by Daniel J. Solove The case has been quite long in the making. The opinion has been eagerly anticipated in privacy and data security circles. Fifteen years of regulatory actions have been hanging in the balance. We have waited and waited for the decision, and yesterday, it finally arrived. The case is FTC v. Wyndham, […]
Category: Data Breach
Posts about Data Breaches by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Duties When Contracting with Data Service Providers
by Daniel J. Solove In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider. Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible […]
4 Points About the Target Breach and Data Security
by Daniel J. Solove There seems to be a surge in data security attacks lately. First came news of the Target attack. Then Neiman Marcus. Then the U.S Courts. Then Michael’s. Here are four points to consider about data security: 1. Beware of fraudsters engaging in post-breach fraud. After the Target breach, fraudsters sent out […]
Data Security in Healthcare: Some Startling Statistics
A new report by the Ponemon Institute reveals some startling statistics about data security in healthcare:
Student Privacy in Peril: Massive Data Gathering With Inadequate Privacy and Security
In October, personal financial data — including social security numbers, loan repayment histories and bank-routing numbers – of thousands of college students was exposed on the Department of Education’s (ED) direct loan website. For seven minutes, anyone surfing the direct loan website could find personal information about students who had borrowed from the Department of […]
Student Privacy in Peril
Over at the Huffington Post, I have a short piece about the growing problems with student data. Here’s the opening:
Education Privacy in Peril
I have been spending a lot of time examining education privacy lately, and there are some very troubling things going on in this field. At a general level, schools lack much sophistication in how they handle privacy issues. Other industry sectors that handle sensitive personal data have Chief Privacy Officers and a comprehensive privacy program. […]
Are People Really Harmed By a Data Breach?
“It’s just a flesh wound.” — Monty Python and the Holy Grail Over at Privacy & Security Source, Andrew Serwin, a leading privacy lawyer and author of an excellent treatise on privacy law, has a very thoughtful and informative post [link no longer available] about cases where courts found no harm to individuals by data […]
Data Security: When Will the Thick Skulls Learn?
The Wall Street Journal reports the theft of 3.3 million student loan records, including Social Security numbers: Company and federal officials said they believed last week’s theft of identity data on 3.3 million people with student loans was the largest-ever breach of such information and could affect as many as 5% of all federal student-loan […]
How Should Data Security Breach Notification Work?
In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them here, here, here, here, and here. One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach […]