by Daniel J. Solove
Are privacy and security laws being enforced effectively? This post is post #2 in a series called Enforcing Privacy and Security Laws. See the end of this post for links to other posts in this series.
What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.
by Daniel J. Solove
PART 1
Are privacy and security laws being enforced effectively? This post is part of a series called Enforcing Privacy and Security Laws.
How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts?
I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”
by Daniel J. Solove
After Apple announced that it wouldn’t provide law enforcement with an easy back door to access data on people’s devices, we heard loud whining coming from the FBI and various security proponents that this would be bad for security.
by Daniel J. Solove
Last week, I gave a keynote address at a conference called Safeguarding Health Information: Building Assurance through HIPAA Security, sponsored by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). I’d like to summarize my remarks here for anyone interested who wasn’t able to attend.
by Daniel J. Solove
The privacy profession is growing by leaps and bounds, but entering it is tricky. My law students and others frequently ask me how they can enter the privacy field. Most jobs seem to require a few years of experience, but the privacy profession is still relatively new, and getting this experience can be difficult because there are not many clear paths to entry.
Once in the field, the demand is high for privacy professionals with experience. But there is a bottleneck in getting into the club. I have written about this problem in a previous blog post.
by Daniel J. Solove
Ask people what the key factor for success is, and they’ll provide the typical answers: skill, luck intelligence . . .
These things are often keys to success.
by Daniel J. Solove
The FTC held a workshop this Monday about Big Data. The term “Big Data” is used everywhere these days, and depending upon who is talking about it, Big Data is either the hippest thing in the world and the producer of miracles that will save the human race, or it is the scourge of all evil and the doom of freedom and democracy. I think that neither is the truth, and I want to dispel some myths about Big Data:
by Daniel J. Solove
If there’s a big data breach, the class action lawyers will start nipping like a bunch of hungry crocodiles. Upwards of forty separate lawsuits were filed against Target after its data breach, and one was filed the day after the breach became public knowledge.
The law, however, has thus far been far from kind to plaintiffs in data breaches. Most courts dismiss claims for lack of harm. I have written extensively about harm in a series of posts on this blog, and I have chided courts for failing to recognize harm when they should.
by Daniel J. Solove
According to a recent report by Enterprise Management Associates, 56% of employees are not receiving any sort of data security awareness training.
This is a rather distressing statistic. It is particularly distressing because according to another study, “when specific employee behaviors are addressed in a meaningful way to bring about a security-aware culture, the incidence and cost of non-compliance plummets.”
by Daniel J. Solove
As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme:
The C-Suite must care
The workforce must be aware
In this post, I want to focus on the “C-Suite” – a term used for the upper management of an organization, its top officers.
The C-Suite must care about data security.
But far too often, the C-Suite doesn’t fully appreciate the risks and could use a better understanding of the law.