All posts tagged privacy training

Did the LabMD Case Weaken the FTC’s Approach to Data Security?

Daniel Solove
Founder of TeachPrivacy

Federal Trade Commission - Washington, DC

Co-Authored by Prof. Woodrow Hartzog

On Wednesday, the U.S. Court of Appeals for the 11th Circuit issued its long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018). While there is some concern that the opinion will undermine the FTC’s power to enforce Section 5 for privacy and security issues, the opinion actually is quite narrow and is far from crippling.

While the LabMD opinion likely does have important implications for how the FTC will go about enforcing reasonable data security requirements, we think the opinion still allows the FTC to continue to build upon a coherent body of privacy and security complaints in an incremental way similar to how the common law develops. See Solove and Hartzog, The FTC and the New Common Law of Privacy, 114 Columbia Law Review 584 (2014).

Continue Reading

GDPR Humor: A Collection of GDPR Cartoons and More

Daniel Solove
Founder of TeachPrivacy

GDPR Humor - TeachPrivacy GDPR Training 02

Feeling stressed out about GDPR?  I can help!  Here are all of my GDPR cartoons and attempts at GDPR humor in one post.  It’s much better to laugh than to cry . . .

Continue Reading

GDPR Whiteboard and GDPR Interactive Whiteboard

Daniel Solove
Founder of TeachPrivacy

GDPR Whiteboard - TeachPrivacy GDPR Training

Recently, I created two new GDPR training resources.

GDPR Whiteboard

I created a 1-page visual summary of the GDPR, which I call the GDPR WhiteboardThe idea was to capture the key points of the General Data Protection Regulation (GDPR) in a succinct and visually-engaging way.  It has become quite popular, receiving thousands of downloads.  You can download a PDF handout version here.  We’ve been licensing it to many organizations for training and awareness purposes.

GDPR Whiteboard - TeachPrivacy Privacy Awareness Training 02 small

GDPR Interactive Whiteboard

I subsequently created a new training module — an interactive version of the GDPR Whiteboard – the GDPR Interactive Whiteboard.  When people click on each topic, the program provides brief narrated background information, presented in a very understandable and memorable way.  Trainees can learn at their own pace.  This program is designed to be very short — it is about 5 minutes long.

It can readily be used on internal websites to raise awareness and teach basic information about GDPR. It can also be used in learning management systems.

GDPR Whiteboard Interactive - TeachPrivacy GDPR Training

GDPR Whiteboard Interactive - TeachPrivacy GDPR Training

Continue Reading

Silencing #MeToo: How NDAs and Litigation Stifle Victims, Innovators, and Critics — An Interview with Orly Lobel

Daniel Solove
Founder of TeachPrivacy

 

Countless women have been coming forward to say #MeToo and share their traumatic stories of sexual harassment and assault. But there are many stories we’re not hearing. These stories are being silenced by extremely broad nondisclosure agreements (NDAs), some made at the outset of employment and others when settling litigation over sexual harassment. They stop victims from talking. They also silence other employees who witness sexual harassment of co-workers. NDAs were a powerful device used by Harvey Weinstein to hush up what he was doing.

In her new book, You Don’t Own Me: How Mattel v. MGA Entertainment Exposed Barbie’s Dark Side, Professor Orly Lobel tells a fascinating story about the Barbie versus Bratz litigation, which went on for about a decade. Her book is a page turner — told as a story that could readily be a movie. The book succeeds brilliantly as a gripping tale. But it goes beyond great storytelling to explore many important issues related to business, employment, and intellectual property: the enormous power of corporate employers, the weaponized use of intellectual property to stifle innovation, the dismal failure of business ethics, the troubling use of nondisclosure agreements (NDAs) to maintain dominance and power, and the punishing litigation process. Continue Reading

Preparing for GDPR: A Year to Batten Down the Hatches

Daniel Solove
Founder of TeachPrivacy

The General Data Protection Regulation (GDPR) will go into effect on May 25, 2018.  The GDPR strengthens privacy protections in the EU and includes a number of additional rights and responsibilities.

Continue Reading

Privacy Training for Data Privacy Day

Daniel Solove
Founder of TeachPrivacy

Data Prviacy Data Privacy Awareness Training Courses 01

Data Privacy Day Logo 01

For Data Privacy Day this year, I’m happy to make available for the day two new short privacy training programs I created in collaboration with Intel.  Ordinarily, I require a login to view my training programs, but for this day, I have put them outside the wall for anyone to see.  So click on the programs below to watch them — I’ll keep them up through the weekend.  Then, they’ll go behind the wall, so you’ll need to request an evaluation login to see them afterwards.

NOTE: These programs are now no longer publicly available.  To see them, please contact us.

The first program is a short 2-minute awareness video about Data Retention.

The second program is an 8.5 minute program called Defining Personal Information.  It seeks to explain how to identify personal information, which is a tricky issue because what counts as personal information is not static and is contextual and contingent in some cases.

These programs were created for Intel with their collaboration.  Intel graciously allowed me to add generic versions of these programs to my training course library.   And in support of Data Privacy Day, Intel was encouraging of my making them publicly available.

I. Data Retention

Privacy Awareness Training Module - Data Retention

II. Defining Personal Information

Privacy Awareness Training Module - Defining Personal Information

Continue Reading

GDPR Cartoon: Taking Privacy Seriously

Daniel Solove
Founder of TeachPrivacy

cartoon-gdpr-training-privacy-shield-training-02

I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy.  More work gets thrown onto the shoulders of under-resourced privacy departments.

It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization.  Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018.  It’s never too early for organizations to start preparing.  GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases.  For more information, see the FAQ page I created about the GDPR and privacy awareness training.

Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take.  Privacy office budgets and sizes should be going up by a lot these days.

Continue Reading

Privacy Shield Training

Daniel Solove
Founder of TeachPrivacy

Privacy Shield Training Course

I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework.  Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US.  Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in the case of Schrems v. Data Protection Commissioner.

Continue Reading

When Is a Person Harmed by a Privacy Violation? Thoughts on Spokeo v. Robins

Daniel Solove
Founder of TeachPrivacy

privacy

When is a person harmed by a privacy violation?

The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins.  

Spokeo Logo

Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile.  Spokeo’s profiles are used by potential employers and others to search for data about people.  FCRA requires that information in profiles for these purposes be accurate, and it allows people to sue if information is not.

 

Continue Reading

6 Reasons to Visit the TeachPrivacy Booth at the IAPP Summit 2016

Daniel Solove
Founder of TeachPrivacy

TeachPrivacy privacy and security awareness training 03 IAPP

Please stop by the TeachPrivacy booth at the expo at the IAPP Summit.

 

1. Play our new game. 

See if you can spot all the privacy and data security risks in this scene.  Pick up a copy of the scene, see our poster, and try out our interactive module.

Continue Reading