PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Privacy Cartoon: Know Your Data

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 19, 2016

Privacy Awareness Training Cartoon

Here’s a cartoon I created.  It involves several Fair Information Practice Principles (FIPPs) and privacy best practices.  The ones involved (and not heeded) in this cartoon are doing a data inventory, informing people about the purposes of the collection of their data, using data for only those purposes, and not keeping data longer than necessary to accomplish those purposes.

For many organizations, there is a lot of data collected that gets stored and forgotten, or that is collected with no apparent purpose in mind.  Data inventories are a great way to take stock of this data and determine whether it is really necessary and appropriate to keep it.

Poster Privacy Awareness Training Know One's Data

Continue Reading

Ransomware: A Cartoon to Brighten More Bad News

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 12, 2016

Ransomware cartoon

I have good news and bad news about ransomware.  First, the good news — here’s a cartoon I created.  I hope you enjoy it, because that’s the only good news i have.  Now, for the bad news . . .

The Bad News: Be Afraid, Very Afraid

Everyone seems to be afraid of ransomware these days, but is the fear justified?  Is ransomware more about hype than harm?   Unfortunately, a recent study of international companies conducted by Malwarebytes provides some startling statistics to back up the fears.  According to the study, 40% of companies worldwide and more than 50% of the US companies surveyed experienced a ransomware incident in the last year.

The stakes are very high — 3.5% of companies surveyed even indicated that lives were also at stake which was exemplified by a recent attack in Marin, California where doctors lost access to patient records for over 10 days.

Continue Reading

HIPAA’s Failure to Provide Enough Patient Control Over Medical Records

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 7, 2016

HIPAA Privacy Rule

 

A Not-So-Far-Fetched Seinfeld Episode

In a Seinfeld episode called “The Package” from 1996 (click here to see the scene), airing just months after HIPAA was passed,  Elaine goes to see a doctor for a rash.

Continue Reading

An Updated List of Privacy Law Fellowships

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 6, 2016

Fellowships can be a great way to kick start a career in privacy law.  I have added new fellowships the list I published in February 2016, as well as updated deadlines and other relevant information.  Click here to see the fully updated list of privacy fellowships.  If you know of others I should add, please email me.

Continue Reading

HIPAA Cartoon – HIPAA Compliance Program

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 21, 2016

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13.

So HIPAA could be 20 years old, eager to become 21 and be able to drink (right now, it just makes people want to drink) or 13 years old and about to begin being an unruly teenager.

A few years ago, I published an article in the Journal of AHIMA to celebrate HIPAA’s 10th birthday (counting from when the Privacy Rule became effective).  The article discusses HIPAA’s growth and impact, and is a quick read if you’re interested.  You can download it for free here:

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)

Continue Reading

Is a Ransomware Attack a HIPAA Data Breach?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 19, 2016

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS).

A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of the document outlines what should be obvious for an organization that already has a solid data security plan (including reliable back-ups, workforce training, and contingency plans), the major headline is HHS’s verdict on whether or not a ransomware attack qualifies as a data breach under HIPAA.

Continue Reading

Passwords Cartoon – Security Awareness Training

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 3, 2016

Cartoon Passwords - TeachPrivacy Security Awareness Training 01

Here’s a cartoon I created to illustrate the importance of security awareness training.  I hope you find it amusing.

Continue Reading

“Privacy”: A Unique Play Starring Your Smart Phone

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 1, 2016

Privacy Awareness

I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City.  The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers.  Technology is adeptly woven into the play.  At many points during the production, audience members are asked to use their smart phones.  The script is entertaining and intelligent.  There is never a dull moment, and I was laughing throughout. Continue Reading

Microsoft Just Won a Big Victory Against Government Surveillance — Why It Matters

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 15, 2016

eye

Yesterday, Microsoft won a huge case against government surveillance, a case with very important implications: In the Matter of a Warrant to Search a Certain E‐Mail Account Controlled and Maintained by Microsoft Corporation.

Continue Reading

HIPAA’s Long Arm — and Why It’s a Good Thing

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 11, 2016

HIPAA Training

Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA).

Continue Reading