News, Developments, and Insights

high-tech technology background with eyes on computer display

Lawsuits for Wrongful Data Collection – Biometric Data and Beyond: An Interview with Katherine Heaton and Amanda Thai

Lawsuits for Wrongful Data Collection

Powered by recent privacy laws, lawsuits for wrongful data collection have been rapidly increasing. The result is a growing body of caselaw, many unanswered questions, and a new landscape for companies to navigate.

I recently had the opportunity to discuss the expanding number of wrongful collection lawsuits with several experts at Beazley. Based in Denver, Katherine Heaton is the Focus Group Leader for Cyber Services and InfoSec at Beazley. Amanda Thai is a Cyber TPL Specialist in Beazley’s New York office.

Continue Reading

A Faustian Bargain: Is Preemption Too High a Price for a Federal Privacy Law?

A Faustian Bargain: Is Preemption Too High a Price for a Federal Privacy Law?

A federal comprehensive privacy law in the United States?  Can it really be true? Could this finally be the time it happens?

Eventually, maybe the lion really will lie down the lamb. Maybe the Loch Ness Monster will be located. Maybe Congress will finally join 150+ other countries around the world and pass a comprehensive privacy law. Maybe, just maybe . . .

The United States recently inched closer to this occurrence. I see hope breaking out all over the Twitterverse. The American Data Privacy and Protection Act (ADPPA) advanced out of Committee.  This is still an early round in the Squid Game of making a law in this country, but this law might have what it takes. It could go all the way.

I’ve learned not to put too much faith in Congress. I am not going to be Charlie Brown with the football. Back around 2005, after the ChoicePoint data breach, as states all started eyeing California’s breach notification law with envy and started to craft laws of their own, I thought for sure Congress would pass a federal data breach notification law.

But I was wrong. Congress failed. Breach notification was an easy issue for Congress to address – far easier than a comprehensive privacy law which is swamped with a multitude of complicated issues. But maybe this is the time. After all, in the movies the hapless underdog somehow finds a way to win. Sometimes, life imitates the movies, and we all need a feel-good story during these dark summer days.

Grading the ADPPA: Is it Any Good?


The ADPPA bill itself isn’t too bad. In my view, Congress is generally a D student when writing laws, and the ADPPA is a B+.

Continue Reading

Cartoon – Phishing Emails

Cartoon Phishing Email - TeachPrivacy Data Security Training 02 small

This cartoon involves a common phishing scam – the inheritance email. For decades, phishers have been sending out the same email scams. One would think that after a while, people would learn about the common scams, and they wouldn’t work anymore. Unfortunately, people keep falling for the same scams over and over again.  Even a very low response rate still works for hackers because they send out their email messages so widely.

Continue Reading

Webinar – Privacy and Innovation: Strategies for Privacy Analyses of New Technologies

If you couldn’t make it to my webinar to discuss privacy and innovation, you can watch the replay here.   David Keating (Alston & Bird), Ashley Massengale (Porsche) and Nameir Abbas (Okta), and I discussed practical approaches and tips for assessments of new technologies under privacy regulatory standards.

Button Watch Video 01

Continue Reading

Webinar: Cross-Border Data Transfers: What’s Next?

Webinar Cross-Border Data Transfers 03


If you couldn’t make my webinar to discuss cross-border data transfers, you can watch the replay here. Justin Antonipillai of Wirewheel, Josh Harris of BBB National Programs and I discussed the new framework between the US and the EU for cross-border data transfers as well as the CBPRs.  We also discussed steps that companies should take today and what to expect in the future.

Button Watch Video 01



Continue Reading

The Best Books About Privacy

Best Privacy Books

I was invited by Shepherd to list my recommendations for the 5 best books about privacy. Shepherd is a site that posts lists of best books recommended by experts about various topics. It has excellent lists.

I was delighted to have the chance to share my admiration for superb books by Woodrow Hartzog, Danielle Citron, Neil Richards, Anita Allen, and Ari Waldman. There are many other excellent books about privacy, but I was asked to list just 5, so I had to exclude many other very worthy works.

Best Privacy Books 02

Best Privacy Books Covers

At my list of best privacy books at Shepherd, I describe how I became interested in the privacy field, and I provide short explanations for why I chose each book.

Continue Reading

Key Quotes from BREACHED!

Breached - Solove and Hartzog 11

Professor Woodrow Hartzog and I selected some key quotes from our new book, BREACHED! WHY DATA SECURITY LAW FAILS AND HOW TO IMPROVE IT (Oxford University Press 2022).

The Law’s Obsessive and Unproductive Focus on Data Breaches

“Too much of the current law of data security places the breach at the center of everything. Turning data security law into the “law of breaches” has the effect of over-emphasizing the conduct of the breached entities while ignoring the other actors and factors that contributed to the breach.” (p. 11)

“Data security law has an unhealthy obsession with data breaches. This obsession has, ironically, been the primary reason why the law has failed to stop the deluge of data breaches. The more obsessed with breaches the law has become, the more the law has failed to deal with them.” (p. 39)

“Breaches are already very costly and painful, so when regulators come along and add a little more to the pain, it often is not a game changer. This is especially true because the penalties are often far smaller than the overall costs of the breach.” (p. 55)

Data Security Is a Delicate Balance

“Current data security rules fail to address risk effectively. In many circumstances, the law penalizes breaches with little regard to considerations of risk and balance. Other times, the law levies no penalty against organizations even though their actions created enormous unwarranted risks.” (p. 12)

Continue Reading

Interview: Training Your Company on Privacy and Security Laws

Training Your Company on Privacy and Security Laws

Here is a recording of my interview with Jodi & Justin Daniels of Red Clover Advisors with their series, She Said Privacy/He Said Security,

In this interview I discuss how to educate your team on data privacy and security. I also reveal how to lead engaging training sessions on privacy laws, the different types of privacy laws that employees should be aware of, and tips and tricks on personal security and privacy.

Button Watch Video 01


Continue Reading

Video Recording of Debate with Professor Jane Bambauer on State Privacy Laws and the Uniform Personal Data Protection Act

Debate Solove Bambauer 04

Here is the recording of my debate with Prof. Jane Bambauer. We discussed state privacy laws and the pros and cons of the Uniform Law Commissions model privacy law, the Uniform Personal Data Protection Act (UPDPA).

Button Watch Video 01

Related Posts

A Critique of the Uniform Law Commission’s Uniform Personal Data Protection Act

ALI Data Privacy: Overview and Black Letter Text

Continue Reading


Subscribe to Professor Solove's Privacy+Security Newsletter


Free newsletter with cartoons, writings, events, webinars, training, humor and whiteboards.