Posts about Data Breach Notification by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
Data breaches and privacy violations have long been thought of as different things, but actually, there is a lot of overlap. Two recent FTC cases address this issue. These cases involve the Health Breach Notification Rule, 16 CFR Part 318, which covers health data breaches beyond HIPAA. The Rule had long existed, but the FTC […]
I have an article with Professor Woodrow Hartzog in Slate created from an excerpt from our new book, Breached! Why Data Security Law Fails and How to Improve it We Still Haven’t Learned the Major Lesson of the 2013 Target Hack By Woodrow Hartzog & Daniel Solove Slate (April 13, 2022) You can read Chapter […]
Professor Woodrow Hartzog and I have posted Chapter 1 of our new book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022) on SSRN: Chapter 1: Chronicle of a Breach Foretold You can download it for free. Website for Breached! Breached! Amazon Page * * * * This post was authored […]
I’m delighted to announce that my new book, Breached!, with Professor Woodrow Hartzog is now out in print: BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press, March 1, 2022) Website for Breached! Breached! Amazon Page Excerpt from the book jacket description: Drawing insights from many fascinating stories about data breaches, Solove […]
In a recent case, the U.S. Court of Appeals for the 11th Circuit weighed in on an issue that has continued to confound courts: Is there an injury caused by a data breach when victims don’t immediately suffer financial fraud? I wrote on this issue in an article with Professor Danielle Citron in 2018, Risk and Anxiety: […]
This cartoon is about data breach notification. All 50 states plus the District of Columbia and Puerto Rico now have data breach notification laws, and breach notification laws are spreading around the globe. And, as is often said in data security, it’s not whether a breach will happen, but when . . .
In the annals of what must be one of the most ridiculous data security incidents, a law firm employee sent a client file on an unencrypted thumb drive in the mail. The file contained Social Security information and other financial data. Seriously? The envelope arrived without the USB drive. The firm contacted the post office. […]
Recently, South Dakota and Alabama passed data breach notification laws. These were the last two states to pass such laws, and now all 50 states have breach notification laws. There’s also a federal breach notification requirement under HIPAA (passed with the HITECH Act of 2009). In 2003, California passed the first data breach notification law. […]
The General Data Protection Regulation (GDPR) is one of the world’s strictest data privacy laws and requires privacy professionals around the globe to design and implement comprehensive compliance programs. In the past year, I developed a series of resources and training courses to assist privacy professionals with this complex task. GDPR Whiteboard 200+ pages of […]
As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice. Although most of […]