PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The OPM Data Breach: Harm Without End?

By Daniel J. Solove The recent breach of the Office of Personnel Management (OPM) network involved personal data on millions of federal employees, including data related to background checks. OPM is now offering 18 months of free credit monitoring and identity theft insurance to victims. But as experts note in a recent Washington Post article, […]

Green Eggs and Ham: How Not to Market and Invade Privacy

By Daniel J. Solove Dr. Seuss’s Green Eggs and Ham is a timeless classic that is read to millions of children. At first the simple rhymes and cute drawings are alluring. But parents will soon discover the book’s terrifying equation: The tiresome repetition of the book multiplied by the number of times a child will […]

The Sony Data Breach: 3 Painful Lessons

  by Daniel J. Solove The Sony data breach is an exclamation mark on a year that is already known as the” Year of the Data Breach.” This data breach is the kind that makes even the least squeamish avert their eyes and wince. There are at least three things that this breach can teach […]

How Should the Law Handle Privacy and Data Security Harms?

by Daniel J. Solove In three earlier posts, I’ve been exploring the nature of privacy and data security harms. In the first post, Privacy and Data Security Violations: What’s The Harm?, I explored how the law often fails to recognize harm for privacy violations and data breaches. In the second post, Why the Law Often […]

Do Privacy Violations and Data Breaches Cause Harm?

by Daniel J. Solove In two earlier posts, I’ve been exploring the nature of privacy and data security harms. Post 1: Privacy and Data Security Violations: What’s The Harm? Post 2: Why the Law Often Doesn’t Recognize Privacy and Data Security Harms In this post, I want to explore two issues that frequently emerge in […]

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

by Daniel J. Solove In my previous post on privacy/security harms, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why. The Collective Harm Problem One of the challenges with data harms is that they are often created by the aggregation of many […]

Privacy and Data Security Violations: What’s the Harm?

by Daniel J. Solove “It’s just a flesh wound.” – Monty Python and the Holy Grail Suppose your personal data is lost, stolen, improperly disclosed, or improperly used. Are you harmed? Suppose a company violates its privacy policy and improperly shares your data with another company. Does this cause a harm? In most cases, courts […]

Are People Really Harmed By a Data Breach?

Data Breach

“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]

How Should Data Security Breach Notification Work?

Data Breach Notification

In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them here, here, here, here, and here. One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach […]