Recently, South Dakota and Alabama passed data breach notification laws. These were the last two states to pass such laws, and now all 50 states have breach notification laws. There’s also a federal breach notification requirement under HIPAA (passed with the HITECH Act of 2009). In 2003, California passed the first data breach notification law. […]
Category: Data Breach
Posts about Data Breaches by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Risk and Anxiety: A Theory of Data Breach Harms
My new article was just published: Risk and Anxiety: A Theory of Data Breach Harms, 96 Texas Law Review 737 (2018). I co-authored the piece with Professor Danielle Keats Citron. We argue that the issue of harm needs a serious rethinking. Courts are too quick to conclude that data breaches don’t create harm. There are two […]
The Funniest Hacker Stock Photos 4.0: The Future of Hacking
It’s time for another installment of the funniest hacker stock photos. Because I create information security awareness training (and HIPAA security training too), I’m always in the hunt for hacker photos. For this round, I focus on the future of hacking, so I looked closely for hacker stock photos that depicted the most state-of-the-art hacking […]
Data Security Is Worsening: 2017 Was the Worst Year Yet
Every year, we hear about how climate change is worsening. It seems the same story is happening with data security. Last year was the worst year in recorded data breach history. More than 5,200 breaches were reported in 2017, with more than 7.8 billion records compromised. By comparison, there are 7.6 billion people on Earth, […]
My Privacy and Security Scholarship in 2017
In this post, I provide a brief overview of my scholarship last year. Risk and Anxiety: A Theory of Data Breach Harms I co-authored Risk and Anxiety: A Theory of Data Breach Harms with Professor Daniel Keats Citron. The piece is forthcoming in Texas Law Review this year. Even though there continues to be a steady […]
GDPR Training, Writings, and Resources: Roundup from the Past Year
The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. GDPR Whiteboard 200+ pages of […]
Game of Risks: An Interview with Adam Levin on the HBO Breach, Cybersecurity Insurance, and Cyber Risks
Recently, HBO suffered a massive data breach. The hackers stole unreleased episodes of Game of Thrones and have been leaking them before they are broadcast. Episodes of other shows were also stolen. The hackers grabbed 1.5 terabytes of data including sensitive internal documents.
Why Is HIPAA Data Breach Enforcement Increasing? An Insurer’s View from Katherine Keefe
Recently, HIPAA enforcement over data breaches is increasing – a lot. This year has seen some of the largest monetary penalties. Why is this happening? I had the chance to interview Katherine Keefe, who leads the Beazley Breach Response (BBR) Services Group. I am particularly interested in the insurer’s perspective, so I interviewed Katherine.
Cybersecurity vs. Humans: The Human Problem Requires a Human Answer
According to a recent Ponemon Institute study, the odds of an organization having a data breach are 1 in 4. The study also found that the average cost of a data breach is $3.62 million in 2017. That’s a drop of 10%, but the size of data breaches has increased. The Human Problem The vast […]
Law Firm Cybersecurity: An Industry at Serious Risk
Last year, major incidents involving law firm data breaches brought attention to the weaknesses within law firm data security and the need for more effective plans and preparation. An American Bar Association (ABA) survey reveals that 26% of firms (with more than 500 attorneys) experienced some sort of data breach in 2016, up from 23% in 2015.