PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Are Many Privacy Violations Also Data Breaches?

Privacy and Security

Data breaches and privacy violations have long been thought of as different things, but actually, there is a lot of overlap. Two recent FTC cases address this issue. These cases involve the Health Breach Notification Rule, 16 CFR Part 318, which covers health data breaches beyond HIPAA. The Rule had long existed, but the FTC […]

We Still Haven’t Learned the Major Lesson of the 2013 Target Hack

Breached - Excerpt - Lessons of Target Hack 01

I have an article with Professor Woodrow Hartzog in Slate created from an excerpt from our new book, Breached! Why Data Security Law Fails and How to Improve it We Still Haven’t Learned the Major Lesson of the 2013 Target Hack By Woodrow Hartzog & Daniel Solove Slate (April 13, 2022) You can read Chapter […]

Chronicle of a Breach Foretold – Download Chapter 1 of BREACHED!

Breached - Solove and Hartzog 08

Professor Woodrow Hartzog and I have posted Chapter 1 of our new book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022) on SSRN: Chapter 1: Chronicle of a Breach Foretold You can download it for free. Website for Breached!  Breached! Amazon Page * * * * This post was authored […]

BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022)

Breached - Solove and Hartzog 05

I’m delighted to announce that my new book, Breached!, with Professor Woodrow Hartzog is now out in print: BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press, March 1, 2022) Website for Breached!  Breached! Amazon Page Excerpt from the book jacket description: Drawing insights from many fascinating stories about data breaches, Solove […]

Standing in Data Breach Cases: Why Harm Is Not “Manufactured”

Data Breach Standing - 11th Circuit

In a recent case, the U.S. Court of Appeals for the 11th Circuit weighed in on an issue that has continued to confound courts: Is there an injury caused by a data breach when victims don’t immediately suffer financial fraud?  I wrote on this issue in an article with Professor Danielle Citron in 2018, Risk and Anxiety: […]

Cartoon: Data Breach Notification

Cartoon Data Beach Notification - TeachPrivacy Security Awareness Training 02 small

This cartoon is about data breach notification.  All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe.  And, as is often said in data security, it’s not whether a breach will happen, but when . . .

The Mail Machine Ate My Thumb Drive

USB zDrive - Thumb Drive

In the annals of what must be one of the most ridiculous data security incidents, a law firm employee sent a client file on an unencrypted thumb drive in the mail.  The file contained Social Security information and other financial data. Seriously? The envelope arrived without the USB drive. The firm contacted the post office. […]

Breach Notification Laws Now in All 50 States

Data Breach Notification - TeachPrivacy Security Training

Recently, South Dakota and Alabama passed data breach notification laws.  These were the last two states to pass such laws, and now all 50 states have breach notification laws.  There’s also a federal breach notification requirement under HIPAA (passed with the HITECH Act of 2009). In 2003, California passed the first data breach notification law.  […]

GDPR Training, Writings, and Resources: Roundup from the Past Year

General Data Protection Regulation - GDPR - Training Resources by Prof. Daniel Solove

The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs.  In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task.   GDPR Whiteboard 200+ pages of […]

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]