INFORMATION PRIVACY SUMMER INSTITUTE 2015
Global Privacy Law: 2 credits (May 18-21)
Professor Omer Tene
Personal data have become the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhanced data collection, storage and analysis. In this context, privacy laws strain to continue to protect individual rights. This course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national, and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. Students will be provided with the technological details needed to explore information security and management issues in domestic and international contexts. The final grade will be based on class attendance/participation and an exam.
Omer Tene is currently Vice President of Research and Education at the International Association of Privacy Professionals. Omer is also a tenured professor and vice dean of the Israeli College of Management School of Law. Omer is a world-renowned privacy scholar and a consultant to businesses, governments, and international organizations on various aspects of U.S., European and Israeli privacy, data protection and cybersecurity law. He is an affiliate scholar at the Stanford Center for Internet and Society and a senior fellow at the Future of Privacy Forum. He served as rapporteur to the OECD in its review of the 1980 Privacy Guidelines and headed the steering committee for the 32nd annual conference of privacy and data protection commissioners. Omer has a JD and LLM from New York University School of Law, and has been with the Information Privacy Summer Institute since its inception in 2012.
National Security + Privacy: 1 credit (May 26-27)
Professor Kenneth Mortensen
The terrorist attacks of September 11, 2001, began a wide-ranging debate over the extent to which individual privacy must give way to national security and foreign intelligence to provide the Nation with greater protection. This course will provide an examination of the legal authorities related to national security law and how the law provides for necessary protections for privacy and civil liberties.
As Global Risk Assurance Health Industries Privacy and Security Leader at Pricewaterhouse Coopers, Ken Mortensen helps lead the PwC US’s Cybersecurity, Privacy & IT Risk practice and serves as counselor advising PwC’s international legal teams on U.S. privacy and security laws and regulations and transborder data flow issues. Prior to joining PwC, Ken was Vice President, Assistant General Counsel and Chief Privacy Officer for CVS Caremark. Earlier in his career he served as the Associate Deputy Attorney General (Privacy & Civil Liberties) for the U.S. Department of Justice. Ken is a Certified Information Privacy Professional and a member of the board of directors of the International Association of Privacy Professionals. He has a BS in Electrical Engineering from Drexel, and MBA and JD degrees from Villanova University.
HIPAA Policy + Practice: 1 credit (May 28-29)
Professor Jon Stanley
Among the many federal laws governing information privacy and security, the Health Insurance Portability and Accountability Act (HIPAA), as amended by the HITECH Act, is one of the most challenging and detailed in its scope. Because it expressly applies not only to health care providers but also to entities offering information-related services to the health care industry, and to all companies who sponsored their own health insurance plans, many businesses must grapple with HIPPA’s regulatory guidelines. This course will expose students to interpreting the HIPAA regulations as well as to drafting and negotiating business associate agreements, and analyzing a situation for whether it constitutes a data “breach.” Through applying HIPAA to real-world problems, students will take a deep dive in to one area of privacy law and emerge better prepared for privacy practice. The final grade will be based on class participation and a written assignment.
Jon Stanley practices law in Maine, focusing on information security, as well as privacy, cybercrime, cyberspace insurance, and intellectual property issues. Because of his expertise in e-discovery and cyber liability, Jon has been a frequent speaker and presenter at major conferences, including numerous panels and the RSA Conference and the Computer Security Institute Conference. In recent years, Jon has developed an expertise in HIPAA compliance. Jon is a graduate of University of Maine Law School. He is also a graduate of the University of Strathclyde Law School, UK, where he was granted a Masters of Law in Information Technology and Telecommunications Law. His Masters Dissertation was on the United States Computer Fraud and Abuse Act.
International Privacy Law + Cross-Border Data Flows: 1 credit (June 1-2)
Professor Caitlin Fennessy
Today’s economy is dependent on businesses’ ability to use and transfer personal data around the world to facilitate global operations. At the same time, businesses must comply with an increasing number of foreign data protection laws. This course will provide an overview of those laws as well as evolving international privacy frameworks. Course participants will discuss the efforts of businesses and governments to develop mechanisms to facilitate cross-border data protection and trade and consider their effectiveness.
Privacy + the FTC: 1 credit (June 4-5)
Professor Marc Groman
The Federal Trade Commission has become the most influential regulator of privacy in the United States. Using its authority to police unfair and deceptive trade practices, the Commission started bringing complaints against companies that failed to follow their own privacy policies in the late 1990s. The FTC gradually expanded the scope of complaints under the FTC Act to include spyware & adware, data security, mobile apps, and representations outside of privacy policies. This is in addition to FTC enforcement under more specific privacy statutes and rules including the FCRA, GLBA, TSR, CAN-SPAM, and COPPA. Despite settling almost every complaint it has filed, the FTC’s privacy jurisprudence is closely followed by privacy professionals around the world.
This course will explore the FTC’s privacy jurisprudence. By reviewing complaints, settlement orders, reports, testimony, and other relevant sources, students will gain an understanding of the scope of the FTC’s authority and jurisdiction, the specific practices that the FTC considers unfair and deceptive, as well as the inside baseball view of an FTC privacy investigation and enforcement action. Students will also explore the policy considerations inherent in the FTC’s role as a de facto privacy regulator. Final grade will be based on class participation/attendance and an exam.
Marc Groman is President & CEO of the Network Advertising Initiative, a non-profit organization that is the leading self-regulatory association dedicated to responsible data collection and its use for digital advertising. Prior to leading the NAI, Marc served as the FTC’s first chief privacy officer, building an award-winning privacy program from the ground up. He also has served as counsel to the Energy and Commerce Committee in the US House of Representatives, where he drafted several bills relating to consumer privacy, data breach security and breach notification. Marc has a BA from Tufts University and a JD from Harvard University Law School. He is a Certified Information Privacy Professional and a member of the Board of Directors of the International Association of Privacy Professionals.
- Each class meets from 9-noon, 1-4 p.m daily. Class preparation and reading are expected outside of class.
- All 1-credit classes are pass/fail for Maine Law students. Students from other law schools requiring a grade for transfer of credit will receive a grade.
- Unless you are notified otherwise, all classes will be held in the Lee Conference Room of the Wishcamper Center on Bedford Street in Portland.
- The Certified Information Privacy Professionals exam will be offered at the IAPP in Portsmouth, NH, on Monday, June 8.