2017 Summer Institute in Privacy and Information Security Law

The eighth annual summer institute in privacy and information security law from 
May 22 – June 8, 2017.

Global Privacy Law:

2 credits/ 12 CLEs (May 22-25, 2017)
Professor Omer Tene

Course description:
Personal data has become the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhance data collection, storage and analysis. In this context, privacy laws strain to continue to protect individual rights. This course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. Students will be provided with the technological details needed to explore information security and management issues in domestic and international contexts. The final grade will be based on class participation, attendance and an exam.

Privacy in the Workplace

1 credit/ 6 CLEs (May 30-31, 2017)
Professor Heather Egan Sussman

Course description:
This course explores the extent to which employees have a right to privacy in the workplace. It covers an employer’s legal obligations from recruiting, to hiring, terminating and post-termination. What rights to employers have to monitor employees’ email, phone calls, social media use, and even presence in the office? What obligations do counsel have to train employees on privacy as a component of the employees’ jobs? How can employment lawyers help other privacy and security teams with data minimization, authorization and confidentiality systems? How far may employers go in disclosing employee information to government investigations? What is the role of international data protection laws on employee privacy? These and many more issues will be discussed in a pragmatic approach to how lawyers manage privacy in the workplace.

Health Care Privacy & Security

1 credit/ 6 CLEs (June 1-2, 2017)
Professor Kirk Nahra

Course description:
One of the most heavily regulated areas of information privacy law is in the health care industry, where privacy and data security issues are of paramount importance. This course explores the key data privacy and security issues facing health care enterprises and their vendors (and the broad variety of other entities that use and disclose health care information), including compliance with HIPAA and a broad variety of other state and federal privacy and data security laws applicable to healthcare data and the healthcare industry. We will discuss how health care privacy and data security law is evolving, what the key policy issues are for this debate and will provide practical advice on evaluating and applying law, regulations and best practices to the creation, use and disclosure of health care data.

Big Data Law & Policy

2 credits/ 12 CLEs (June 5-8, 2017)
Professor Dennis Hirsch

Course Description:
Big data analytics is becoming integral to American society.  Businesses use it to become more productive, schools to provide personalized education, health care providers to tailor treatments, and law enforcement agencies to predict crime, to name but a few of its many uses.  But along with these benefits come risks.  Big data analytics can invade privacy, perpetuate bias and undermine transparency and fairness.  Federal and state lawmakers are currently developing laws and policies to enhance big data’s benefits while reducing its risks.

Businesses and other organizations seeking to navigate this new data reality, and the lawyers that advise them, need to understand what big data is, the benefits and risks that it creates and the evolving legal structure that governs it.  This four-day course on Big Data Law and Policy will build that competency.  Day 1 will introduce big data analytics, its benefits and its risks. Day 2 will examine both the existing laws that govern big data analytics (e.g. the Fair Credit Reporting Act, the Fair Information Practice Principles, federal anti-discrimination laws, the Privacy Act, the Fourth Amendment, and others), and the gaps in those laws. Day 3 will explore how law and policy are evolving to address the challenges and opportunities that big data analytics presents. Day 4 will bring the prior days’ learning together into a coherent framework that students will apply to a realistic big data analytics use case.  Students will leave the course with a working understanding of what big data analytics is, the laws and policies that govern it, and how this legal structure is likely to evolve in the future.

The course is relevant to those who work in businesses, government bodies or other organizations that employ big data analytics, and to the attorneys and other counselors that advise them.  It will employ lecture, discussion and skills-building exercises in the classroom.  It will assign popular and academic articles, white papers, and primary source legal and policy documents as outside readings.  It will evaluate students based on class participation and an in-class examination that will test the basic concepts articulated in the classroom and in the readings.