David Thaw

University of Pittsburgh | 3900 Forbes Avenue, Pittsburgh, PA 15260 | dbthaw@gmail.com


Cybersecurity (formerly Cybersecurity and Privacy Law Seminar)


This course examines the legal frameworks in place to protect consumer privacy and maintain necessary information security protections for privately owned and operated infrastructure, with a strong focus on regulatory and compliance issues. Taught at the University of Pittsburgh collaboratively between the Schools of Law and Computing & Information, students will collaborate on projects simulating the types of problems both legal and technical professionals confront in actual practice. Some individual writing will be required, and a written paper option may be available for students in lieu of group projects with the consent of the Instructor. Topics covered will include the privacy and information security regulatory activity of the Federal Trade Commission, the Department of Health and Human Services, federal financial regulators, and other state and federal actors. A basic introduction to the concepts of cyberlaw, the Internet, and other information technologies will be provided, and other topics will include the data breach notification regime, the role of computer crime law in information security, and other exigent privacy and security policy topics.

Spring 2020

In Spring 2020, I am visiting at the University of North Carolina. I will be teaching Cybersecurity there, concurrently with Professor Charlotte Tschider (who is visiting at the University of Nebraksa).

  • The Spring 2020 version of the textbook will be available online to students via Google Drive (sign-in is *not* required)
  • Spring 2020 Syllabus (as of: 12/30/2019)
Although the courses are separate, we will be using the same materials and (time permitting) may make arrangements for students to interact via videoconference for that portion of the teaching period which overlaps on Tuesdays.

Previous Semesters

In Spring 2017, together with Professor Justin ("Gus") Hurwitz of the University of Nebraska, I taught an updated version of this course which attempts to synthesize a great deal of what we've learned about the field of cybersecurity, how law and policy has responded to "cyber" issues, and related methods of thinking about cybersecurity problems into a thematic model. This approach parallels, and will use, the new textbook Professor Hurwitz and I are developing together with Professor Derek Bambauer of the University of Arizona and Professor Charlotte Tschider of Loyola University Chicago School of Law (effective Fall 2021).

An example syllabus from the earlier version of this course is available here.