Information Privacy Law
Charlotte A. Tschider
This course surveys the privacy law landscape with a primary focus on United States federal privacy laws from a commercial perspective. The course will introduce students to federal regulations in multiple sectors, as well as an introduction to international data protection and localization laws in Canada, EMEA, LATAM, and APAC regions. This course will also cover the operationalization of the privacy law landscape, including the creation of policies, privacy notices, disclosures, and other documentation and conducting privacy impact assessments.
Information Technology Systems and Security Controls
This course exposes participants to the fundamentals of information security. The course will cover a wide variety of foundational topics of information security; cyber security; application, data and operating system security; securing virtual environments; cloud and mobile security; network security; the Internet of Things; and staying safe on online. The course will also explore current cyber threats including phishing scams, zero day exploits, man-in-the-middle (MiTM) attacks, IP spoofing, malware and Trojan exploits, and physical security exploits. By the end of the course, participants will have an understanding of critical information security topics, and will be able to make strategic decisions and advise on issues and trends.
Information Security and Risk Management
Charlotte A. Tschider
This course will introduce participants to the tenets of information security and information privacy risk management, including information risk governance, metrics and management reporting; and common frameworks for identifying, treating, and managing risk. In particular, this course will describe security program, policy, and standard development; internal, external, vendor risk assessments; and the function of external certifications. Additionally, this course will address proactive security design and testing techniques to reduce downstream risk; security contract negotiations to reduce the potential for future liability; and standard operational processes businesses need to effectively manage ongoing risk.
Incident Management and Response
This practical course guides participants through the steps necessary to develop an incident response plan to enable a company to minimize loss and speed recovery after a data breach or network intrusion. Specific topics include establishing proactive relationships before an attack occurs, tailoring a response plan to evolving and emerging threats, and understanding the protections afforded by attorney-client privilege. Participants will also have an opportunity to role-play crisis response scenarios with cyber risk experts.
Data Breach Liability and Cybercrimes
Emily E. Duke and Jerrod Montoya
This course examines the potential liability and reporting requirements of a company following a data breach, including class actions, shareholder derivative lawsuits, and government imposed sanctions. It explores damage to corporate reputation, customer trust, and loss of sales. It also covers computer crimes, law enforcement’s role in cyber attacks, and threats to national security. Course materials are drawn from recent high-profile cases.