This course examines the legal frameworks in place to protect consumer privacy and maintain necessary information security protections for privately owned and operated infrastructure, with a strong focus on regulatory and compliance issues. Taught at the University of Pittsburgh collaboratively between the Schools of Law and Computing & Information, students will collaborate on projects simulating the types of problems both legal and technical professionals confront in actual practice. Some individual writing will be required, and a written paper option may be available for students in lieu of group projects with the consent of the Instructor. Topics covered will include the privacy and information security regulatory activity of the Federal Trade Commission, the Department of Health and Human Services, federal financial regulators, and other state and federal actors. A basic introduction to the concepts of cyberlaw, the Internet, and other information technologies will be provided, and other topics will include the data breach notification regime, the role of computer crime law in information security, and other exigent privacy and security policy topics.
In Spring 2020, I visited at the University of North Carolina. I taught Cybersecurity there, concurrently with Professor Charlotte Tschider (who was then visiting at the University of Nebraksa).
In Spring 2017, together with Professor Justin ("Gus") Hurwitz of the University of Nebraska, I taught an updated version of this course which attempts to synthesize a great deal of what we've learned about the field of cybersecurity, how law and policy has responded to "cyber" issues, and related methods of thinking about cybersecurity problems into a thematic model. This approach parallels, and will use, the new textbook Professor Hurwitz and I are developing together with Professor Derek Bambauer of the University of Arizona and Professor Charlotte Tschider of Loyola University Chicago School of Law.