PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Data Security Is an Art, Not Just a Science

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 5, 2014

data security blog 1

by Daniel J. Solove

Far too often, the mandate for data security is simply to “secure it,” and people often think of data security as a set of clear choices. This is in contrast to privacy, which is understood as a set of muddy policy issues. But data security is, in fact, quite muddy itself.

Data security is about risk management. Data security measures can reduce the risk of having a data breach, but these measures have costs. These costs can be financial, but they also can involve efficiency, convenience, and the very culture of an organization.

Continue Reading

4 Points About the Target Breach and Data Security

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 3, 2014

I

by Daniel J. Solove

There seems to be a surge in data security attacks lately. First came news of the Target attack. Then Neiman Marcus. Then the U.S Courts. Then Michael’s. Here are four points to consider about data security:

1. Beware of fraudsters engaging in post-breach fraud.

After the Target breach, fraudsters sent out fake emails purporting to be from Target about the breach and trying to trick people into providing personal data. It can be hard to distinguish the real email from an organization having a data breach from a fake one by fraudsters. People are more likely to fall prey to a phishing scheme because they are anxious and want to take steps to protect themselves. Post-breach trickery is now a growing technique of fraudsters, and people must be educated about it and be on guard.

Continue Reading

10 Reasons Why Privacy Matters

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 20, 2014

why privacy matters 1

by Daniel J. Solove

Why does privacy matter? Often courts and commentators struggle to articulate why privacy is valuable. They see privacy violations as often slight annoyances. But privacy matters a lot more than that. Here are 10 reasons why privacy matters.

1. Limit on Power

Privacy is a limit on government power, as well as the power of private sector companies. The more someone knows about us, the more power they can have over us. Personal data is used to make very important decisions in our lives. Personal data can be used to affect our reputations; and it can be used to influence our decisions and shape our behavior. It can be used as a tool to exercise control over us. And in the wrong hands, personal data can be used to cause us great harm.

Continue Reading

The Year in Privacy 2013 and the Year to Come

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 2, 2014

high-tech technology background with eyes on computer display

by Daniel J. Solove

2013 was a remarkable year in privacy developments. Here are four main trends I saw occurring this year:

1. The heat on the NSA for its broad surveillance programs has been sustained and productive.

The Edward Snowden leaks revealed massive NSA surveillance efforts. What is most interesting in the aftermath of the recent NSA surveillance revelations has been the strong public disapproval of the NSA surveillance and courts finally taking some leadership on the issue, such as one court declaring the surveillance likely unconstitutional. The President’s Review Group on Intelligence and Communications Technologies recommended curbs on the NSA. Congress has yet to show leadership on the issue, which remains disappointing, but we are finally seeing the stirrings of a response and perhaps change. Indeed, 56% of people in a Pew poll “say that federal courts fail to provide adequate limits on the telephone and internet data the government is collecting.”

Moreover, the story regarding NSA surveillance keeps going on. It hasn’t faded. The overall trend is that there is now sustained heat on the NSA and a sustained stirring for changing the law to provide greater oversight and controls on government surveillance.

Continue Reading

Notable Privacy and Security Books 2013

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 28, 2013

Notable Privacy Security Books 2013 - TeachPrivacy

Here are some notable books on privacy and security from 2013. To see a more comprehensive list of nonfiction works about privacy and security, Professor Paul Schwartz and I maintain a resource page on Nonfiction Privacy + Security Books.

Continue Reading

NSA Metadata Surveillance and the Fourth Amendment

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 24, 2013

metadata

by Daniel J. Solove

A U.S. District Court recently held that the NSA surveillance of telephone metadata likely violates the Fourth Amendment. The case is Klayman v. Obama.

The NSA surveillance program involves an incredibly broad gathering of metadata about people’s conversations. Metadata doesn’t include the conversations themselves, just data about when and to whom they are made — i.e., not the content of the phone conversations but the phone numbers of the people having the conversations.

The key Fourth Amendment case at issue is Smith v. Maryland, 442 U.S. 745 (1979), which held that a pen register device capturing the phone numbers a person dialed wasn’t protected by the Fourth Amendment partly because the phone company had access to the phone numbers and partly because phone numbers weren’t viewed to be as sensitive as the phone conversations themselves.

Continue Reading

Why Schools Are Flunking Privacy and How They Can Improve

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 24, 2013

pixel cloud network icon computer

by Daniel J. Solove

Fordham School of Law’s Center on Law and Information Policy (CLIP), headed by Joel Reidenberg, has released an eye-opening and sobering study of how public schools are handling privacy issues with regard to cloud computing. The study is called Privacy and Cloud Computing in Public Schools, and it is well worth a read.

Continue Reading

Why Metadata Matters: The NSA and the Future of Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
December 2, 2013

metadata pic blog 1

 by Daniel J. Solove

Over at Slate, Dahlia Lithwick and Steve Vladeck have a great piece about why “metadata” matters. It is very much worth reading. Here are some of my thoughts on the matter.

Several National Security Agency (NSA) surveillance programs involve gathering metadata about our communications (the numbers we call or the email addresses we email). This data is distinguished from the content of the communications, which is understood to be more sensitive and important. Sometimes, metadata is referred to as “envelope” information because it is akin to an envelope we send a letter in – and the letter itself is the “content” information.

Is the envelope information really that sensitive? “Nobody is listening to your telephone calls,” President Obama declared. Intelligence agencies are “looking at phone numbers and durations of calls; they are not looking at people’s names, and they’re not looking at content.” So should we breathe easier?

The answer is no. There are several reasons why the privacy of metadata matters tremendously.

Continue Reading

Privacy and Data Security in Higher Education

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
November 19, 2013

Computer work

by Daniel J. Solove

I was recently interviewed in HR Horizons, the magazine of the National Association of College and University Business Officers (NACUBO) on the topic of privacy and data security in higher education. Here are a few excerpts:

What is the difference between data security and data privacy, and what risks do each pose for a college or university?

Data security involves everything you need to know and do to secure the data you have and produce. This includes technical safeguards you should have in place such as firewalls, virus protection, and password controls. It includes processes for monitoring access to data. And it also includes physical controls, such as policies for data destruction like document-shredding programs. Data security officers most often have a technical background and operate from within the IT unit of a university.

Continue Reading

Is Privacy Law Constitutional? Is Personal Data Speech?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
November 18, 2013

blog-constitutional-1by Daniel J. Solove

Professor Neil M. Richards (Washington University School of Law) has posted a draft chapter of his forthcoming book about privacy law and free speech. It is a fascinating piece — very accessible and engaging. It’s called Why Data Privacy Law is (Mostly) Constitutional.

Eyebrows were raised a few years ago when the U.S. Supreme Court struck down a privacy statute in Sorrell v. IMS Health, Inc., 131 S.Ct. 2653 (2011). A Vermont statue restricted pharmacies from disclosing personal data for marketing purposes and barred pharmaceutical companies from using personal data for marketing without people’s consent. The Supreme Court held that the statute violated the First Amendment because it singled out particular content and particular speakers.

Does this mean that most privacy laws have a problem with the First Amendment right to free speech? After all, privacy laws mandate restrictions on uses and disclosures of personal data.

Continue Reading