Privacy & Security Law
[protecting and safeguarding sensitive information]Course Description
This course examines Privacy and Security Law, including Data Protection Law, in the Information Age and provides the practitioner with an overview of the laws relating to the security and privacy of information. Issues surrounding the collection, use, storage, and sharing of personally identifiable information concerning individual will be examined to understand what protections and safeguards must be put in place by any organization handling information about individuals. The course will look at the areas of the security and privacy of financial data, consumer transactions, medical records, electronic communications, workplace information, and federal government systems. In addition, the course will provide an overview of the international aspects of security and privacy including the European Union data protection directive and the Asia Pacific Economic Community privacy and security framework.
Syllabus
This is the current syllabus for the Privacy & Security Law course (e.g. Digital Security for Tax Practitioners in the Graduate Tax Program of Villanova University School of Law.
| September | |||
| 8 Class 1 Internet Foundation |
15 Class 2 Strategic Information Management |
22 Class 3 Information Safeguarding |
29 Class 4 Jurisdiction & Cyberspace |
| October | |||
| 6 Class 5 Cyber Crime |
13 Class 6 Computer Fraud & Abuse Act |
20 Class 7 CAN-SPAM Act & Other Cyber Laws |
27 Class 8 Government Access to Information |
| November | |||
| 3 Class 9 Privacy Law & Rights |
10 Class 10 Privacy Concepts |
17Class 11 Electronic Communications Privacy Act |
24 Class 12 Basic Data Protection (No Class, Reading) |
| December | |||
| 1 Class 13 Health Insurance Portability & Accountability Act |
8 Class 14 EU Data Protection Directive/APEC Privacy Framework |
14 Exams Due |
21 Vacation |
[ Back to top ]
Class Materials
Below are the materials to support the classes listed in the syllabus. Some links may go to sites outside the course website.
Part I: Introduction
Internet Foundation (Class 1)
Strategic Information Management (Class 2)
- Class Slides
- Bruening, Sotto, Abrams, & Cate, Strategic Information Management, 7 Privacy & Security L. Rep. 1361 (September 15, 2008)
Information Safeguarding (Class 3)
- Class Slides
- Case Study
- Richard Kissel, Small Business Information Security: The Fundamentals, May 2009
[ Back to top ]
Part II: Security
Jurisdiction & Cyberspace (Class 4)
- Class Slides
- J. T. Westermeier & Kenneth P. Mortensen, Digital Security and Privacy Law, Ch. 8, Information Security, Sec 2, Jurisdiction
Cyber Crime (Class 5)
- Class Slides
- F. Lawrence Street & Mark P. Grant, The Law of the Internet, Ch. 7, Computer Crime
- Cases
Briggs v. State, 348 Md. 470, 704 A.2d 904 (Md. 1997)
United States v. Harris, 302 F.3d 72 (E.D.N.Y. 2002)
United States v. Sablan, 92 F.3d 865 (9th Cir. 1996)
United States v. LaMacchia, 871 F. Supp. 535 (D. Mass. 1994)
United States v. Lamb, 945 F. Supp. 441 (N.D.N.Y. 1996)
Computer Fraud & Abuse Act (Class 6)
- Class Slides
- Susan W. Brenner, Digital Security and Privacy Law, Ch. 15, Criminal Statutes
Read sections 1-3,7-8,18-20 - 18 U.S.C. § 1030
- Cases
U.S. v. Morris, 928 F.2d 504 (2d Cir. 1991)
U.S. v. Ivanov, 175 F. Supp. 2d 367 (D. Conn 2001)
U.S. v. Drew, 27 Fed. Appx. 164 (4th Cir. 2001)
U.S. v. Middleton, 35 F. Supp. 2d 1189 (N.D. Cal. 1999)
YourNetDating v. Mitchell, 88 F.Supp.2d 870 (N.D. Ill. 2000)
CyberPromotions, Inc. v. America Online, Inc., 948 F.Supp. 436 (E.D. Pa. 1996)
Edge v. Professional Claims Bur., Inc., 64 F.Supp.2d 115 (E.D.N.Y. 1999) - Council of Europe, Convention on Cybercrime, Eur. Treaty Series, No. 185 (September 23, 2001)
Fraud, Phishing & Spam (Class 7)
- Class Slides
- 15 U.S.C. § 7701 et seq
- 18 U.S.C. § 1037
- Susan W. Brenner, Digital Security and Privacy Law, Ch. 15, Criminal Statutes
Read sections 8,12-14,17.50,24.50
Government Access (Class 8)
- Class Slides
- Daniel Solove, "I've Got Nothing to Hide" and Other Misunderstandings of Privacy, 44 S.D.L.Rev. 745 (2007)
- Cases
U.S. v. Miller, 425 U.S. 435 (1976)
Smith v. Maryland, 442 U.S. 735 (1979)
U.S. v. Thompson, 936 F.2d 1249 (11th Cir. 1991)
U.S. v. Jacobson, 466 U.S. 109 (1984)
California v. Greenwood, 486 U.S. 35 (1988)
Kyllo v. U.S., 533 U.S. 27 (2001)
[ Back to top ]
Part III: Privacy
Privacy Law & Rights (Class 9)
- Class Slides
- Samuel D. Warren & Louis D. Brandeis, The Right to Privacy
- Daniel J. Solove, Conceptualizing Privacy
Privacy Concepts (Class 10)
Electronic Communications Privacy Act (Class 11)
- Class Slides
- Electronic Communications Privacy Act
- Quon v. Arch Wireless Operating Co., Inc., 529 F.3d 892 (9th Cir. 2008)
Data Protection Issues (Class 12)
- Paul M. Schwartz, Managing Global Data Privacy: Cross-Border Information Flows in a Networked Environment (August 2009)
- Martin Abrams, Boxing and Concepts of Harm 9 Privacy & Data Security L. J. 673 (September 2009)
HIPAA, Red Flags, and State Privacy Laws (Class 13)
- Class Slides
- Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191, 110 Stat. 1936 (August 21, 1996)
- Health Information Technology for Economic and Clinical Health Act, Pub. L. 111-5, 123 Stat. 226 (February 17, 2009)
- [HHS] Breach Notification for Unsecured Protected Health Information; Interim Final Rule, 74 Fed. Reg. 42740 (August 24, 2009)
- [FTC] Health Breach Notification Rule; Final Rule, 16 CFR Part 318, 74 Fed. Reg. 42962 (August 25, 2009)
- Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003; Final Rule, 72 Fed. Reg. 63718 (November 9, 2007)
- FTC Red Flag Rule, A How-to Guide for Business
- Massachusetts Personal Data Security Law: (1) 201 CMR 17.00; (2) FAQ for 201 CMR 17.00; (3) Checklist; and (4) Small Business Security Plan Template
[ Back to top ]
Part IV: International
European Union Data Protection Directive (Class 14)
- Class Slides
- Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal L. 281, 23/11/1995, p. 31-50.
[ Back to top ]