PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

  by Daniel J. Solove As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme: The C-Suite must care The workforce must be aware In this post, I want to focus on the “C-Suite” – a term used […]

The 2 Essential Ways to Prevent Data Breaches

by Daniel J. Solove We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . .

6 Lessons from the Costliest HIPAA Settlement to Date

by Daniel J. Solove The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here […]

How Should Data Security Breach Notification Work?

Data Breach Notification

In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them here, here, here, here, and here. One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach […]

Data Security Laws, the States, and Federalism

Federalism and Privacy

Remember well over a year ago, when last February ChoicePoint announced it had a major data security breach? Since then hundreds of breaches have been announced — over 200 instances involving data on 88 million people. Several bills were proposed in Congress; many Senators and Representatives quickly emphasized the importance of privacy and data security. […]

The Government’s Data Security Breach and “Data Neutralization”

Digital Person Privacy

The AP reports an enormous breach of data security by the government: Thieves took sensitive personal information on 26.5 million U.S. veterans, including Social Security numbers and birth dates, after a Veterans Affairs employee improperly brought the material home, the government said Monday. The information involved mainly those veterans who served and have been discharged since 1975, […]

ChoicePoint: More Than 145,000 Victims?

ChoicePoint Data Breach

ChoicePoint just won’t be outdone. They were, after all, the company that started all the extensive attention on data security breaches. Back in February 2005, ChoicePoint announced that it had improperly sold personal data on about 145,000 people to identity thieves. Pursuant to a California data security breach notice law, ChoicePoint notified the affected individuals […]

Information Privacy and the States

Privacy Law and the States

There’s been a ton of media exposure about security breaches at major companies.   Most recently, Time Warner admitted it lost data on 600,000 current and former employees.  Bank of America Lost data on over 1 million people.  ChoicePoint sold personal information on about 145,000 people to identity thieves.  And Lexis Nexis had data on about 310,000 people improperly […]