Cyber security, privacy and protection of sensitive data

A.Y. 2020/2021
Overall hours
Learning objectives
The Course aims at providing students the following goals:
-a thorough knowledge of the topics discussed in the Course, both from a technical and legal point of view;
-the ability to critically address the issues and solve the computer-legal issues through the reworking of the concepts learned;
-strengthening the knowledge and the understanding of the technical language related to the subject;
-the ability to link the various topics in order to develop useful proposals for the solution of concrete situations, including through practical lessons carried out with the active participation of students.
Expected learning outcomes
At the end of the course the student who has successfully achieved the aforementioned goals will have a thorough knowledge of the regulation of privacy and information security issues related with sensitive data, with the acquisition of a method of reasoning suitable to deal with more specific and complex computer law topics.
Course syllabus and organization

Single session

Lesson period
Second semester
Teaching Methods
Classes will take place on Microsoft Teams in synchronous mode, at the established times, and will be recorded and available for consultation on the same platform and on the course's ARIEL site. Information on how to access classes on Microsoft Teams and other instructions about the Course will be uploaded to the course's ARIEL site, which is recommended to be consulted regularly.
If the health situation allows it, in compliance with current regulations, lessons can also be held in the classroom (mixed mode); in this case, students will be promptly informed and notified through the course ARIEL website.
In any case, lessons will be recorded and left available to students for the duration of the semester.

Program and reference material
The syllabus and reference materials for the course are unchanged.

Methods of verification of learning and evaluation criteria
The methods of verification of learning and the evaluation criteria will not change.
The exam will be oral on the Microsoft Teams platform. The students who take the class can do a multiple-choice test.
If the health situation allows it, compatibly with the availability of classrooms and the respect of the necessary security conditions, the exam will be held in the classroom.
However, the possibility of conducting the exam remotely will be ensured for students who are in the condition of not being able to move from their place of residence and / or domicile.
More precise indications and updates will be available on the Ariel website of the course, which should be consulted regularly.
Course syllabus
First lesson (2 hours): the birth and evolution of the idas of privacy and data protection.
Second lesson (2 hours): the European data protection: the General Data Protection Regulation (GDPR).
Third lesson (2 hours): the domestic regulation of the personal data processing: Legislative Decree 196/03 and Legislative Decree 101/18.
Fourth lesson (2 hours): the relevant definitions of GDPR.
Fifth lesson (2 hours): the subjects of the GDPR (Data Controller, Data Processor, Person in charge of processing, Data Subject).
Sixth lesson (2 hours): the Data Protection Officer.
Seventh lesson (2 hours): specific regulations for special categories of personal data.
Eighth lesson (2 hours): the DPA's General Authorization and relevant Opinions of the processing of special categories of personal data.
Ninth lesson (2 hours): the relevant Opinions and Guidelines of the European Data Protection Board on the processing of special categories of personal data.
Tenth lesson (2 hours): principles of information security.
Eleventh lesson (2 hours): information security and the GDPR: appropriate technical and organisational measures.
Twelfth lesson (2 hours): risk analisys and personal data processing.
Thirteenth lesson (2 hours): data breach and related duties.
Fourteenth lesson (2 hours): the drafting of a data protection policy.
Fifteenth lesson (2 hours): landmark cases on information security.
Sixteenth lesson (2 hours): security certifications.
Seventeenth lesson (2 hours): information security and computer crimes.
Eighteenth lesson (2 hours): the penalties provided by GDPR and domestic regulation.
Nineteenth lesson (2 hours): relevant jurisprudence on personal data protection.
Twentieth lesson (2 hours): security audit procedures.
Twenty-first lesson (2 hours): final test.
Prerequisites for admission
Prerequisites According to didactic Regulation of the Course of Law are: Private law, Constitutional law.
Teaching methods
The Course aims to explain to the students the complexity of the processing of personal data, especially sensitive data, and of the information security, to improve considerably their legal-informatics expertise and allow independent evaluation procedures useful for the future professional context.
The teaching programm will be articulated in twenty-one classes of two hours each, with the following topics:
i) the birth and evolution of the ideas of privacy and data protection;
ii) the principles of information security;
iii) the General Data Protection Regulation (Regulation UE 2016/679);
iv) risk analisys and identification of appropriate security measures;
v) landmark cases related to information security and personal data processing;
vi) information security in specific sectors (banking, insurance, healthcare);
vii) the relevant decision of the Data Protection Authorities;
viii) the penalties related with the processing of personal data;
ix) the relevant Guidelines of the European Protection Board;
x) the Data Protection Officer as the professional in charge of helping the Data Controller in defining security policies and plans;
xi) the drafting of a security policy;
xii) the Data Protection Impact Assessment and security audit procedures;
xiii) Administrative, civil and criminal penalties.
Teaching Resources
P. Perri, G. Ziccardi (Eds.), Tecnologia e diritto. Fondamenti d'informatica per il giurista, Volume II, Giuffrè, Milano, 2019.
Assessment methods and Criteria
The exam is oral. The students who take the class can do a multiple-choice test.
IUS/20 - PHILOSOPHY OF LAW - University credits: 6
Lessons: 42 hours
Professor: Perri Pierluigi
Due to the emergency situation, the tutoring will be delivered by Microsoft Teams on Monday from 2PM to 4PM (CET).