Information Privacy Law (LAWS 5229)

Data is everywhere today, and is being used by a broader range of entities for a broader range of purposes every day. Lawyers for virtually every industry (and around the world) must understand the key principles surrounding the use and disclosure of personal data when providing virtually all aspects of legal advice to their clients, including overall compliance, business strategy, mergers and acquisitions, litigation and the full range of specific privacy and data security laws and regulations. This law applies to the biggest companies in the world, as well as an incredible array of start-up and technology companies.

This course will explore the primary legal and policy principles surrounding the use and disclosure of personal data, covering the key privacy and security laws, regulations and principles that govern how industry operates today in the United States and around the world. Day 1 will focus on general principles related to privacy and data security. We will explore the foundations of privacy law, focusing on Fair Information Privacy Principles. We will then proceed to the most recent history of privacy and security law in the United States, covering the key laws by industry sector (health care, financial services), specific practice (telemarketing, data from children), and the evolving law of data security. We will briefly review how these principles apply internationally as well.

Then, we will explore emerging areas for privacy and information security, including new enforcement principles, application of these principles to vendor relationships, issues related to security breaches and breach notification and key litigation issues. Day 2 will focus on the health care industry and the specific laws, regulations and principles addressing the privacy and security of health care information. This day will emphasize the primary privacy and information security principles set out in the Health Insurance Portability and Accountability Act ("HIPAA") as a baseline framework, and will explore how these rules apply in theory and in practice. We also will explore emerging areas for privacy and information security, including enforcement activities, other privacy and security laws impacting health care data beyond HIPAA, the law of health care research and related principles involving the "de-identification" of personal data, and the emergence of "non-HIPAA" data as a new challenge to the privacy and data security regulatory structure.

Class sessions will consist of a combination of lecture, discussion, hypotheticals, and real-life problems drawn from the instructor's experience in order to keep the class engaged. The goal for both days is to understand the key principles of the developing law in this area, but also to teach what a lawyer actually does on these issues and the need to combine legal knowledge with practical analysis and an understanding of business implications. We also will focus attention on critical policy issues related to this law, including a discussion of the emerging implications of "big data" principles on privacy rights and industry actions overall. Beyond learning the general principles of the law in this new and evolving area, we will focus on how to be an effective lawyer and provide useful advice to clients in this new and challenging area.

These study aids are available online.  Please click the hyperlinked title to view them. For instructions on how to use the specific platforms, including troubleshooting, please view Andy Dorchak's Study Aids Research Guide.