This cartoon focuses on the lawful processing requirement. Under the EU’s General Data Protection Regulation G(DPR), the collection and processing of personal data must be for “specified, explicit and legitimate purposes.” This is in contrast to the United States where the processing of personal information is permitted unless a law forbids it. Under the GDPR, […]
Category: Privacy Training
Our Privacy Training programs at TeachPrivacy are ideal for general and role-based privacy awareness training. 150+ topics: HIPAA, FERPA, GDPR, CCPA, Phishing and more.
Key WP29 Documents for GDPR
The Article 29 Working Party was created by the EU Data Protection Directive in 1996. Its purpose is to provide advice, opinions, and guidance about data protection. The Article 29 Working Party is composed of a representative from each EU member state. The General Data Protection Regulation (GDPR) will replace the Working Party with the […]
My Privacy and Security Scholarship in 2017
In this post, I provide a brief overview of my scholarship last year. Risk and Anxiety: A Theory of Data Breach Harms I co-authored Risk and Anxiety: A Theory of Data Breach Harms with Professor Daniel Keats Citron. The piece is forthcoming in Texas Law Review this year. Even though there continues to be a steady […]
Cartoon on GDPR Vendor Management
This cartoon depicts the challenges of complying with GDPR’s requirements for vendor management. Under the GDPR, there are serious responsibilities when using a vendor to process personal data. Broadly, there are three things that data controllers must do: 1. Data controllers must perform due diligence in selecting vendors and that are complaint with GDPR. […]
Notable Privacy and Security Books 2017
Here are some notable books on privacy and security from 2017. To see a more comprehensive list of nonfiction works about privacy and security, Professor Paul Schwartz and I maintain a resource page on Nonfiction Privacy + Security Books.
10 Reasons Why the Fourth Amendment Third Party Doctrine Should Be Overruled in Carpenter v. US
The U.S. Supreme Court will be hearing arguments this week in Carpenter v. United States, which is one of the most important Fourth Amendment cases before the Court. The case involves whether the Third Party Doctrine will remain viable. If so, the Fourth Amendment will fade into obsolescence in today’s digital age. In this post, […]
Silencing #MeToo: How NDAs and Litigation Stifle Victims, Innovators, and Critics — An Interview with Orly Lobel
Countless women have been coming forward to say #MeToo and share their traumatic stories of sexual harassment and assault. But there are many stories we’re not hearing. These stories are being silenced by extremely broad nondisclosure agreements (NDAs), some made at the outset of employment and others when settling litigation over sexual harassment. They […]
Beyond GDPR: The Challenge of Global Privacy Compliance — An Interview with Lothar Determann
For multinational organizations in an increasingly global economy, privacy law compliance can be bewildering these days. There is a tangle of international privacy laws of all shapes and sizes, with strict new laws popping up at a staggering speed. Federal US law continues to fade in its influence, with laws and regulators from abroad taking the […]
Game of Risks: An Interview with Adam Levin on the HBO Breach, Cybersecurity Insurance, and Cyber Risks
Recently, HBO suffered a massive data breach. The hackers stole unreleased episodes of Game of Thrones and have been leaking them before they are broadcast. Episodes of other shows were also stolen. The hackers grabbed 1.5 terabytes of data including sensitive internal documents.
Cybersecurity vs. Humans: The Human Problem Requires a Human Answer
According to a recent Ponemon Institute study, the odds of an organization having a data breach are 1 in 4. The study also found that the average cost of a data breach is $3.62 million in 2017. That’s a drop of 10%, but the size of data breaches has increased. The Human Problem The vast […]