Course Details

Data Security Regulation: Data Breaches and Beyond

This seminar will examine how corporate actors are required to respond and notify around a data breach incident. Students will explore the substantive and procedural requirements that arise from state and federal data breach notification laws, and the requirements placed on corporations to notify impacted individuals when there has been a breach of triggering information, as both of those terms are defined under the laws. Topics include determining the laws applicable to a particular corporate entity (Gramm-Leach-Bliley, HIPAA, state laws, etc.), deciding if an incident constitutes a breach where notice is legally required, practical considerations for investigating a breach within various types of corporate entities, steps required for providing legally-compliant notification, exposure and legal risks after notification, and considerations for providing notification even if not legally required to do so. Registration Requirement: None. Students are recommended (but not required) to take Privacy Management in the Collection and Use of Data. Evaluation Method: No final exam. The grade is based on in-class participation, an in-class presentation, and a series of short reaction papers. Class Materials: Thomas on Data Breach: A Practical Guide to Handling Data Breach Notifications Worldwide, 2015 ed. ISBN: 9780314634184

Catalog Number: REGLAW 960-0

Additional Course Information: MSL students only


Course History

Spring 2024
Title: Data Security Regulation: Data Breaches and Beyond
Faculty: Thomas, Liisa M.
Dearman, Cara Elizabeth
Section: 1ON     Credits: 1.5
Capacity: 50     Actual: 16

Spring 2023
Title: Data Security Regulations: Data Breaches and Beyond
Faculty: Thomas, Liisa M.
Dearman, Cara Elizabeth
Section: 1     Credits: 1.5
Capacity: 24     Actual: 8

Spring 2022
Title: Data Security Regulations: Data Breaches and Beyond
Faculty: Thomas, Liisa M.
Dearman, Cara Elizabeth
Section: 1     Credits: 1.5
Capacity: 25     Actual: 14