by Daniel J. Solove PART 1 Are privacy and security laws being enforced effectively? This post is part of a series called Enforcing Privacy and Security Laws. How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws […]
Category: Enforcement
Posts about Privacy, Security and HIPAA Enforcement by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness training company.
Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week
by Daniel J. Solove As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme: The C-Suite must care The workforce must be aware In this post, I want to focus on the “C-Suite” – a term used […]
6 Lessons from the Costliest HIPAA Settlement to Date
by Daniel J. Solove The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here […]
Snapchat and FTC Privacy and Security Consent Orders
by Daniel J. Solove Co-authored by Woodrow Hartzog The Federal Trade Commission (FTC) recently entered into a consent order with the media service Snapchat for not living up to its promises about how it maintains the privacy and security of user’s data. The FTC order prohibits Snapchat from “misrepresenting the extent to which it maintains […]
Our Privacy and Data Security Depend Upon Contracts Between Organizations
by Daniel J. Solove Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in […]
The Battle for Leadership in Education Privacy Law: Will California Seize the Throne?
by Daniel J. Solove This post was co-authored by Professor Paul Schwartz, Berkeley Law School. Education was one of the first areas where privacy was regulated by a federal statute. Passed in the early 1970s, the Family Educational Rights and Privacy Act (FERPA) was on the frontier of federal privacy regulation. But now it is […]
Duties When Contracting with Data Service Providers
by Daniel J. Solove In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider. Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible […]
New Privacy Law Reference Book: Privacy Law Fundamentals
Professor Paul Schwartz (Berkeley School of Law) and I recently published a new book, PRIVACY LAW FUNDAMENTALS. This book is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases.
Criminalizing Google’s YouTube in Italy
In Italy, a rather disturbing prosecution is taking place. Google officials, including Chief Privacy Counsel Peter Fleischer, are being criminally prosecuted for a video somebody else uploaded to YouTube. According to an article by Tracey Bentley in the International Association of Privacy Professionals’ The Privacy Advisor:
Enforcing the Surveillance Laws
As many of the recent revelations of government surveillance and information gathering are revealing, government agencies such as the FBI and NSA are violating the law. Recently, the DOJ investigation into the FBI’s use of NSLs reveals many violations of law. So where are the penalties? In the latest surveillance scandal, the FBI says that it […]