PRIVACY + SECURITY BLOG

News, Developments, and Insights

The Funniest Privacy and Security Stock Photos

Security On Off

I’ve been creating security and privacy awareness training for years, and I am always in the hunt for good stock photos to illustrate these issues.  I thought I’d share with you some of the most ridiculous ones I’ve come across.

For the past four years, I’ve posted just the funniest hacker stock photos, but this year, I thought I’d broaden the focus and include more privacy and security topics.  Without further delay, here they are . . .

Continue Reading

Cartoon: Artificial Intelligence

Cartoon Artificial Intelligence 02 small

This cartoon about artificial intelligence is based on something I often hear — that it is impossible to understand how certain decisions are made by certain algorithms.  I wonder whether this problem is due to the fact that not enough effort is being devoted to addressing ethical issues such as the transparency of the decisionmaking process.  It’s easy to say in the abstract that ethics is important.  But to truly matter, ethics must be a part of the primary design process, not a secondary consideration.  The amount of innovation going into new technology is staggering.  Although time and effort are being spent on ethics, far less innovation is going into developing the ethical part of technological design.

Continue Reading

Cartoon: GDPR Consent

Cartoon GDPR Consent - TeachPrivacy GDPR Training 02 medium

This cartoon is about consent under the GDPR.  Under the GDPR Article 6, consent is one of the six lawful bases to process personal data. Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent.  The meaning of what “consent” requires is most thoroughly stated in Recital 32:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Continue Reading

Cartoon: HIPAA Protected Health Information

Cartoon HIPAA PHI - TeachPrivacy HIPAA Training 02

Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI).  In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section.  Pursuant to HIPAA, 45 CFR 160.103:

Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:
(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Continue Reading