PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Information Security Training: Focus on the Human Problem

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 1, 2016

Information Security Awareness Training Plan B

I created a new poster about information security training, which is debuting at the RSA conference.  This poster is based on the fact that the vast majority of information security incidents and data breaches occur because of human mistakes.   Information security is only in small part a technology problem; it is largely a human problem.

If you’re at RSA and are interested in information security awareness training, please drop by the TeachPrivacy booth at Moscone North 4802.

RSA Conference 2016

You can pick up a copy of this poster.  And you can also learn about our newest training, which includes a really neat Where’s Waldo style game where users spot privacy and security risks.

Continue Reading

Can the FBI Force Apple to Write Software to Weaken Its Software?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 18, 2016

Privacy Awareness TrainingA dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power.  The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.

Continue Reading

Without Scalia, Will There Be a 4th Amendment Revolution?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 14, 2016

title image

The passing of Justice Antonin Scalia has brought a wave of speculation about current and future U.S. Supreme Court cases.  One area where there might be a significant impact will be the 4th Amendment, which provides the primary constitutional protection against government surveillance and information gathering.  A new justice could usher in a dramatic expansion in 4th Amendment protections against government surveillance.

Continue Reading

The Ultimate Unifying Approach to Complying with All Laws and Regulations

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 12, 2016

The Ultimate Unifying Approach to Complying with All Laws and Regulations

Professor Woodrow Hartzog and I have just published our new article, The Ultimate Unifying Approach to Complying with All Laws and Regulations19 Green Bag 2d 223 (2016).  Our article took years of research and analysis, intensive writing, countless drafts, and endless laboring over every word. But we hope we achieved a monumental breakthrough in the law.  Here’s the abstract:

There are countless laws and regulations that must be complied with, and the task of figuring out what to do to satisfy all of them seems nearly impossible. In this article, Professors Daniel Solove and Woodrow Hartzog develop a unified approach to doing so. This approach (patent pending) was developed over the course of several decades of extensive analysis of every relevant law and regulation.

Continue Reading

A List of Privacy Law Fellowships

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 12, 2016

Opportunity Business Fotolia_66071917_S 03

One way to enter the privacy profession is to do a fellowship, and fortunately, an increasing number of fellowship opportunities are emerging.

I have written about the challenges of breaking in to the privacy law profession, especially the challenges that recent law school graduates will face.  There are no established career paths in this field yet, so it takes some effort to get started.  Once you’re in the club, you’ll be in big demand, but there’s a bottleneck at the entrance.  This is why fellowships can be a great way to kick start a career in privacy law.

Here are a few fellowships related to privacy that I’m aware of.  If you know of others I should add to the list, please email me.

Continue Reading

A New US-EU Safe Harbor Agreement Has Been Reached

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 2, 2016

EU-US Privacy Shield Safe Harbor Training

Last year, the death of the US-EU Safe Harbor Arrangement sent waves of shock and despair to the approximately 4500 companies that used this mechanism to transfer personal data from the US to the EU.  But a new day has dawned.

Continue Reading

What Can We Learn From Bad Passwords?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 2, 2016

Title

By Daniel J. Solove

The SplashData annual list of the 25 most widely used bad passwords recently was posted for passwords used in 2015.  The list is compiled annually by examining passwords leaked during a particular year.  Here is the list of passwords for 2015, and below it, I have some thoughts and reactions to the list.

Continue Reading

Notable Privacy and Security Books 2015

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 1, 2016

Notable Privacy Security Books 2015 - TeachPrivacy 01

For several years, I have been posting about notable books on privacy and security, and this post lists some of the notable books from 2015.  To see a more comprehensive list of nonfiction works about privacy and security, you might consult this resource page that Professor Paul Schwartz and I maintain: Nonfiction Privacy + Security Books.

Now, without further ado, here are some of the many privacy and security books published in 2015:

Continue Reading

New Privacy and Security Awareness Training Programs

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 1, 2016

security awareness training

I created some new training programs last year, and here are some of the highlights:

Security Training Malware -- Ransomware Attack

The Ransomware Attack (~5 mins)

This short program (~5 minutes) consists of an interactive cartoon vignette about malware.  The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches apply broadly to all malware.  The program focuses on how to avoid having malware installed on one’s computer and what to do (and not to do) if this ever happens.

Module Lifecycle of Personal Data 01

The Life Cycle of Personal Data (~ 15 mins)

This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data.  The course has 8 quiz questions. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.

Continue Reading