This course examines the legal frameworks in place to protect consumer privacy and maintain necessary information security protections for privately owned and operated infrastructure, with a strong focus on regulatory and compliance issues. Taught collaboratively with the Schools of Law and Information Sciences, students will collaborate on projects simulating the types of problems both legal and technical professionals confront in actual practice. Some individual writing will be required, and a written paper option may be available for students in lieu of group projects with the consent of the Instructor. Topics covered will include the privacy and information security regulatory activity of the Federal Trade Commission, the Department of Health and Human Services, federal financial regulators, and other state and federal actors. A basic introduction to the concepts of cyberlaw, the Internet, and other information technologies will be provided, and other topics will include the data breach notification regime, the role of computer crime law in information security, and other exigent privacy and security policy topics.
In Spring 2017, together with Professor Justin ("Gus") Hurwitz of the University of Nebraska, I am teaching an updated version of this course which attempts to synthesize a great deal of what we've learned about the field of cybersecurity, how law and policy has responded to "cyber" issues, and related methods of thinking about cybersecurity problems into a thematic model. This approach parallels, and will use, the new textbook Professor Hurwitz and I are developing together with Professor Derek Bambauer of the University of Arizona.
An example syllabus from the earlier version of this course is available here.