Information Privacy Summer Courses

Global Privacy Law:

2 credits/ 8 CLEs (May 23 - 26, 2022)
Professor Gabe Maldoff


Course description:
Personal data is the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhanced data collection, storage and analysis. In this context, public and commercial interests strain against individual rights, with privacy law serving as the mediator. This course will place privacy within a social and legal context and will investigate the complex grid of legal structures and institutions that govern privacy at state, national, and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data.  

Cybersecurity Law

1 credit/ 6 CLEs (May 31 - June 1, 2022)
Professor Kirk Nahra


Course description:
This course will explore the key state, federal and international legal regimes addressing cybersecurity risks, including creating written information security plans, assigning risk contractually with business partners, and guiding companies through a data breach. It will provide students with a solid introduction to the role lawyers play in reducing risk prior to, during and after a cyber security incident.

Health Information Privacy

1 credit/ 4 CLEs (June 2 - June 3, 2022)
Professor Kirk Nahra


Course description:
Data is everywhere in the health care industry, and is being used by a broader range of entities for a broader range of purposes every day.  This phenomenon is present in virtually all industries (thanks to the principles of “big data,” artificial intelligence and the Internet of Things), but the health care industry presents the most evolved legal and regulatory structure for the privacy and security of personal data that exists.  Health care lawyers and compliance professionals must understand - and lawyers and compliance professionals for all other industries can learn from - the key principles surrounding the use and disclosure of personal data when providing virtually all aspects of legal advice to healthcare companies, including compliance, mergers and acquisitions, litigation and the full range of specific privacy and data security laws and regulations.

This course will explore the primary legal and policy principles surrounding the use and disclosure of personal data across the health care industry – the key privacy and security laws, regulations and principles that govern how the health care industry operates.  This analysis will serve as a baseline for consideration of all other privacy and data security laws around the country and around the world. This course will emphasize the primary privacy and information security principles set out in the Health Insurance Portability and Accountability Act (“HIPAA”) as a baseline framework for compliance, and will explore how these rules apply in theory and in practice.  We will discuss the best approaches for overall HIPAA compliance.  We also will explore emerging areas for privacy and information security, including new enforcement principles, issues related to security breaches and breach notification, the emergence of “non-HIPAA” data as a new challenge to the privacy and data security regulatory structure and the increasing complexity of overall health privacy because of the broad range of laws impacting health information.  We also will assess how these issues affect the business of health care, including a broad range of strategic and compliance issues affecting health care companies and others that use personal data.

The goal is to understand the key principles of the developing law in this area, but also to teach what a lawyer and compliance professional/privacy officer does on these issues and the need to combine legal knowledge with practical analysis and an understanding of business implications.  Class sessions will review and evaluate a broad range of regulations as an initial framework, coupled with specific examples of recent developments, compliance challenges and the ongoing evolution of the HIPAA privacy and data security rules.  In addition to this review of the HIPAA Privacy, Security, and Breach Notification Rules, this course will survey other potentially applicable laws that create compliance obligations for the health care industry, including state law (and the impact of preemption), and other relevant federal laws.   We also will examine new developments in health care privacy and data security, including the evolving principles governing healthcare research, the privacy and data security challenges arising from mobile applications and the emerging implications of “big data” principles on privacy rights and the health care industry.   We also will evaluate how best to revise health care privacy law in the future, in the context of a national privacy law or otherwise.

Privacy & Security Implications of Data Sharing

2 credits/ 3 CLEs (June 6-7 & 9-10, 2022)
Professor Rita Heimes


Course Description:
Enterprises share personal data of their customers and employees extensively – with cloud service providers, business partners, acquiring businesses, and so on. Anticipating this, comprehensive privacy laws (like the GDPR and the CCPA) place obligations on organizations to take steps to reduce the risks to data subjects when data is shared with other entities.

This course will explore the legal issues raised by data sharing. It will expose students to real-world situations and put them in the seat of the privacy lawyer whose client(s) plan to enter into data-sharing arrangements with other entities.  We will walk through vendor selection and risk assessment, negotiating the contract, preparing the data processing agreement, and using the correct international data transfer instrument.  Students will be exposed to and build their own tools for risk mitigation and legal compliance.

Grading will be based 60% on class participation (doing the exercises and contributing to discussion) and 40% on a final project. The final day of the class will be the annual conference, covering legal issues in cybersecurity, June 10, 2022, for which attendance is mandatory.

right body border
© Copyright 2017 Center for Law and Innovation | 246 Deering Avenue, Portland, ME 04102