PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Data Security: The Greatest Threat Is Internal

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
October 22, 2013

Virus in program code

by Daniel J. Solove

A PC World article discusses a new study by Forrester that reveals that internal threats are the “leading cause” of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve “inadvertent misuse of data by employees.”

According to the article, the study also indicated that “only 42 percent of the North American and European small and midsize business workforce surveyed had received training on how to remain secure at work, while only 57 percent say that they’re even aware of their organization’s current security policies.” The article quotes Heidi Shey, the study’s author, who says: “People don’t know what they don’t know. You’ve got to give them some kind of guidance and guard rails to work with.”

Continue Reading

A List of Privacy Training and Data Security Training Requirements in Laws, Regulations, and Industry Codes

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
September 9, 2013

Privacy Writing 04by Daniel J. Solove

I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training.  I know about a number of training requirements, but didn’t have a formal list.  I realized that such a list would be useful, so I created one with the help of Joe Newman, a former student who now does some work for my company.

The PDF is here.  It provides information about each requirement, citations, and quotations of the relevant provisions.  Below is a summary.   If there are any training requirements we missed, please let me know.

Continue Reading

The FTC and the New Common Law of Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
August 20, 2013

Bby Daniel J. Solove

I recently posted a draft of my new article, The FTC and the New Common Law of Privacy (with Professor Woodrow Hartzog).

You can download it for free on SSRN.

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite more than fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States – more so than nearly any privacy statute and any common law tort.

Continue Reading

The Stunning Need for Improvement on Mobile and Cloud Risks

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 29, 2013

Cloud and Mobile 02by Daniel J. Solove

A recent study by the Ponemon Institute, The Risk of Regulated Data on Mobile Devices and in the Cloud*, reveals a stunning need for improvement on managing the risks of mobile devices and cloud computing services. The survey involved 798 IT and IT security practitioners in a variety of organizations including finance, retail, technology, communications, education, healthcare, and public sector, among others. The results are quite startling.

The study concluded that “the greatest data protection risks to regulated data exist on mobile devices and the cloud.” 69% of respondents listed mobile devices as posing the greatest risk followed by 45% who listed cloud computing.

Continue Reading

Higher Education Needs Privacy Officers and Privacy/Security Training

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 9, 2013

Climbing Vines of Ivy

In 2007, Seung Cho, a student at Virginia Tech, killed 32 students and faculty and wounded 17. He then committed suicide.

One of the most troublesome things about this incident was that it might have been prevented if school officials and employees had a better grasp of privacy law. Appointed by the state governor, the Virginia Tech Review Panel issued an extensive report revealing that several University officials and employees knew about Cho’s mental instability but failed to share what they knew with each other. And nobody ever told Cho’s parents about his problems, his stalking of a female student, and his dark writings and erratic behavior. Cho’s parents said that if they had known, they would have taken him home and made him go to therapy. This is what they did when Cho had problems in high school.

Continue Reading

Why Learning the Humanities Is a Key to Success

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 25, 2013


recent piece in the New York Times by Verlyn Klinkenborg discusses the withering of humanities in higher education: “The teaching of the humanities has fallen on hard times. So says a new report on the state of the humanities by the American Academy of Arts and Sciences.” Students majoring in key humanities subjects are dwindling, and the article mentions rapidly fewer numbers of English majors. According to the article: “Undergraduates will tell you that they’re under pressure — from their parents, from the burden of debt they incur, from society at large — to choose majors they believe will lead as directly as possible to good jobs. Too often, that means skipping the humanities.”Continue Reading

Employers and Schools that Demand Account Passwords and the Future of Cloud Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 3, 2013

Passwords 01by Daniel J. Solove

In 2012, the media erupted with news about employers demanding employees provide them with their social media passwords so the employers could access their accounts. This news took many people by surprise, and it set off a firestorm of public outrage. It even sparked a significant legislative response in the states.

I thought that the practice of demanding passwords was so outrageous that it couldn’t be very common. What kind of company or organization would actually do this? I thought it was a fringe practice done by a few small companies without much awareness of privacy law.

Continue Reading

New Privacy Training Programs: US, EU, and Global Privacy Law

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 29, 2013

by Daniel J. Solove

We have launched several new privacy training programs, including a series with brief introductions to privacy law.  We have completed a privacy training program about US Privacy Law with a video and interactive material / quiz questions.  And we just completed a training program about EU Privacy Law.  This program has a 7.5 minute video (as well as an abridged version at 4.5 minutes), and there’s a separate excerpt on the Safe Harbor Arrangement for those who only want to cover Safe Harbor in their training programs.

These programs are illustrated-as-I-talk.  You can preview the European Union Privacy Law video.

Coming soon: Global Privacy Law, which will focus heavily on the OECD Privacy Guidelines and  the APEC Privacy Framework.

European Union Privacy Training

 

 

New Financial Privacy Training Programs

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 29, 2013

by Daniel J. Solove

We have begun producing a new program series about financial privacy.  The first two programs are completed.

The first part is an overview video that discusses the importance of financial privacy and the various laws and regulations that regulate.  These laws and regulations are discussed very broadly.  The video concludes with some key best practices for protecting financial data.  This video is made in a unique style — an animated piece of currency.

The second program focuses on the Gramm-Leach-Bliley Act (GLBA).  The video discusses the GLBA’s scope, notice, confidentiality, data sharing, and security.  The video also explains why protecting the privacy and security of financial data is important.

Gramm-Leach-Bliley Act Privacy Training GLBA

There are interactive materials and quiz questions to accompany the video.

Privacy Self-Management and the Consent Dilemma

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 21, 2013

by Daniel J. Solove

I’m pleased to share with you my new article in Harvard Law Review entitled Privacy Self-Management and the Consent Dilemma, 126 Harvard Law Review 1880 (2013). You can download it for free on SSRN. This is a short piece (24 pages) so you can read it in one sitting.

Here are some key points in the Article:

Continue Reading