INFORMATION SECURITY AWARENESS TRAINING SOCIAL ENGINEERING: SPIES AND SABOTAGE “Social engineering” is the use of trickery to fool people into divulging confidential information or into facilitating unauthorized access into computers or accounts. Simply put, humans are easier to hack than machines. Hackers use a set of techniques that people will often fall for. Even the […]
PRIVACY AWARENESS TRAINING PRIVACY BY DESIGN The term “Privacy by Design” was coined by Ann Cavoukian, the former Information and Privacy Commissioner of Ontario, Canada and now Executive Director of the Privacy and Big Data Institute at Ryerson University. According to Cavoukian, “Privacy by Design refers to the philosophy and approach of embedding privacy into the […]
PRIVACY AND DATA PROTECTION BY DESIGN TRAINING This newly updated course (~18 min) teaches the basics of privacy and data protection by design training to engineers, designers, and other workforce members. To effectively design for privacy and data protection, one must identify and assess the various issues that might arise. Doing so can be challenging […]
HIPAA ENFORCEMENT FAQ by Daniel J. Solove The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive protected health information (PHI) from covered entities when performing functions for them. Who Enforces HIPAA? HIPAA is enforced by the Office for […]
What Is an “Education Record” Under FERPA? A Discussion and Flowchart by Daniel J. Solove The scope of coverage of the Family Educational Rights and Privacy Act (FERPA) of 1974, 20 U.S.C. § 1232g, is a challenging issue. It does not cover all information about students. Nor does it cover all information about people that […]
TEXT OF HIPAA’S TRAINING REQUIREMENTS HIPAA Privacy Rule 45 CFR § 164.530(b)(1) 45 CFR § 164.530 Administrative requirements (b) (1) Standard: Training. A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information required by this subpart and subpart D of this part, as necessary […]
HIPAA TRAINING REQUIREMENTS: FAQ by Daniel J. Solove HIPAA has extensive training requirements, and they are often a source of many questions and confusion. Whom do they apply to? What topics must covered entities train on? Do business associates need to have HIPAA training? Which employees must be trained under HIPAA? How often must people […]
PRIVACY AWARENESS TRAINING PRIVACY, RISK, AND TRUST For organizations, protecting privacy is an issue of risk and trust. Protecting privacy mitigates risks of costly incidents, reputational harm, regulatory penalties, and other harms. Protecting privacy also is essential to people’s trust in an organization. An organization depends upon the trust of its existing and prospective customers, […]
HEALTH PRIVACY + SECURITY UPDATE Health Privacy + Security Update is a periodic briefing of new cases, statutes, articles, books, resources, and other developments. It is authored by Professors Daniel J. Solove and Paul M. Schwartz. Professors Solove and Schwartz are the co-authors of numerous articles, five casebooks, and a treatise. Their 1200-page casebook, Information […]
An Overview of Education Privacy by Daniel J. Solove Privacy is essential in education, and all educational institutions have duties to their communities to protect privacy robustly. What does protecting privacy entail? Why does it matter? What privacy issues should be addressed? In what follows below, I will provide answers to these questions. Why Is […]