In previous posts, I have listed some of my favorite novels and movies about privacy and security issues. I don’t want to leave out TV, as there are some great TV series too.
I recently created a new resource page — How to Make Security Training Effective. The page contains my advice for how to make security training memorable and effective in changing behavior.
Training the workforce is an essential way to protect data security, but not all training endeavors are successful. Poor training is akin to shouting into the void. This resource page is designed to provide some tips and advice about training that I’ve learned from being an educator for more than 15 years. Continue Reading
What laws require security awareness training? What topics do the laws require to be covered? What should be covered? How frequently should training be given?
I recently created a new resource page — Security Awareness Training FAQ — to answer the above questions and more. I discuss various legal and industry requirements for security awareness training. I also discuss best practices. I hope that you find this resource to be useful.
When is a person harmed by a privacy violation?
The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins.
Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile. Spokeo’s profiles are used by potential employers and others to search for data about people. FCRA requires that information in profiles for these purposes be accurate, and it allows people to sue if information is not.
The privacy law profession is growing tremendously, but there is a challenge that we’re facing, one that I’d like to enlist your help in addressing – the bottleneck problem. There is a huge bottleneck at the entry point to the field. So I am calling on organizations to address this bottleneck by offering fellowships to recent law school graduates interested in privacy law.
Each year, I teach about 60-70 privacy law students, and there are many other professors teaching similar courses with large enrollments. Many great students want to enter the field, but they find it very hard to do so because nearly every position requires a number of years of experience.
Unlike other field with a more developed entry point, privacy lacks an easy way in. People have to do all sorts of career gymnastics to lateral sideways or slip in from other areas. A while ago, I solicited advice on entering the profession and provided advice of my own, and I posted about it in my post, How to Enter the Privacy Profession.
On the other side, many organizations are seeking to fill privacy law positions but are having a hard time finding enough people with experience.
The privacy profession must address the bottleneck problem and develop a reliable pathway to the profession.
I am therefore calling on companies and organizations to create privacy law fellowships that would last 1-2 years. If you create one, I will list it in my list of privacy law fellowships. Right now, the list is short, and most of the opportunities are in NGOs and the government, with a handful from the private sector. I’d like to triple or quadruple this list . . . and hopefully make it even longer than that.
So if you’re on the privacy team at an organization, please look into creating a fellowship position. If you’re a privacy law professor, please join in my call. A mature profession needs an entry point and a reliable pathway. It’s time to make that happen for privacy law.
There’s a new British import to America, and sadly, it isn’t a rock band. It’s CCTV. In many of Britain’s cities, there is an elaborate network of thousands of surveillance cameras monitored through closed circuit television (CCTV). According to estimates, there are about 4 million surveillance cameras in Britain and a citizen is caught on surveillance camera about 300 times per day.
The AP reports [link no longer available] that NYC is starting to install hundreds of surveillance cameras in an effort to mimic Britain’s CCTV. According to the AP [link no longer available]:
Please stop by the TeachPrivacy booth at the expo at the IAPP Summit.
See if you can spot all the privacy and data security risks in this scene. Pick up a copy of the scene, see our poster, and try out our interactive module.
Ransomware has been sickening healthcare institutions. It has become a plague.
Continue Reading
After years of careful study and extensive analysis, I have arrived at a solution to all the privacy and data security problems worldwide. Although I’ve been advised that I shouldn’t give away such a perfect solution to such a vexing problem for free, my drive to altruism is simply too strong.
Without further ado . . .
[stag_toggle title=”Read the Solution to All Privacy and Data Security Problems Worldwide” state=”closed”]
Don’t collect personal data.
[/stag_toggle]
[stag_toggle title=”Further Elaboration” state=”closed”]
April Fool’s!
There is another solution — not quite a miracle cure all, but definitely very helpful — privacy and cybersecurity training! And that’s no joke.
With Professor Woodrow Hartzog, I have also solved the challenge of legal compliance more generally: The Ultimate Unifying Approach to Complying with All Laws and Regulations, 19 Green Bag 2d 223 (2016).
[/stag_toggle]
The past 20 years have seen the remarkable emergence of the privacy profession. Starting from nothing, this profession originally included a handful of people called Chief Privacy Officers (CPOs). Nobody grew up saying they wanted to be a CPO. Nobody knew what CPOs did.