LAW-2911 Privacy/Data Security

This course, Privacy Protection and Data Security Requirements and Practices, will explore requirements for protecting the privacy of individually identifiable information and providing for the security of data in business activities with particular focus on the types of information typically collected in the healthcare, life sciences, and biotechnology fields. Material covered will include federal laws and regulations protecting the privacy of health information such as the Health Insurance Portability and Accountability Act (HIPAA), protections for financial information under statutes such as the Gramm-Leach-Bliley Act, requirements for protecting consumer information, and requirements for securing protected information from unauthorized access. In addition to federal requirements, the course will explore the increasing role of state law in creating legal protections for consumer and other personally identifiable information, and protections under other legal systems with particular emphasis on the European Union General Data Protection Regulation. Students will gain an understanding of the obligations of organizations to create systems for collecting, storing, managing, and securing data and for providing notice and other appropriate response in the event of a breach or ransom demand. Class sessions will incorporate guest lectures from lawyers and information technology professionals to provide practical context for the course discussions. Course requirements will involve preparation of two short papers and a final project or paper.