PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

How Should Data Security Breach Notification Work?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 4, 2007

Data Breach Notification

In 2005, a series of data security breaches affected tens of millions of records of personal information. I blogged about them herehereherehere, and here.

One of the major issues with data security breaches involves what kind of notification companies should provide. The spate of data security breach announcements began in February 2005, when ChoicePoint announced its breach pursuant to California’s data breach notification law. At the time, California was the only state that mandated individual notice following a breach. Subsequently, numerous states passed laws requiring that companies notify individuals of breaches. Federal legislation is currently being considered to create a national security breach provision. But key questions remain in hot contention. First, what kind of breach should trigger a notification? If the risk of harm is low, some companies contend, then providing notice can be quite costly with little benefit in return. Second, what kind of notice should be given? Notice to each individual affected? Notice to the media or FTC only?

Continue Reading

The Rise of Customer Blacklists

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 3, 2007

Blacklist

Blacklists appear to be the rage these days. With the ease of storing and sharing personal information — coupled with lax privacy law restrictions on such activities — companies can increasingly create blacklists of bad customers. In this article from the Ottawa Citizen [link no longer available], hotels in Australia and Canada (and soon the United States) are signing up for a service that compiles a blacklist against “bad” hotel guests:

Continue Reading

The Free Credit Reports That Aren’t Free

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
March 3, 2007

Free Credit Report

You’ve probably seen the commericals, which run incessantly on CNN and other cable channels. A happy young man says: “I’m thinking of a number . . . ” That number is a credit score, which you can obtain at a website called FreeCreditReport.com. You probably have heard that under a new federal law, credit reporting agencies are required to provide each person with a free credit report once a year. That website, however, has the much more obscure name AnnualCreditReport.com. I previously blogged about my experiences using AnnualCreditReport.com. One of the problems is that if you don’t know that the correct website is AnnualCreditReport.com, then it is very easy to go to the FreeCreditReport.com website. After all, it is featured quite prominently in a Google search for “free credit report.”

But there’s one catch — it ain’t free. Far from it. From the fine print:

Continue Reading

A Guide to Lobbyist Arguments on Consumer Protection

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 27, 2007

Hoofnagle Denialists Deck of Cards

Chris Hoofnagle (Berkeley’s Samuelson Clinic) has posted on SSRN his paper, The Denialists’ Deck of Cards: An Illustrated Taxonomy of Rhetoric Used to Frustrate Consumer Protection Efforts. From the abstract:

Continue Reading

The New RFID Chip

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 16, 2007

Computer Chip

Hitachi has developed a new RFID chip, one that is much smaller than existing chips. This new chip is not that much bigger than the size of a grain of sand.

RFID stands for “radio frequency identification.” RFID chips are tiny computer chips embedded into products and animals (and sometimes people) to identify and track them. The chips send a signal that can be read by a decoder.

Continue Reading

Law School Exam-Taking Tips

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 14, 2007

Law School Exam Writing Tips

Since nearly everybody on this blog is chiming in with posts about exams, I thought I’d do a post about exams too. This post consists of the advice handout I give to 1Ls about taking law school exams. I haven’t handed it out recently since I haven’t taught 1Ls in a while, though I think it could be of help to 2Ls and 3Ls too.

Unlike my previous foray into the topic of exams, this post is serious. I hope it will be helpful to our law student readers.

So here it is:

Continue Reading

DNA Sampling — For Everyone?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 6, 2007

DNA Sampling

The New York Times reports:

The Justice Department is completing rules to allow the collection of DNA from most people arrested or detained by federal authorities, a vast expansion of DNA gathering that will include hundreds of thousands of illegal immigrants, by far the largest group affected.

The new forensic DNA sampling was authorized by Congress in a little-noticed amendment to a January 2006 renewal of the Violence Against Women Act, which provides protections and assistance for victims of sexual crimes. The amendment permits DNA collecting from anyone under criminal arrest by federal authorities, and also from illegal immigrants detained by federal agents. . . .

The goal, justice officials said, is to make the practice of DNA sampling as routine as fingerprinting for anyone detained by federal agents, including illegal immigrants. Until now, federal authorities have taken DNA samples only from convicted felons.

Continue Reading

Is Identity Theft Really Declining?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
February 4, 2007

Identity Theft

study by Javelin Strategy & Research finds that identity theft declined by 11.5% in 2006:

According to the study, 8.4 million adult Americans, or one in 27, learned last year that criminals committed fraud with personal data such as credit card or Social Security numbers. That’s down from 8.9 million in 2005 and 10.1 million in 2003.

Adults under 25, African-Americans, and people who make more than $150,000 were among the groups most likely to suffer fraud, the study said. The youngest adults were also among the least likely to take steps to stop it, the study said.

Consumers on average spent $535 to clear up a fraud, though more than half spent nothing, the study said. Many businesses excuse customers from liability for certain frauds.

Results were based on a phone survey last fall of 5,006 people, including 469 who said they were fraud victims.

The survey was sponsored by Wells Fargo & Co., the fifth-largest U.S. bank; Visa, the credit card association; and CheckFree Corp., which makes bill paying software.

Continue Reading

Pruning the Airline Screening List

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 18, 2007

Airplane TSA Screening

For some time, many people have been wrongly placed on the airline no fly list or extra screening list. I blogged about some accounts of this here and here. Now, according to the AP, the TSA will finally try to clean up its lists:

The Bush administration is checking the accuracy of a watch list of suspected terrorists banned from traveling on airliners in the U.S. and will probably cut the list in half, the head of the Transportation Security Administration said Wednesday.

Kip Hawley told Congress that the more accurate list, combined with a new passenger screening system, should take care of most incidents of people wrongly being prevented from boarding a flight or frequently being picked out for additional scrutiny.

Continue Reading

The Pentagon, the CIA, and National Security Letters

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
January 14, 2007

Government Surveillance

From the New York Times:

The Pentagon and to a lesser extent the CIA have been using a little-known power to look at the banking and credit records of hundreds of Americans and others suspected of terrorism or espionage within the United States, officials said Saturday.

The C.I.A. has also been issuing what are known as national security letters to gain access to financial records from American companies, though it has done so only rarely, intelligence officials say.

Continue Reading