PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

What Is Sensitive Data? Different Definitions in Privacy Law

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 31, 2014

Sensitive Data Image 01

by Daniel J. Solove

I was corresponding with K. Royal the other day, as she was graciously providing some feedback on a training program I created, and we got to talking about sensitive data. In their privacy laws, many countries designate a special category of data called “sensitive data” that receives especially stringent protections.

The most common list of categories for sensitive data is the list in the EU Data Protection Directive, which includes data about “racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, health, and sex life.”

The US has no special category of “sensitive data” but US privacy law does protect certain forms of data more stringently (health, financial).

I find it interesting what various countries define as sensitive data, and K Royal has created an awesome chart that she shared with me:

Chart of Sensitive Data in Various Countries

To a privacy wonk like me, a chart like this makes me giddy with excitement, and so I thought I’d share it with you (with her permission, of course).

Here’s a tally of the various types of most-commonly recognized categories of sensitive data. This is based on a chart of the sensitive data category of many countries that K Royal created.

Sensitive Data Chart Word Tally 03

SPECIFIC COUNTRIES’ DEFINITIONS OF SENSITIVE DATA

You can access the full Excel spreadsheet of the data here.

Note: The entry for “standard” means the standard list from the EU Data Protection Directive. The categories encompassed by “standard” include the one beginning “national, Racial/Ethnic” through “sexual preferences and practices.”  More background about K’s project can be found at her blog.

If you want to see the spreadsheet data laid out in a blog post, you can see my longer post about the issue at my LinkedIn Blog.

How Should the Law Handle Privacy and Data Security Harms?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 30, 2014

law handle privacy and data security harms 1

by Daniel J. Solove

In three earlier posts, I’ve been exploring the nature of privacy and data security harms.

In the first post, Privacy and Data Security Violations: What’s The Harm?, I explored how the law often fails to recognize harm for privacy violations and data breaches.

In the second post, Why the Law Often Doesn’t Recognize Privacy and Data Security Harms, I examined why the law has struggled in recognizing harm for privacy violations and data breaches.

Continue Reading

The Most Effective Factor in Education

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 21, 2014

most effective education blog 1

by Daniel J. Solove

I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.

Simply put, students must care about learning the material. The more they care, the more they learn.

The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.

Continue Reading

Do Privacy Violations and Data Breaches Cause Harm?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 16, 2014

L

by Daniel J. Solove

In two earlier posts, I’ve been exploring the nature of privacy and data security harms.

Post 1: Privacy and Data Security Violations: What’s The Harm?

Post 2: Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

In this post, I want to explore two issues that frequently emerge in privacy and data security cases: (a) the future risk of harm; and (b) individual vs. social harm.

Continue Reading

Why the Law Often Doesn’t Recognize Privacy and Data Security Harms

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 9, 2014

why the law blog 1

by Daniel J. Solove

In my previous post on privacy/security harms, I explained how the law is struggling to deal with privacy and data security harms. In this post, I will explore why.

The Collective Harm Problem

One of the challenges with data harms is that they are often created by the aggregation of many dispersed actors over a long period of time. They are akin to a form of pollution where each particular infraction might, in and of itself, not cause much harm, but collectively, the infractions do create harm.

Continue Reading

Follow Professor Solove on Social Media

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 9, 2014

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:

Professor Solove’s LinkedIn Influencer blog

LinkedIn Influencer 02 You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has more than 600,000 followers.

LinkedIn Influencer 01

*    *    *    *

Professor Solove’s Twitter Feed

Twitter 01Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.

*    *    *    *

Professor Solove’s Newsletter

Newsletter 01Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.

*    *    *    *

Professor Solove’s LinkedIn Discussion Groups

Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:

Privacy and
Data Security		 HIPAA Privacy
and Security		 Education Privacy
and Data Security
Image Group LinkedIn Logo Education Privacy 01 Image Group LinkedIn Logo HIPAA 01 Image Group LinkedIn Logo Privacy Security 01

Facebook’s Psych Experiment: Consent, Privacy, and Manipulation

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 7, 2014

facebook psych blog 1

by Daniel J. Solove

This weekend, the results of an experiment conducted by researchers and Facebook were released, creating a fierce debate over the ethics of the endeavor. The experiment involved 689,003 people on Facebook whose News Feed was adjusted to contain either more positive or more negative emotional content. The researchers were looking for whether this had an effect on these people’s moods. And it did, albeit a small one. People exposed to more positive content had posts that were more positive, and those exposed to more negative content had posts that were more negative. This was measured by the types of words they used.

The experiment launched a fierce response from critics, some of whom decried it as unethical and creepy. In my view, it isn’t productive to castigate Facebook or the researchers, as the problems here emerge from some very difficult unresolved issues that go far beyond this experiment and Facebook. I want to explore these issues, because I’m more interested in making progress on these issues than on casting stones.

Continue Reading

Privacy and Data Security Violations: What’s the Harm?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 2, 2014

privacy and data security violation blog 1

by Daniel J. Solove

“It’s just a flesh wound.”

Monty Python and the Holy Grail

Suppose your personal data is lost, stolen, improperly disclosed, or improperly used. Are you harmed?

Suppose a company violates its privacy policy and improperly shares your data with another company. Does this cause a harm?

In most cases, courts say no. This is the case even when a company is acting negligently or recklessly. No harm, no foul.

Continue Reading

Does the U.S. Supreme Court’s Decision on the 4th Amendment and Cell Phones Signal Future Changes to the Third Party Doctrine?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 2, 2014

T

by Daniel J. Solove

Today, the U.S. Supreme Court handed down a decision on two cases involving the police searching cell phones incident to arrest. The Court held 9-0 in an opinion written by Chief Justice Roberts that the Fourth Amendment requires a warrant to search a cell phone even after a person is placed under arrest.

The two cases are Riley v. California and United States v. Wurie, and they are decided in the same opinion with the title Riley v. California. The Court must have chosen toname the case after Riley to make things hard for criminal procedure experts, as there is a famous Fourth Amendment case called Florida v. Riley, 488 U,S, 445 (1989), which will now create confusion whenever someone refers to the “Riley case.”

Continue Reading

Being a Juror Can Result in a Huge Loss of Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 30, 2014

being a juror blog 1

by Daniel J. Solove

For trial attorneys, a key component to winning is carefully selecting people for the jury and tailoring arguments to best influence, nudge, or perhaps even manipulate jurors into reaching a particular verdict. As a result, there is a hunger to learn about the private lives of jurors, and serving on a jury can entail a huge loss of privacy.

Continue Reading