The seventh annual summer institute in privacy and information security law from 
May 16 – June 3, 2016


Course Offerings:


Global Privacy Law - Professor Omer Tene
May 16 – 19, 2016
2 credits (graded)

Course description:

Personal data has become the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhance data collection, storage and analysis. In this context, privacy laws strain to continue to protect individual rights. This course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. Students will be provided with the technological details needed to explore information security and management issues in domestic and international contexts. The final grade will be based on class participation, attendance and an exam.

Cross-Border Data Flows - Professor Caitlin Fennessy
May 23 – 24, 2016
1 credit (pass/fail)/12 CLEs
*Note this course takes place at the IAPP in Portsmouth, New Hampshire

Course description:

Today’s economy is dependent on businesses’ ability to use and transfer personal data around the world to facilitate global operations. At the same time, businesses must comply with a myriad of foreign data protection laws and increasingly face legal challenges to their ability to move data. This course will provide an overview of foreign data protection laws as well as evolving international privacy landscape. Course participants will discuss how businesses and governments are working to develop mechanisms to facilitate compliance, cross-border data protection and trade and consider their effectiveness.

Health Care Privacy & Security - Professor Kirk Nahra
May 25 – 26, 2016
1 credit (pass/fail)/12 CLEs

Course description:

One of the most heavily regulated areas of information privacy law is in the health care industry, where privacy and data security issues are of paramount importance. This course explores the key data privacy and security issues facing health care enterprises and their vendors (and the broad variety of other entities that use and disclose health care information), including compliance with HIPAA and a broad variety of other state and federal privacy and data security laws applicable to healthcare data and the healthcare industry. We will discuss how health care privacy and data security law is evolving, what the key policy issues are for this debate and will provide practical advice on evaluating and applying law, regulations and best practices to the creation, use and disclosure of health care data.

Cybersecurity & Privacy Law, Incident Response, and Data Breach - Professor Ken Mortensen
May 31 – June 1, 2016
1 credit (pass/fail)/12 CLEs

Course description:

A major component of an effective information privacy regime is sound information security. Privacy attorneys today need to be well versed in the technology, processes, and governance regimes used to protect information from leakage, unauthorized disclosure, and cyber attack. This course will introduce students to the vocabulary, concepts and strategies for developing an information security regime, including creating incident response plans and other key tools. It will elaborate on the role of forensics in cyber security and guide students through their duties, and legal and ethical obligations, as outside (or in house) counsel managing a data breach. Finally, the course will address the role of law enforcement in post-breach investigations and help students think about how to work on multi-disciplinary teams to manage an information privacy (and security) crisis.

Privacy in the Workplace - Professor Heather Egan Sussman
June 2- 3, 2016
1 credit (pass/fail)/12 CLEs

Course description:

This course explores the extent to which employees have a right to privacy in the workplace. It covers an employer’s legal obligations from recruiting, to hiring, terminating and post-termination. What rights to employers have to monitor employees’ email, phone calls, social media use, and even presence in the office? What obligations do counsel have to train employees on privacy as a component of the employees’ jobs? How can employment lawyers help other privacy and security teams with data minimization, authorization and confidentiality systems? How far may employers go in disclosing employee information to government investigations? What is the role of international data protection laws on employee privacy? These and many more issues will be discussed in a pragmatic approach to how lawyers manage privacy in the

Professor Bios:

Prof. Tene is Vice President of Research and Education at the IAPP, administering the IAPP Westin Research Center and Fellowship Program. His long career in history and academia includes serving as a tenured member of the faculty at the College of Management School of Law,Tel Aviv, Israel, where he was also the Vice Dean. He maintains an active privacy practice and scholarship agenda as a consultant to governments, regulatory agencies and businesses on privacy, cybersecurity and data management, an Affiliate Scholar at the Stanford Center for Internet and Society; and a Senior Fellow at the Future of Privacy Forum. Prof. Tene has been teaching in the Information Privacy Summer Institute each year since its inception.

Prof. Fennessy is a senior policy advisor with the Data Flows and Privacy Team at the U.S. International Trade Administration (ITA), where she focuses on privacy policy and transborder data flow issues as they impact trade. Prof. Fennessy leads ITA’s work on European privacy issues, with a focus on the U.S.-EU Safe Harbor Framework, and represents ITA as Vice Chair of the APEC Data Privacy Subgroup. Prof. Fennessy has spoken widely on issues of transborder data flows, including teaching a course with the Information Privacy Summer Institute at Maine Law in 2015. Prior to joining ITA, Caitlin worked in the National Security Division of the Office of Management and Budget and with the U.S. Senate Foreign Relations Committee. Caitlin has a master’s degree in public affairs from Princeton University and a bachelor’s degree in social policy from Northwestern University.

Prof. Mortensen is Senior Managing Director of Privacy at PwC in its Boston office where clients appreciate his deep expertise in knowledge governance, cyber resilience, privacy, and information security risk management. Prof. Mortensen has been a long-time adjunct professor at Maine Law including teaching in the Information Privacy Summer Institute for many years. He also has served as an adjunct professor at Boston University School of Law. Prior to joining PwC, Prof. Mortensen served as the first Chief Privacy Officer for CVS Health, a Fortune 12 healthcare company, where he was also Assistant General Counsel. Prof. Mortensen’s career has involved several years of public service, including as the Chief Privacy and Civil Liberties Officer of the US Department of Justice, as Deputy Chief Privacy Officer for the US Department of Homeland Security, and as Special Counsel for Cyber and Privacy for the Pennsylvania Office of the Attorney General. He is a long-time member of the International Association of Privacy Professional, where he also served on the Board of Directors.

Prof. Egan Sussman is a privacy and data security partner based in Ropes & Gray’s Boston office. Her practice focuses on privacy, information security, and consumer protection. She routinely guides clients through the existing patchwork of US federal and state privacy laws, state breach notification laws, state information security laws, as well as existing self-regulatory frameworks, including those covering online advertising and payment card processing. She draws on her foundation as an employment lawyer when conducting internal investigations stemming from data incidents and when drafting comprehensive privacy and security programs for businesses operating across multiple jurisdictions and industry lines. She is a member of the International Association of Privacy Professionals and co-chair of the IAPP’s Boston KnowledgeNet group.

Prof. Nahra is a partner at Wiley Rein in Washington, DC, where he specializes in privacy and information security litigation and counseling, along with a variety of health care, insurance fraud, and compliance issues. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. He also works with insurers and health care industry participants in developing compliance programs and defending against government investigations into their practices. A long-time member of the Board of Directors of the International Association of Privacy Professionals (IAPP), he is the editor ofThe Privacy Advisor, the monthly newsletter of the IAPP. He was named as the Co-Chair of the Confidentiality, Privacy, and Security Workgroup, a panel of government and private sector privacy and security experts advising the American Health Information Community (AHIC) on privacy and security issues arising from health information technology.