PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Ethics of Artificial Intelligence: An Interview of Kurt Long

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 11, 2018

The Ethics of Artificial Intelligence: An Interview of Kurt Long

In recent years, there have been tremendous advances in artificial intelligence (AI). These rapid technological advances are raising a myriad of ethical issues, and much work remains to be done in thinking through all of these ethical issues.

I am delighted to be interviewing Kurt Long about the topic of AI. Long is the creator and CEO of  FairWarning, a cloud-based security provider that provides data protection and governance for electronic health records, Salesforce, Office 365, and many other cloud applications.  Long has extensive experience with AI and has thought a lot about its ethical ramifications.

Kurt Long

Continue Reading

Why Blockchain Is a Game-Changer for Privacy: An Interview with Steve Shillingford

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 28, 2018

Blockchain is taking the world by storm. I am delighted to have the opportunity to interview Steve Shillingford, Founder and CEO of Anonyome Labs, a consumer privacy software company.

Steve was previously at Oracle and Novell, then was President of Solera Networks before founding Anonyome. Steve speaks and writes extensively on identity management, cybersecurity, privacy, and Big Data.

Continue Reading

FTC Hearings on Competition and Consumer Protection in the 21st Century

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 27, 2018

I’ll be speaking at the FTC Hearings on Competition and Consumer Protection in the 21st Century on a panel about consumer data on Thursday, September 13, 2018 at 3:15 PM.

UPDATE: You can see video of my panel at that hearing here.  Here’s a transcript.

My panel information is here:

The Regulation of Consumer Data
Participants:

Maureen K. Ohlhausen
Federal Trade Commission

Howard Beales
George Washington University School of Business

Daniel Solove
George Washington University Law School

David Vladeck
Georgetown University Law Center

Moderator:  James Cooper
Federal Trade Commission, Bureau of Consumer Protection

More information about the day’s schedule is here.

Continue Reading

Cartoon: GDPR Consent

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 20, 2018

Cartoon GDPR Consent - TeachPrivacy GDPR Training 02 medium

This cartoon is about consent under the GDPR.  Under the GDPR Article 6, consent is one of the six lawful bases to process personal data.  Article 7 provides further guidance about consent, including the data subject’s right to withdraw consent.  The meaning of what “consent” requires is most thoroughly stated in Recital 32:

Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided.

Continue Reading

Strategic Privacy by Design: An Interview with Jason Cronk

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 16, 2018

Privacy by Design

Privacy by design — or “Data Protection by Design” as it is referred to in the General Data Protection Regulation (GDPR) — is essential to meaningful privacy protection. Yet, it is often quite thin and incomplete. As I wrote a few years ago about privacy by design, “The ‘privacy’ the designers have in mind might be so focused on one particular dimension of privacy that it might overlook many other dimensions.”

Continue Reading

Cartoon: HIPAA Protected Health Information

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 10, 2018

Cartoon HIPAA PHI - TeachPrivacy HIPAA Training 02

Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI).  In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section.  Pursuant to HIPAA, 45 CFR 160.103:

Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:
(1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
(2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Continue Reading

Cartoon: California Consumer Privacy Act

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 4, 2018

Cartoon California Consumer Privacy Act - TeachPrivacy Privacy Training 02 small

The privacy world has been abuzz with the passage of the California Consumer Privacy Act of 2018.  In June 2018, within just a week, California passed this strict new privacy law.  Some commentators have compared it to the GDPR, but it is a much more narrow law and is a far cry from the GDPR.  Nevertheless, it is a significant entry in California’s considerable canon of privacy laws.

For more on California privacy laws, see this collection compiled by the California Attorney General.

Continue Reading

HIPAA Training Overview Page

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 23, 2018

HIPAA Training - TeachPrivacy 01
We recently developed a new overview page that discusses my approach to HIPAA training.  The page discusses several dimensions about our training, including:

  • different comprehensive annual HIPAA privacy and security modules depending upon whether an entity is a covered entity or business associate
  • courses to cover the material at different lengths
  • short modules (most 5 minutes or less) designed for on-demand or periodic training
  • many humorous cartoon vignettes to reinforce essential points about HIPAA
  • HIPAA games

Learn more about our 60+ HIPAA training topics for your workforce.

Continue Reading

California Consumer Privacy Act of 2018 Resource Page

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 23, 2018

In the period of just a week, California passed a bold new privacy law – the California Consumer Privacy Act (CCPA) of 2018. By January 1, 2020, companies around the world will have to comply with additional regulations related to the processing of personal data of California residents.

My California Consumer Privacy Act Resources page includes information about the CCPA including articles, news, blogs and more.

Continue Reading

California Privacy Law for the World: An Interview with Lothar Determann

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 17, 2018

For the first half of 2018, all eyes were focused eastward on the EU with the start of GDPR enforcement this May. Now, all eyes are shifting westward based on a bold new law passed by California. By January 1, 2020, companies around the world will have to comply with additional regulations related to the processing of personal data of California residents. Pursuant to the California Consumer Privacy Act of 2018, companies must observe restrictions on data monetization business models, accommodate rights to access, deletion, and porting of personal data, update their privacy policies and brace for additional penalties and statutory damages. The California Legislature adopted and the Governor signed the bill on June 28, 2018 after an unusually rushed process in exchange for the proposed initiative measure No. 17-0039 regarding the Consumer Right to Privacy Act of 2018 (the “Initiative”) being withdrawn from the ballot the same day, the deadline for such withdrawals prior to the November 6, 2018 election.

Below is an interview with Lothar Determann, a leading expert on California privacy law. He has a treatise on the topic: California Privacy Law (3rd Edition, IAPP 2018).

Continue Reading