waiting and many false alarms that the regulation was going to be […]

Final HIPAA-HITECH Regulation

posted by Daniel J. Solove The final HIPAA-HITECH regulation is finally out!  Clocking in at 563 pages long, the regulation, which is entitled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules” will be published in the Federal Register on January 25, 2013.  You can download the PDF of the pre-publication version here.

Educational Institutions and Cloud Computing: A Roadmap of Responsibilities

by Daniel J. Solove Increasingly, educational institutions and state entities handling student data are hiring outside companies to perform cloud computing functions related to managing personal information. The benefits of cloud computing are that outside entities might be more sophisticated at managing personal data. These entities may be able to manage data more inexpensively and […]

Employer Social Media Policies: A Brave New World

Posted by Daniel J. Solove The frequent use of social media by employees has created a new domain of risk for employers – employees who reveal confidential or sensitive information or who otherwise say things that damage their institution’s reputation or create strife with their colleagues. For example, in the healthcare context, in a number […]

Privacy Torts in Canada and the International Convergence of Privacy Law

Canadian Flag

In a recent case, the Court of Appeal for Ontario, Canada recognized the privacy torts that are widely-recognized in the United States.  Many foreign common law jurisdictions, including the United Kingdom and other countries, have steadfastly refused to recognize the privacy torts spawned by the 1890 law review article by Samuel Warren and Louis Brandeis, […]

New Privacy Law Reference Book: Privacy Law Fundamentals

Privacy Law Fundamentals

Professor Paul Schwartz (Berkeley School of Law) and I recently published a new book, PRIVACY LAW FUNDAMENTALS.  This book is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases.

NASA v. Nelson

NASA v Nelson

The U.S. Supreme Court has decided NASA v. Nelson, reversing the 9th Circuit 8-0.  My thoughts about the case are here and here [links no longer available], and as I predicted, the Court rejected the 9th Circuit holding that the government employment background check questionnaires violated the constitutional right to information privacy.  Fortunately, the Court […]

Neil Richards on Information Privacy

Neil Richards

Professor Neil Richards of Washington University Law School has posted on SSRN his recent essay, The Information Privacy Law Project, 94 Geo. L.J. 1087 (2006). He reviews my book, The Digital Person, and offers an interesting and insightful critique. Although he takes issue with some of my arguments and with the term “privacy,” I find his review […]