PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

How to Enter the Privacy Profession

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 29, 2014

privacy profession

by Daniel J. Solove

The privacy profession is growing by leaps and bounds, but entering it is tricky. My law students and others frequently ask me how they can enter the privacy field. Most jobs seem to require a few years of experience, but the privacy profession is still relatively new, and getting this experience can be difficult because there are not many clear paths to entry.

Once in the field, the demand is high for privacy professionals with experience. But there is a bottleneck in getting into the club. I have written about this problem in a previous blog post.

Continue Reading

Big Myths About Big Data

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 23, 2014

big data post

by Daniel J. Solove

The FTC held a workshop this Monday about Big Data. The term “Big Data” is used everywhere these days, and depending upon who is talking about it, Big Data is either the hippest thing in the world and the producer of miracles that will save the human race, or it is the scourge of all evil and the doom of freedom and democracy. I think that neither is the truth, and I want to dispel some myths about Big Data:

Continue Reading

Why Do Lawsuits for Data Breaches Continue Even Though the Law Is Against Plaintiffs?

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 22, 2014

chess pic 1

by Daniel J. Solove

If there’s a big data breach, the class action lawyers will start nipping like a bunch of hungry crocodiles. Upwards of forty separate lawsuits were filed against Target after its data breach, and one was filed the day after the breach became public knowledge.

The law, however, has thus far been far from kind to plaintiffs in data breaches. Most courts dismiss claims for lack of harm. I have written extensively about harm in a series of posts on this blog, and I have chided courts for failing to recognize harm when they should.

Continue Reading

Does Training Really Work? Can It Reduce Data Security Breaches?

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 18, 2014

does training work 1

by Daniel J. Solove

According to a recent report by Enterprise Management Associates, 56% of employees are not receiving any sort of data security awareness training.

This is a rather distressing statistic. It is particularly distressing because according to another study, “when specific employee behaviors are addressed in a meaningful way to bring about a security-aware culture, the incidence and cost of non-compliance plummets.”

Continue Reading

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 10, 2014

 

c suite blog 1

by Daniel J. Solove

As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme:

The C-Suite must care

The workforce must be aware

In this post, I want to focus on the “C-Suite” – a term used for the upper management of an organization, its top officers.

The C-Suite must care about data security.

But far too often, the C-Suite doesn’t fully appreciate the risks and could use a better understanding of the law.

Continue Reading

10 Biggest Data Breaches: Facts and Lessons

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 3, 2014

 

97a2e379-d119-4fcc-9941-5876170888d8

by Daniel J. Solove

Recently, hackers from China stole 4.5 million records of patients from a hospital chain in Tennessee. Do you think that’s big? As a Bloomberg article notes, however,” they haven’t come close to entering the ranks of the biggest breaches of all time. In fact, they haven’t even cracked the top 10.”

Bloomberg has a terrific infographic about the top 10 largest data breaches in the United States.

Continue Reading

The 2 Essential Ways to Prevent Data Breaches

Daniel Solove @danielsolove
Founder of TeachPrivacy
September 1, 2014

data breach post 1

by Daniel J. Solove

We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . .Continue Reading

The Biggest PR Mistake in Privacy and Data Security Incidents: An Interview with PR Expert Melanie Thomas

Daniel Solove @danielsolove
Founder of TeachPrivacy
August 18, 2014

pr blog post 1

by Daniel J. Solove

It happens all the time. An organization has a privacy incident or data breach. The news stories proliferate. Cries of “shame on you” reverberate across the Internet. A number of organizations have an incident response plan, but they often don’t have much of a plan for PR. Certain incidents can take on a life of their own in the media, like a sudden tornado that swoops in and leaves devastation in its path.

Continue Reading

What Is Sensitive Data? Different Definitions in Privacy Law

Daniel Solove @danielsolove
Founder of TeachPrivacy
July 31, 2014

Sensitive Data Image 01

by Daniel J. Solove

I was corresponding with K. Royal the other day, as she was graciously providing some feedback on a training program I created, and we got to talking about sensitive data. In their privacy laws, many countries designate a special category of data called “sensitive data” that receives especially stringent protections.

The most common list of categories for sensitive data is the list in the EU Data Protection Directive, which includes data about “racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, health, and sex life.”

The US has no special category of “sensitive data” but US privacy law does protect certain forms of data more stringently (health, financial).

I find it interesting what various countries define as sensitive data, and K Royal has created an awesome chart that she shared with me:

Chart of Sensitive Data in Various Countries

To a privacy wonk like me, a chart like this makes me giddy with excitement, and so I thought I’d share it with you (with her permission, of course).

Here’s a tally of the various types of most-commonly recognized categories of sensitive data. This is based on a chart of the sensitive data category of many countries that K Royal created.

Sensitive Data Chart Word Tally 03

SPECIFIC COUNTRIES’ DEFINITIONS OF SENSITIVE DATA

You can access the full Excel spreadsheet of the data here.

Note: The entry for “standard” means the standard list from the EU Data Protection Directive. The categories encompassed by “standard” include the one beginning “national, Racial/Ethnic” through “sexual preferences and practices.”  More background about K’s project can be found at her blog.

If you want to see the spreadsheet data laid out in a blog post, you can see my longer post about the issue at my LinkedIn Blog.