Coming Soon: “Containing Big Tech” (the book)
The book "Containing Big Tech: How to Protect Our Civil Rights, Economy, and Democracy" will published by Fast Company Press. It provides a path forward to rein in online surveillance, AI, and tech monopolies.

FAQ Regarding SB 1059: The Bill to Strengthen California’s Data Broker Law
FAQ regarding SB 1059 -- the bill to strengthen California's Data Broker law.

SB 1059 Introduced to Put More Teeth into California Data Broker Law
SB 1059 significantly strengthens California’s existing data broker law by giving Californians increased visibility into businesses known as data brokers that knowingly collect, sell, and share the personal information of a consumer with whom the business does not have a direct relationship.

Enhancing and Aligning the California Data Breach Notification Law with the CPRA
The California Data Breach Notification law needs to be enhanced and better aligned with the California Privacy Rights Act (CPRA).

A Roadmap for California Privacy and Data Security
So, now that Prop 24 has passed, what should California do next vis a vis privacy and data security? This blog post provides a roadmap for California to better protect our consumer privacy and improve data security.

The Top 12 Ways the CPRA Significantly Increases Privacy Rights
The top 12 privacy enhancements that Californians get with the California Privacy Rights Act of 2020.

Comparing Business Obligations: GDPR vs. CCPA vs. CPRA
Comparing business obligations of GDPR, CCPA and CPRA

Problems with the California AG’s Reporting on Data Breaches
The California AG's reporting on data breaches turns to have a few big problems.

Drilling Down on the California Breach Notification Law
Drill down on California's Data Breach Notification Law

Looking at US Data Protection Laws in the Context of the CCPA
To understand the CCPA, you first need to understand what existing US privacy and data protection laws exist.

GDPR Cheat Sheet
A summary of the scope, rights, obligations and enforcement mechanisms found in the GDPR

The Need for a Comprehensive Breach Notification Law (and Then Some)
While recently drilling down into trend lines regarding data breaches and cybersecurity spend, it has became readily apparent that we are flying blind regarding the true enormity of the hacking problem we are facing.

Is Security Spending Keeping Pace?
In my last two blog posts, I looked at the trend lines vis a vis data breaches from a number of annual reported breaches and compromised records, including factoring out the impact of major whale breaches. The caveat of course is this is based on what’s publicly reported.

How Badly are Data Breach "Whales" Impacting the Breach Trend Lines?
Shortly after posting “Data Breaches: So How Bad is it Getting?“, it dawned on me that it might be interesting to factor out the big “whale” breaches (e.g. Yahoo! in 2016 with 3+ billion compromised records) to get a feel for what “run rate” breach rate really is in terms of compromised records. So consider this blog post an addendum to that blog post.

Data Breaches – So How Bad is it Getting?
The number of breaches seem to be leveling off, but the number of compromised records is growing dramatically. And it is quite evident we need a federal law for breach notification.