I’ve been creating security and privacy awareness training for years, and I am always in the hunt for good stock photos to illustrate these issues. I thought I’d share with you some of the most ridiculous ones I’ve come across.
For the past four years, I’ve posted just the funniest hacker stock photos, but this year, I thought I’d broaden the focus and include more privacy and security topics. Without further delay, here they are . . .
This cartoon about artificial intelligence is based on something I often hear — that it is impossible to understand how certain decisions are made by certain algorithms. I wonder whether this problem is due to the fact that not enough effort is being devoted to addressing ethical issues such as the transparency of the decisionmaking process. It’s easy to say in the abstract that ethics is important. But to truly matter, ethics must be a part of the primary design process, not a secondary consideration. The amount of innovation going into new technology is staggering. Although time and effort are being spent on ethics, far less innovation is going into developing the ethical part of technological design.
This cartoon is about consent under the GDPR. Under the GDPR Article 6, consent is one of the six lawful bases to process personal data. Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent. The meaning of what “consent” requires is most thoroughly stated in Recital 32:
Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.
Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI). In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section. Pursuant to HIPAA, 45 CFR 160.103:
Health informationmeans any information, including genetic information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.