PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Tag: Data Security

Archive of all posts about data security by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.

Why Enforce Privacy and Security Laws?

Posted on by Daniel Solove

by Daniel J. Solove PART 1 Are privacy and security laws being enforced effectively? This post is part of a series called Enforcing Privacy and Security Laws. How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws […]

5 Key Quotes from the FTC v. Wyndham Decision on Data Security

Posted on by Daniel Solove

by Daniel J. Solove This post was co-authored by Professor Woodrow Hartzog. The long-awaited federal district court opinion in FTC v. Wyndham was finally released last week. The U.S. District Court for the District of New Jersey rejected Wyndham’s arguments that the FTC lacks the authority to regulate unfair data security practices, that the FTC […]

Heartbleed: A Data Security Bug of Titanic Proportions that Affects Most of the Internet and that Will Have Enormous Implications

Posted on by Daniel Solove

by Daniel J. Solove It sounds like a late April Fool’s joke, but it isn’t. Heartbleed, a data security bug in Open SSL, allows hackers to access personal data and encryption keys. This vulnerability has existed for 2+ years, and there is no way to know if your data has been compromised. And the majority […]

One of the Most Important Data Security Cases Was Just Decided: FTC v. Wyndham

Posted on by Daniel Solove

by Daniel J. Solove The case has been quite long in the making. The opinion has been eagerly anticipated in privacy and data security circles. Fifteen years of regulatory actions have been hanging in the balance. We have waited and waited for the decision, and yesterday, it finally arrived. The case is FTC v. Wyndham, […]

Duties When Contracting with Data Service Providers

Posted on by Daniel Solove

by Daniel J. Solove In the world of data protection, it’s an old story: Personal data gets shared with a third party data service provider, and then something goes wrong at the provider. Whose fault is it? The organization that shared the personal data with the vendor certainly has responsibility, as organizations are generally responsible […]

Data Security Is an Art, Not Just a Science

Posted on by Daniel Solove

by Daniel J. Solove Far too often, the mandate for data security is simply to “secure it,” and people often think of data security as a set of clear choices. This is in contrast to privacy, which is understood as a set of muddy policy issues. But data security is, in fact, quite muddy itself. […]