Cyber security, privacy and protection of sensitive data

A.Y. 2019/2020
6
Max ECTS
42
Overall hours
SSD
IUS/20
Language
Italian
Learning objectives
Il Corso ha lo scopo specifico di far conseguire agli studenti:
-una conoscenza approfondita degli argomenti oggetto del Corso, sia dal punto di vista tecnico, sia giuridico;
-la capacità di affrontare criticamente i temi e risolvere le questioni informatico-giuridiche attraverso la rielaborazione delle nozioni apprese;
-il rafforzamento del linguaggio tecnico e informatico attinente alla materia;
-la capacità di collegare i diversi argomenti al fine di elaborare proposte utili alla soluzione di fattispecie concrete, anche attraverso lezioni di taglio pratico svolte con la partecipazione attiva degli studenti.
Expected learning outcomes
Al termine del corso lo studente che abbia proficuamente appreso la materia avrà una conoscenza approfondita degli argomenti del corso, con l'acquisizione di un metodo di ragionamento idoneo ad affrontare temi informatico-giuridici più specifici e complessi rispetto alle nozioni istituzionali.
Course syllabus and organization

Single session

Responsible
Lesson period
Second semester
Course syllabus
First lesson (2 hours): the birth and evolution of the idas of privacy and data protection.
Second lesson (2 hours): the European data protection: the General Data Protection Regulation (GDPR).
Third lesson (2 hours): the domestic regulation of the personal data processing: Legislative Decree 196/03 and Legislative Decree 101/18.
Fourth lesson (2 hours): the relevant definitions of GDPR.
Fifth lesson (2 hours): the subjects of the GDPR (Data Controller, Data Processor, Person in charge of processing, Data Subject).
Sixth lesson (2 hours): the Data Protection Officer.
Seventh lesson (2 hours): specific regulations for special categories of personal data.
Eighth lesson (2 hours): the DPA's General Authorization and relevant Opinions of the processing of special categories of personal data.
Ninth lesson (2 hours): the relevant Opinions and Guidelines of the European Data Protection Board on the processing of special categories of personal data.
Tenth lesson (2 hours): principles of information security.
Eleventh lesson (2 hours): information security and the GDPR: appropriate technical and organisational measures.
Twelfth lesson (2 hours): risk analisys and personal data processing.
Thirteenth lesson (2 hours): data breach and related duties.
Fourteenth lesson (2 hours): the drafting of a data protection policy.
Fifteenth lesson (2 hours): landmark cases on information security.
Sixteenth lesson (2 hours): security certifications.
Seventeenth lesson (2 hours): information security and computer crimes.
Eighteenth lesson (2 hours): the penalties provided by GDPR and domestic regulation.
Nineteenth lesson (2 hours): relevant jurisprudence on personal data protection.
Twentieth lesson (2 hours): security audit procedures.
Twenty-first lesson (2 hours): final test.
Prerequisites for admission
Prerequisites According to didactic Regulation of the Course of Law: Private law, Constitutional law.
Teaching methods
The Course aims to explain to the students the complexity of the processing of personal data, especially sensitive data, and of the information security, to improve considerably their legal-informatics expertise and allow independent evaluation procedures useful for the future professional context.
The teaching programm will be articulated in twenty-one classes of two hours each, with the following topics:
i) the birth and evolution of the ideas of privacy and data protection;
ii) the principles of information security;
iii) the General Data Protection Regulation (Regulation UE 2016/679);
iv) risk analisys and identification of appropriate security measures;
v) landmark cases related to information security and personal data processing;
vi) information security in specific sectors (banking, insurance, healthcare);
vii) the relevant decision of the Data Protection Authorities;
viii) the penalties related with the processing of personal data;
ix) the relevant Guidelines of the European Protection Board;
x) the Data Protection Officer as the professional in charge of helping the Data Controller in defining security policies and plans;
xi) the drafting of a security policy;
xii) the Data Protection Impact Assessment and security audit procedures;
xiii) Administrative, civil and criminal penalties.
Teaching Resources
P. Perri, G. Ziccardi (Eds.), Tecnologia e diritto. Fondamenti d'informatica per il giurista, Volume II, Giuffrè, Milano, 2019.
Assessment methods and Criteria
The exam is oral. The students who take the class can do a multiple-choice test.
IUS/20 - PHILOSOPHY OF LAW - University credits: 6
Lessons: 42 hours
Professor: Perri Pierluigi
Professor(s)
Reception:
Due to the emergency situation, the tutoring will be delivered by Microsoft Teams on Monday from 2PM to 4PM (CET).