10151113
Data Privacy
Course Information
Description
Explores the technical, legal, and ethical dimensions of data protection. Key topics include privacy laws and regulations, data governance frameworks, and technical privacy-enhancing techniques. Emphasis is placed on strategies for safeguarding sensitive information and mitigating privacy risks in organizational settings.
Total Credits
3
Course Competencies
-
Explain the history and evolution of data privacyAssessment StrategiesEssayReflectionQuizCriteriaEssay is written in clear, academic writing styleEssay differentiates between privacy and information securityReflection includes specific ways privacy has evolved over time including historical and modern perspectives of privacyEssay cites actions/events that have prompted industry changes and/or regulations/laws
-
Demonstrate data steward practicesAssessment StrategiesProjectQuizCriteriaProject includes the purpose and scope of the different types of information security governance documentsProject includes the guiding principles and goals for an information security governance programProject identifies key roles and responsibilities in a RACI (Responsible, Accountable, Consulted, and Informed) matrixProject describes how decisions are made and escalatedProject explains how the information security governance program supports regulatory complianceProject outlines how governance effectiveness will be measured and reportedProject states the review frequency for the charter
-
Interpret privacy laws and landscapeAssessment StrategiesCase StudyProjectQuizCriteriaProject is written in clear, academic writing styleProject describes a real-world compliance failure or violation and what went wrongProject summarizes how the compliance failure or violation has shaped the privacy landscapeProject selects a privacy law to develop a privacy audit checklistProject identifies key requirements of the selected law and maps them to controls from privacy and security frameworksDraft an audit questionExplain what to look for in evidenceProject includes translation of legal requirements into audit question and checklist itemsProject explains the steps of a privacy audit
-
Apply breach response and notification processesAssessment StrategiesScenario ResponseWritten ProductQuizCriteriaWritten product includes classification of the event, investigation, risk assessment, and notification requirementsWritten product follows breach response process for given scenario, and details each stepWritten product contains a draft breach notification letter compliant with selected requirementsWritten product explains the breach response process, including incident response and breach notification
-
Employ privacy risk management processesAssessment StrategiesScenario ResponseProjectQuizCriteriaProject includes documenting the risk assessment process stepsProject includes asset identification, threat identification, determining risk level/rating, and recommended mitigating controlsProject includes a completed risk register for given scenario
-
Apply privacy supporting technologiesAssessment StrategiesScenario ResponseProjectWritten ProductQuizCriteriaProject follows each step of the risk assessment processProject includes classifying data by identifier typesProject includes demonstration of evaluating re-dentification risk using privacy enhancing methodsProject includes implementing and testing the recommended privacy enhancing technologiesWritten product includes rationale for recommendationsProject includes completed privacy risk assessments pre- and post-implementationProduct includes the dataset that was modified with privacy enhancing technologiesProduct includes executive briefing draft on scenario, risk assessments, privacy enhancing technologies utilized, and recommendations
-
Evaluate privacy concerns in emerging technologyAssessment StrategiesScenario ResponseProjectQuizCriteriaProject follows process for privacy impact assessment (PIA) of a new technologyProject describes the technology, data, and purpose of the scenario new technologyProject identifies potential impacts and privacy risksProject assesses the risk levels using a risk matrixProject includes recommended mitigation strategies for identified risksProject assesses transparency and user controls of the scenarioProject includes approval recommendation with rationaleScenario response includes key elements as specified by the instructorScenario response is effective
-
Explain ethical implications in data privacyAssessment StrategiesScenario ResponseReportQuizCriteriaReport includes a completed ethical impact assessment (EIA)Report includes a completed ethical matrix with selected privacy principlesProject identifies stakeholders and ethical impacts
-
Analyze Third-Party RisksAssessment StrategiesScenario ResponseReportEssayQuizCriteriaReport includes a third-party risk assessmentReport identifies and classifies the data involvedReport identifies third-party risksReport includes recommended risk-mitigating controlsReport includes risk ratings using a risk matrixEssay summarizes the monitoring and reporting stepEssay summarizes the remediation and response stepEssay summarizes the termination and exit procedures step
-
Apply Privacy by Design principlesAssessment StrategiesProjectWritten ProductQuizCriteriaProject includes a completed privacy impact assessment (PIA)Project includes identifying and rating privacy risksProject includes recommended Privacy Enhancing Technologies (PETs)Project identifies multiple training topics for given scenarioProject includes third-party evaluationsWritten product describes how recommendations support each of the seven foundational principles