Posts about Privacy and Security Humor by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
This privacy cartoon is about data minimization, a principle embodied in many privacy laws. Under the data minimization principle, organizations are to collect, process, or share only the minimum necessary personal data to achieve their purpose. There’s a lot of hat tipping to data minimization, but this principle is often not followed enough. Far too […]
This cartoon is about data breach notification. All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe. And, as is often said in data security, it’s not whether a breach will happen, but when . . .
I’ve been creating security and privacy awareness training for years, and I am always in the hunt for good stock photos to illustrate these issues. I thought I’d share with you some of the most ridiculous ones I’ve come across. For the past four years, I’ve posted just the funniest hacker stock photos, but this year, I […]
This cartoon about artificial intelligence is based on something I often hear — that it is impossible to understand how certain decisions are made by certain algorithms. I wonder whether this problem is due to the fact that not enough effort is being devoted to addressing ethical issues such as the transparency of the decisionmaking […]
Happy Halloween! I hope you enjoy this privacy cartoon about Halloween and Big Data.
This cartoon is about consent under the GDPR. Under the GDPR Article 6, consent is one of the six lawful bases to process personal data. Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent. The meaning of what “consent” requires is most thoroughly stated in Recital 32: Consent should […]
Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI). In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section. Pursuant to HIPAA, 45 CFR 160.103: Health information means any information, including genetic information, whether oral or recorded […]
This cartoon is about the GDPR’s right to data portability under Article 20. This right allows data subjects to take their data from one organization and transfer it easily to other organizations. Pursuant to the GDPR Article 20: 1. The data subject shall have the right to receive the personal data concerning him or her, […]
This cartoon is based on a fairly recent trend – countries that are requiring data localization. Data localization involves requirements that personal data collected in a certain country reside on servers within that country’s borders. Here are some articles on data localization worth looking at: • Bret Cohen, Britanie Hall, and Charlie Wood, Data Localization […]
For global organizations as well as organizations in the EU, the GDPR has brought significant attention and resources to privacy. Finally, many executives are beginning to take privacy seriously. As I recently wrote in my article, Prime Time for Privacy, at Bloomberg Law: The GDPR has taken privacy to the next level. Before the GDPR, nothing […]