Syllabus

This is the current syllabus for the Privacy & Security Law course (e.g. Digital Security for Tax Practitioners in the Graduate Tax Program of Villanova University School of Law.

September
8 Class 1 Internet Foundation	15 Class 2 Strategic Information Management	22 Class 3 Information Safeguarding	29 Class 4 Jurisdiction & Cyberspace
October
6 Class 5 Cyber Crime	13 Class 6 Computer Fraud & Abuse Act	20 Class 7 CAN-SPAM Act & Other Cyber Laws	27 Class 8 Government Access to Information
November
3 Class 9 Privacy Law & Rights	10 Class 10 Privacy Concepts	17Class 11 Electronic Communications Privacy Act	24 Class 12 Basic Data Protection (No Class, Reading)
December
1 Class 13 Health Insurance Portability & Accountability Act	8 Class 14 EU Data Protection Directive/APEC Privacy Framework	14 Exams Due	21 Vacation

[ Back to top ]

Class Materials

Below are the materials to support the classes listed in the syllabus. Some links may go to sites outside the course website.

Part I: Introduction

Internet Foundation (Class 1)

• Class Slides
• Vint Cerf, A Brief History of the Internet and Related Networks

Strategic Information Management (Class 2)

• Class Slides
• Bruening, Sotto, Abrams, & Cate, Strategic Information Management, 7 Privacy & Security L. Rep. 1361 (September 15, 2008)

Information Safeguarding (Class 3)

• Class Slides
• Case Study
• Richard Kissel, Small Business Information Security: The Fundamentals, May 2009

[ Back to top ]

Part II: Security

Jurisdiction & Cyberspace (Class 4)

• Class Slides
• J. T. Westermeier & Kenneth P. Mortensen, Digital Security and Privacy Law, Ch. 8, Information Security, Sec 2, Jurisdiction

Cyber Crime (Class 5)

• Class Slides
• F. Lawrence Street & Mark P. Grant, The Law of the Internet, Ch. 7, Computer Crime
• Cases
  Briggs v. State, 348 Md. 470, 704 A.2d 904 (Md. 1997)
  United States v. Harris, 302 F.3d 72 (E.D.N.Y. 2002)
  United States v. Sablan, 92 F.3d 865 (9th Cir. 1996)
  United States v. LaMacchia, 871 F. Supp. 535 (D. Mass. 1994)
  United States v. Lamb, 945 F. Supp. 441 (N.D.N.Y. 1996)

Computer Fraud & Abuse Act (Class 6)

• Class Slides
• Susan W. Brenner, Digital Security and Privacy Law, Ch. 15, Criminal Statutes
  Read sections 1-3,7-8,18-20
• 18 U.S.C. § 1030
• Cases
  U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991)
  U.S. v. Ivanov, 175 F. Supp. 2d 367 (D. Conn 2001)
  U.S. v. Drew, 27 Fed. Appx. 164 (4th Cir. 2001)
  U.S. v. Middleton, 35 F. Supp. 2d 1189 (N.D. Cal. 1999)
  YourNetDating v. Mitchell, 88 F.Supp.2d 870 (N.D. Ill. 2000)
  CyberPromotions, Inc. v. America Online, Inc., 948 F.Supp. 436 (E.D. Pa. 1996)
  Edge v. Professional Claims Bur., Inc., 64 F.Supp.2d 115 (E.D.N.Y. 1999)
• Council of Europe, Convention on Cybercrime, Eur. Treaty Series, No. 185 (September 23, 2001)

Fraud, Phishing & Spam (Class 7)

• Class Slides
• 15 U.S.C. § 7701 et seq
• 18 U.S.C. § 1037
• Susan W. Brenner, Digital Security and Privacy Law, Ch. 15, Criminal Statutes
  Read sections 8,12-14,17.50,24.50

Government Access (Class 8)

• Class Slides
• Daniel Solove, "I've Got Nothing to Hide" and Other Misunderstandings of Privacy, 44 S.D.L.Rev. 745 (2007)
• Cases
  U.S. v. Miller, 425 U.S. 435 (1976)
  Smith v. Maryland, 442 U.S. 735 (1979)
  U.S. v. Thompson, 936 F.2d 1249 (11th Cir. 1991)
  U.S. v. Jacobson, 466 U.S. 109 (1984)
  California v. Greenwood, 486 U.S. 35 (1988)
  Kyllo v. U.S., 533 U.S. 27 (2001)

[ Back to top ]

Part III: Privacy

Privacy Law & Rights (Class 9)

• Class Slides
• Samuel D. Warren & Louis D. Brandeis, The Right to Privacy
• Daniel J. Solove, Conceptualizing Privacy

Privacy Concepts (Class 10)

• Class Slides
• Fred Cate, Privacy Protection in the United States

Electronic Communications Privacy Act (Class 11)

• Class Slides
• Electronic Communications Privacy Act
• Quon v. Arch Wireless Operating Co., Inc., 529 F.3d 892 (9th Cir. 2008)

Data Protection Issues (Class 12)

• Paul M. Schwartz, Managing Global Data Privacy: Cross-Border Information Flows in a Networked Environment (August 2009)
• Martin Abrams, Boxing and Concepts of Harm 9 Privacy & Data Security L. J. 673 (September 2009)

HIPAA, Red Flags, and State Privacy Laws (Class 13)

• Class Slides
• Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191, 110 Stat. 1936 (August 21, 1996)
• Health Information Technology for Economic and Clinical Health Act, Pub. L. 111-5, 123 Stat. 226 (February 17, 2009)
• [HHS] Breach Notification for Unsecured Protected Health Information; Interim Final Rule, 74 Fed. Reg. 42740 (August 24, 2009)
• [FTC] Health Breach Notification Rule; Final Rule, 16 CFR Part 318, 74 Fed. Reg. 42962 (August 25, 2009)
• Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, 72 Fed. Reg. 63718 (November 9, 2007)
• FTC Red Flag Rule, A How-to Guide for Business
• Massachusetts Personal Data Security Law: (1) 201 CMR 17.00; (2) FAQ for 201 CMR 17.00; (3) Checklist; and (4) Small Business Security Plan Template

[ Back to top ]

Part IV: International

European Union Data Protection Directive (Class 14)

• Class Slides
• Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L. 281, 23/11/1995, p. 31-50.

[ Back to top ]

Important Note:
This website is in the process of being updated for the Fall 2009 semester. Please contact Ken Mortensen with any questions about the site or broken links to materials.

Site menu:

Syllabus | Part 1: Intro | Part 2: Security | Part 3: Privacy | Part 4: International | Grad Tax | Top of page

Accessibility

This web page conforms to Section 508 and to W3C's WCAG 1.0, level AA. The code is valid XHTML 1.0 Strict and CSS (no warnings).

Version info

index.cfm v2.1
(16 February 2010)

andreas03 v2.0
(24 April 2008)