PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Biggest PR Mistake in Privacy and Data Security Incidents: An Interview with PR Expert Melanie Thomas

by Daniel J. Solove It happens all the time. An organization has a privacy incident or data breach. The news stories proliferate. Cries of “shame on you” reverberate across the Internet. A number of organizations have an incident response plan, but they often don’t have much of a plan for PR. Certain incidents can take […]

How Should the Law Handle Privacy and Data Security Harms?

by Daniel J. Solove In three earlier posts, I’ve been exploring the nature of privacy and data security harms. In the first post, Privacy and Data Security Violations: What’s The Harm?, I explored how the law often fails to recognize harm for privacy violations and data breaches. In the second post, Why the Law Often […]

Do Privacy Violations and Data Breaches Cause Harm?

by Daniel J. Solove In two earlier posts, I’ve been exploring the nature of privacy and data security harms. Post 1: Privacy and Data Security Violations: What’s The Harm? Post 2: Why the Law Often Doesn’t Recognize Privacy and Data Security Harms In this post, I want to explore two issues that frequently emerge in […]

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

by Daniel J. Solove In my previous post on privacy/security harms, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why. The Collective Harm Problem One of the challenges with data harms is that they are often created by the aggregation of many […]

Privacy and Data Security Violations: What’s the Harm?

by Daniel J. Solove “It’s just a flesh wound.” – Monty Python and the Holy Grail Suppose your personal data is lost, stolen, improperly disclosed, or improperly used. Are you harmed? Suppose a company violates its privacy policy and improperly shares your data with another company. Does this cause a harm? In most cases, courts […]

6 Lessons from the Costliest HIPAA Settlement to Date

by Daniel J. Solove The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here […]

Big Data and Our Children’s Future: On Reforming FERPA

by Daniel J. Solove Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted […]

One of the Most Important Data Security Cases Was Just Decided: FTC v. Wyndham

by Daniel J. Solove The case has been quite long in the making. The opinion has been eagerly anticipated in privacy and data security circles. Fifteen years of regulatory actions have been hanging in the balance. We have waited and waited for the decision, and yesterday, it finally arrived. The case is FTC v. Wyndham, […]

Duties When Contracting with Data Service Providers

by Daniel J. Solove In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider. Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible […]

4 Points About the Target Breach and Data Security

by Daniel J. Solove There seems to be a surge in data security attacks lately. First came news of the Target attack. Then Neiman Marcus. Then the U.S Courts. Then Michael’s. Here are four points to consider about data security: 1. Beware of fraudsters engaging in post-breach fraud. After the Target breach, fraudsters sent out […]