Here is the recording of my debate with Prof. Jane Bambauer. We discussed state privacy laws and the pros and cons of the Uniform Law Commissions model privacy law, the Uniform Personal Data Protection Act (UPDPA).
A Critique of the Uniform Law Commission’s Uniform Personal Data Protection Act
I have an article with Professor Woodrow Hartzog in Slate created from an excerpt from our new book, Breached! Why Data Security Law Fails and How to Improve it
We Still Haven’t Learned the Major Lesson of the 2013 Target Hack
By Woodrow Hartzog & Daniel Solove
Slate (April 13, 2022)
You can read Chapter 1 of Breached! for free here.
Woody and I will be holding a webinar to discuss the book on Wednesday, April 27, 2022 at 2 PM ET. More info and registration here.
Free download of Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th ed. 2022)
The chapter covers the types of privacy law, provides a list of US federal privacy laws, and includes an historical timeline of major developments in privacy law.
I’m delighted to announce that the final published version of my article, Privacy Harms, is now out in print!
Privacy Harms, 101 B.U. L. Rev. 793 (2022) (with Danielle Keats Citron)
I am pleased to announce that Professor Paul Schwartz and I have just published a new 6th edition of our book, PRIVACY LAW FUNDAMENTALS. Now in a new 6th edition for 2022, PRIVACY LAW FUNDAMENTALS is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases.
The book summarizes the essential provisions of all of the major privacy statutes and regulations, including COPPA, ECPA, FCRA, FERPA, FISA, FTC Act, GLBA, HIPAA, TCPA, Privacy Act, VPPA, and more.
The book includes summaries of foreign laws such as the EU’s GDPR, China’s PIPL, Canada’s PIPEDA, Brazil’s LGPD, and more.
In addition, PRIVACY LAW FUNDAMENTALS summarizes key state privacy laws and provides an overview of FTC and HHS enforcement actions. We provide numerous charts and tables summarizing the privacy statutes (i.e. statutes with private rights of action, preemption, and statutory damages, among other things).
Continue Reading
Please join me Thursday, April 14 at 12pm ET for a debate with Professor Jane Bambauer (University of Arizona). We will be discussing state privacy laws and the pros and cons of the Uniform Law Commissions model privacy law, the Uniform Personal Data Protection Act (UPDPA). You can attend in-person or watch online.
A Critique of the Uniform Law Commission’s Uniform Personal Data Protection Act
In this webinar, I moderate a discussion about recent privacy laws, what works, what fails, the virtues/vices of a private right of action, and other ideas for creating good laws.
Speakers include:
You can see the archived webinar by clicking the button below.
Professor Woodrow Hartzog and I have posted Chapter 1 of our new book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022) on SSRN:
You can download it for free.
Website for Breached!
Breached! Amazon Page
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum an annual event designed for seasoned professionals.
NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.
In this webinar, I discuss recently-enacted worldwide privacy laws as well as new laws likely to be enacted this year with other experts. The webinar also covers enforcement trends, world regional developments, and cross-border data transfer. Speakers include:
You can see the archived webinar by clicking the button below.
I’m delighted to announce that my new book, Breached!, with Professor Woodrow Hartzog is now out in print:
(Oxford University Press, March 1, 2022)
Website for Breached!
Breached! Amazon Page
Excerpt from the book jacket description:
Drawing insights from many fascinating stories about data breaches, Solove and Hartzog show how major breaches could have been prevented or mitigated through a different approach to data security rules. Current law is counterproductive. It pummels organizations that have suffered a breach but doesn’t address the many other actors that contribute to the problem: software companies that create vulnerable software, device companies that make insecure devices, government policymakers who write regulations that increase security risks, organizations that train people to engage in risky behaviors, and more.
Although humans are the weakest link for data security, policies and technologies are often designed with a poor understanding of human behavior. Breached! corrects this course by focusing on the human side of security. Drawing from public health theory and a nuanced understanding of risk, Solove and Hartzog set out a holistic vision for data security law-one that holds all actors accountable, understands security broadly and in relationship to privacy, looks to prevention and mitigation rather than reaction, and works by accepting human limitations rather than being in denial of them. The book closes with a roadmap for how we can reboot law and policy surrounding data security.
Here is some additional advanced praise about the book beyond the quotes in the image above:
“A fascinating exploration of the ways that our fixation on individual data breaches has limited the effectiveness of data security law.” – Josephine Wolff, Associate Professor of Cybersecurity Policy, Tufts University
“Breached! shows how the future of data security requires us to look at the problem holistically and understand that good privacy rules can also promote good security outcomes. A breath of fresh air on an important and often-ignored topic.”– Neil Richards, Professor of Law, Washington University
“A compelling account of where data security law has gone wrong plus convincing advocacy of where it should go. This book should be read by anyone involved in privacy and cybersecurity.” – Paul Schwartz, Jefferson E. Peyser Professor of Law, Berkeley Law School
“A clear, accessible, persuasive case that data security today needs a systematic approach, far beyond just mopping up breaches. I hope every regulator or legislator working on the subject reads this book and follows their advice.” – William McGeveran, Associate Dean for Academic Affairs, U. Minnesota Law School
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy and data security training. He also posts at his blog at LinkedIn, which has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum an annual event designed for seasoned professionals.
NEWSLETTER: Subscribe to Professor Solove’s free newsletter
TWITTER: Follow Professor Solove on Twitter.
Sessions and workshops on CCPA developments, CCPA litigation, state privacy law, health privacy, HIPAA, de-identification, EU privacy law, GDPR, Asian privacy law, Saudi Arabia and UAE privacy laws, cookies, PIAs, mobile apps, vendor management, ad tech, and much more!
