PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

The Brave New World of HIPAA Enforcement

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 28, 2014

hipaa enforcement

law blog 2

by Daniel J. Solove

Are privacy and security laws being enforced effectively? This post is post #4 of a series called Enforcing Privacy and Security Laws.

hhs logoThe Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS). Additionally, state attorneys general (AGs) may enforce HIPAA – only a few federal privacy laws can also be enforced by state AGs.

Continue Reading

Who Are the Privacy and Security Cops on the Beat?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 21, 2014

privacy and security

law blog 2

by Daniel J. Solove

Are privacy and security laws being enforced effectively? This post is post #3 of a series called Enforcing Privacy and Security Laws.

Continue Reading

The Privacy Pillory and the Security Rack: The Enforcement Toolkit

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 17, 2014

privacy pillory

law blog 2

by Daniel J. Solove

Are privacy and security laws being enforced effectively? This post is post #2 in a series called Enforcing Privacy and Security Laws. See the end of this post for links to other posts in this series.

What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Continue Reading

Why Enforce Privacy and Security Laws?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 15, 2014

law blog 1by Daniel J. Solove

law blog 2

PART 1

Are privacy and security laws being enforced effectively? This post is part of a series called Enforcing Privacy and Security Laws.

How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts?

I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”

Continue Reading

Why Being Well-Regulated Is Good for Business

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 6, 2014

?????????????

by Daniel J. Solove

After Apple announced that it wouldn’t provide law enforcement with an easy back door to access data on people’s devices, we heard loud whining coming from the FBI and various security proponents that this would be bad for security.

Continue Reading

The Best Preventative Medicine for Health Data Breaches

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 6, 2014

data breach 1

by Daniel J. Solove

Last week, I gave a keynote address at a conference called Safeguarding Health Information: Building Assurance through HIPAA Security, sponsored by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). I’d like to summarize my remarks here for anyone interested who wasn’t able to attend.

Continue Reading

How to Enter the Privacy Profession

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 29, 2014

privacy profession

by Daniel J. Solove

The privacy profession is growing by leaps and bounds, but entering it is tricky. My law students and others frequently ask me how they can enter the privacy field. Most jobs seem to require a few years of experience, but the privacy profession is still relatively new, and getting this experience can be difficult because there are not many clear paths to entry.

Once in the field, the demand is high for privacy professionals with experience. But there is a bottleneck in getting into the club. I have written about this problem in a previous blog post.

Continue Reading

Big Myths About Big Data

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 23, 2014

big data post

by Daniel J. Solove

The FTC held a workshop this Monday about Big Data. The term “Big Data” is used everywhere these days, and depending upon who is talking about it, Big Data is either the hippest thing in the world and the producer of miracles that will save the human race, or it is the scourge of all evil and the doom of freedom and democracy. I think that neither is the truth, and I want to dispel some myths about Big Data:

Continue Reading

Why Do Lawsuits for Data Breaches Continue Even Though the Law Is Against Plaintiffs?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 22, 2014

chess pic 1

by Daniel J. Solove

If there’s a big data breach, the class action lawyers will start nipping like a bunch of hungry crocodiles. Upwards of forty separate lawsuits were filed against Target after its data breach, and one was filed the day after the breach became public knowledge.

The law, however, has thus far been far from kind to plaintiffs in data breaches. Most courts dismiss claims for lack of harm. I have written extensively about harm in a series of posts on this blog, and I have chided courts for failing to recognize harm when they should.

Continue Reading