PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The $500,000 Value of Data Security Awareness Training

data security awareness training

by Daniel J. Solove

It has long been difficult to quantify the ROI of data security awareness training.

But finally, I have been able to locate a number. According to a 2014 PricewaterhouseCoopers study: “The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs—in particular, training for new employees—report significantly higher average financial losses from cybersecurity incidents. Companies without security training for new hires reported average annual financial losses of $683,000, while those do have training said their average financial losses totaled $162,000.”

Continue Reading

The Privacy Pillory and the Security Rack: The Enforcement Toolkit

privacy pillory

law blog 2

by Daniel J. Solove

Are privacy and security laws being enforced effectively? This post is post #2 in a series called Enforcing Privacy and Security Laws. See the end of this post for links to other posts in this series.

What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Continue Reading

The Best Preventative Medicine for Health Data Breaches

data breach 1

by Daniel J. Solove

Last week, I gave a keynote address at a conference called Safeguarding Health Information: Building Assurance through HIPAA Security, sponsored by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). I’d like to summarize my remarks here for anyone interested who wasn’t able to attend.

Continue Reading

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

 

c suite blog 1

by Daniel J. Solove

As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme:

The C-Suite must care

The workforce must be aware

In this post, I want to focus on the “C-Suite” – a term used for the upper management of an organization, its top officers.

The C-Suite must care about data security.

But far too often, the C-Suite doesn’t fully appreciate the risks and could use a better understanding of the law.

Continue Reading

The 2 Essential Ways to Prevent Data Breaches

data breach post 1

by Daniel J. Solove

We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . .Continue Reading