Course Details

Data Security & Breach: Identification, Investigation, Notification, and Defense

This seminar will examine how corporate actors are required to respond and notify around a data breach incident. Students will explore the substantive and procedural requirements that arise from state and federal data breach notification laws, and the requirements placed on corporations to notify impacted individuals when there has been a breach of triggering information, as both of those terms are defined under the laws. Topics include determining the laws applicable to a particular corporate entity (Gramm-Leach-Bliley, HIPAA, state laws, etc.), deciding if an incident constitutes a breach where notice is legally required, practical considerations for investigating a breach within various types of corporate entities, steps required for providing legally-compliant notification, exposure and legal risks after notification, and considerations for providing notification even if not legally required to do so. Registration Requirement: None. Students are recommended (but not required) to take Privacy Management in the Collection and Use of Data. Evaluation Method: No final exam. The grade is based on in-class participation, an in-class presentation, and a series of short reaction papers. Class Materials: Thomas on Data Breach: A Practical Guide to Handling Data Breach Notifications Worldwide, 2015 ed. ISBN: 9780314634184

Catalog Number: REGLAW 960-0


Course History

Spring 2017
Title: Data Security & Breach: Identification, Investigation, Notification, and Defense
Faculty: Thomas, Liisa Marie
Section: 1     Credits: 1.5
Capacity: 24     Actual: 15

Spring 2016
Title: Data Security & Breach: Identification, Investigation, Notification, and Defense
Faculty: Thomas, Liisa Marie
Section: 1     Credits: 1.5
Capacity: 24     Actual: 7