Archive of all posts about data security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
By Daniel J. Solove At my annual event, the Privacy+Security Forum, which was held last month, one of the sessions involved privacy and security in fiction. The panelists had some terrific readings suggestions, and I thought I’d share with you the write-up that they generated for their session. The speakers were: Peter Winn, Assistant U.S. […]
By Daniel J. Solove The US regulates privacy with a sectoral approach, with laws that are directed only to specific industries. In contrast, the EU and many other countries have an omnibus approach — one overarching law that regulates privacy consistently across all industries. The US is an outlier from the way most countries regulate […]
I am pleased to announce that Alan Westin’s classic work, Privacy and Freedom, is now back in print. Originally published in 1967, Privacy and Freedom had an enormous influence in shaping the discourse on privacy in the 1970s and beyond, when the Fair Information Practice Principles (FIPPs) were developed. The book contains a short introduction […]
By Daniel J. Solove In a profound ruling with enormous implications,the European Court of Justice (ECJ) has declared the Safe Harbor Arrangement to be invalid. [Press Release] [Opinion] The Safe Harbor Arrangement The Safe Harbor Arrangement has been in place since 2000, and it is a central means by which data about EU citizens can […]
A popular way some organizations are raising awareness about phishing is by engaging in simulated phishing exercises of their workforce. Such simulated phishing can be beneficial, but there are some potential pitfalls and also important things to do to ensure that it is effective. 1. Be careful about data collection and discipline Think about the data […]
By Daniel Solove I previously shared 5 of my favorite novels about privacy and security, and I’d now like to share 6 of my favorite films about these topics — because I just couldn’t whittle the list down to 5. I was thinking about my favorite films because I’ve been putting together a session at […]
The Payment Card Industry (PCI) Security Standards Council recently released a helpful short guide to preventing phishing attacks. Merchants and any other organization that accepts payment cards most follow the PCI Data Security Standard (PCI DSS). One of the requirements of the PCI DSS is to train the workforce about how to properly collect, handle, […]
Recently, the FTC issued a short guide to what organizations can do to protect data security. It is called Start with Security (HTML) — a PDF version is here. This document provides a very clear and straightforward discussion of 10 good information security measures. It uses examples from FTC cases.
By Daniel J. Solove Whenever I go to a doctor and am asked what I do for a living, I say that I focus on information privacy law. “HIPAA?” the doctors will ask. “Yes, HIPAA,” I confess. And then the doctor’s face turns grim. At first, it looks like the face of a doctor about […]
Over at Fierce IT Security, Professor Woodrow Hartzog and I have a new essay, 5 Things the FTC Should Do to Improve Data Security in the Wake of Wyndham. The piece discusses some enforcement strategies we believe the FTC should use to maximize its effectiveness in improving data security. Our suggestions include: Do more proactive […]