The Federal Trade Commission (FTC) has become the leading federal agency to regulate privacy and data security. The scope of its power is vast – it covers the majority of commercial activity – and it has been enforcing these issues for decades. An FTC civil investigative demand (CID) will send shivers down the spine of even the largest of companies, as the FTC requires a 20-year period of assessments to settle the score.Continue Reading
Information Security Training: Focus on the Human Problem
I created a new poster about information security training, which is debuting at the RSA conference. This poster is based on the fact that the vast majority of information security incidents and data breaches occur because of human mistakes. Information security is only in small part a technology problem; it is largely a human problem.
If you’re at RSA and are interested in information security awareness training, please drop by the TeachPrivacy booth at Moscone North 4802.
You can pick up a copy of this poster. And you can also learn about our newest training, which includes a really neat Where’s Waldo style game where users spot privacy and security risks.
Spot the Privacy and Security Risks Training Game
I’m pleased to announce a new training program: Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete. Trainees are asked to spot the risks in an office. Feedback is provided about each risk so trainees learn many of the most important best practices.
Without Scalia, Will There Be a 4th Amendment Revolution?
The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases. One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering. A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.
A List of Privacy Law Fellowships
One way to enter the privacy profession is to do a fellowship, and fortunately, an increasing number of fellowship opportunities are emerging.
I have written about the challenges of breaking in to the privacy law profession, especially the challenges that recent law school graduates will face. There are no established career paths in this field yet, so it takes some effort to get started. Once you’re in the club, you’ll be in big demand, but there’s a bottleneck at the entrance. This is why fellowships can be a great way to kick start a career in privacy law.
Here are a few fellowships related to privacy that I’m aware of. If you know of others I should add to the list, please email me.
A New US-EU Safe Harbor Agreement Has Been Reached
Last year, the death of the US-EU Safe Harbor Arrangement sent waves of shock and despair to the approximately 4500 companies that used this mechanism to transfer personal data from the US to the EU. But a new day has dawned.
Notable Privacy and Security Books 2015
For several years, I have been posting about notable books on privacy and security, and this post lists some of the notable books from 2015. To see a more comprehensive list of nonfiction works about privacy and security, you might consult this resource page that Professor Paul Schwartz and I maintain: Nonfiction Privacy + Security Books.
Now, without further ado, here are some of the many privacy and security books published in 2015:
What Can We Learn From Bad Passwords?
By Daniel J. Solove
The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015. The list is compiled annually by examining passwords leaked during a particular year. Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to the list.
New Privacy and Security Awareness Training Programs
I created some new training programs last year, and here are some of the highlights:
The Ransomware Attack (~5 mins)
This short program (~5 minutes) consists of an interactive cartoon vignette about malware. The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches apply broadly to all malware. The program focuses on how to avoid having malware installed on one’s computer and what to do (and not to do) if this ever happens.
The Life Cycle of Personal Data (~ 15 mins)
This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data. The course has 8 quiz questions. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.
A Cartoon for Data Privacy Day 2016
It’s Data Privacy Day — January 28, 2016 — and to celebrate, here’s a cartoon I created about the Internet of Things.