Cyber Security, Privacy and Protection of Sensitive Data
A.Y. 2023/2024
Learning objectives
The Course aims at providing students the following goals:
-a thorough knowledge of the topics discussed in the Course, both from a technical and legal point of view;
-the ability to critically address the issues and solve the computer-legal issues through the reworking of the concepts learned;
-strengthening the knowledge and the understanding of the technical language related to the subject;
-the ability to link the various topics in order to develop useful proposals for the solution of concrete situations, including through practical lessons carried out with the active participation of students.
-a thorough knowledge of the topics discussed in the Course, both from a technical and legal point of view;
-the ability to critically address the issues and solve the computer-legal issues through the reworking of the concepts learned;
-strengthening the knowledge and the understanding of the technical language related to the subject;
-the ability to link the various topics in order to develop useful proposals for the solution of concrete situations, including through practical lessons carried out with the active participation of students.
Expected learning outcomes
At the end of the course the student who has successfully achieved the aforementioned goals will have a thorough knowledge of the regulation of privacy and information security issues related with sensitive data, with the acquisition of a method of reasoning suitable to deal with more specific and complex computer law topics.
Lesson period: Second semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course can be attended as a single course.
Course syllabus and organization
Single session
Responsible
Lesson period
Second semester
Course syllabus
First lesson (2 hours): the birth and evolution of the idas of privacy and data protection.
Second lesson (2 hours): the European data protection: the General Data Protection Regulation (GDPR).
Third lesson (2 hours): the domestic regulation of the personal data processing: Legislative Decree 196/03 and Legislative Decree 101/18.
Fourth lesson (2 hours): the relevant definitions of GDPR.
Fifth lesson (2 hours): the subjects of the GDPR (Data Controller, Data Processor, Person in charge of processing, Data Subject).
Sixth lesson (2 hours): the Data Protection Officer.
Seventh lesson (2 hours): specific regulations for special categories of personal data.
Eighth lesson (2 hours): the DPA's General Authorization and relevant Opinions of the processing of special categories of personal data.
Ninth lesson (2 hours): the relevant Opinions and Guidelines of the European Data Protection Board on the processing of special categories of personal data.
Tenth lesson (2 hours): principles of information security.
Eleventh lesson (2 hours): information security and the GDPR: appropriate technical and organisational measures.
Twelfth lesson (2 hours): risk analisys and personal data processing.
Thirteenth lesson (2 hours): data breach and related duties.
Fourteenth lesson (2 hours): the drafting of a data protection policy.
Fifteenth lesson (2 hours): landmark cases on information security.
Sixteenth lesson (2 hours): security certifications.
Seventeenth lesson (2 hours): information security and computer crimes.
Eighteenth lesson (2 hours): the penalties provided by GDPR and domestic regulation.
Nineteenth lesson (2 hours): relevant jurisprudence on personal data protection.
Twentieth lesson (2 hours): security audit procedures.
Twenty-first lesson (2 hours): the Data Protection Impact Assessment.
Second lesson (2 hours): the European data protection: the General Data Protection Regulation (GDPR).
Third lesson (2 hours): the domestic regulation of the personal data processing: Legislative Decree 196/03 and Legislative Decree 101/18.
Fourth lesson (2 hours): the relevant definitions of GDPR.
Fifth lesson (2 hours): the subjects of the GDPR (Data Controller, Data Processor, Person in charge of processing, Data Subject).
Sixth lesson (2 hours): the Data Protection Officer.
Seventh lesson (2 hours): specific regulations for special categories of personal data.
Eighth lesson (2 hours): the DPA's General Authorization and relevant Opinions of the processing of special categories of personal data.
Ninth lesson (2 hours): the relevant Opinions and Guidelines of the European Data Protection Board on the processing of special categories of personal data.
Tenth lesson (2 hours): principles of information security.
Eleventh lesson (2 hours): information security and the GDPR: appropriate technical and organisational measures.
Twelfth lesson (2 hours): risk analisys and personal data processing.
Thirteenth lesson (2 hours): data breach and related duties.
Fourteenth lesson (2 hours): the drafting of a data protection policy.
Fifteenth lesson (2 hours): landmark cases on information security.
Sixteenth lesson (2 hours): security certifications.
Seventeenth lesson (2 hours): information security and computer crimes.
Eighteenth lesson (2 hours): the penalties provided by GDPR and domestic regulation.
Nineteenth lesson (2 hours): relevant jurisprudence on personal data protection.
Twentieth lesson (2 hours): security audit procedures.
Twenty-first lesson (2 hours): the Data Protection Impact Assessment.
Prerequisites for admission
Prerequisites According to didactic Regulation of the Course of Law are: Private law, Constitutional law.
Teaching methods
The Course aims to explain to the students the complexity of the processing of personal data, especially special categories of personal data (formerly identified as "sensitive data" before the enter into force of the General Data Protection Regulation), and of the information security, to improve considerably their legal-informatics expertise and allow independent evaluation procedures useful for the future professional context.
The teaching programme will be articulated in twenty-one classes of two hours each, with the following topics:
i) the birth and evolution of the ideas of privacy and data protection;
ii) the principles of information security;
iii) the General Data Protection Regulation (Regulation UE 2016/679);
iv) risk analisys and identification of appropriate security measures;
v) landmark cases related to information security and personal data processing;
vi) information security in specific sectors (banking, insurance, healthcare);
vii) the relevant decision of the Data Protection Authorities;
viii) the penalties related with the processing of personal data;
ix) the relevant Guidelines of the European Protection Board;
x) the Data Protection Officer as the professional in charge of helping the Data Controller in defining security policies and plans;
xi) the drafting of a security policy;
xii) the Data Protection Impact Assessment and security audit procedures;
xiii) Administrative, civil and criminal penalties.
The teaching programme will be articulated in twenty-one classes of two hours each, with the following topics:
i) the birth and evolution of the ideas of privacy and data protection;
ii) the principles of information security;
iii) the General Data Protection Regulation (Regulation UE 2016/679);
iv) risk analisys and identification of appropriate security measures;
v) landmark cases related to information security and personal data processing;
vi) information security in specific sectors (banking, insurance, healthcare);
vii) the relevant decision of the Data Protection Authorities;
viii) the penalties related with the processing of personal data;
ix) the relevant Guidelines of the European Protection Board;
x) the Data Protection Officer as the professional in charge of helping the Data Controller in defining security policies and plans;
xi) the drafting of a security policy;
xii) the Data Protection Impact Assessment and security audit procedures;
xiii) Administrative, civil and criminal penalties.
Teaching Resources
The textbook will be communicated later.
Assessment methods and Criteria
The exam is oral. The students who will attend all the classes will be allowed to do a final test.
Educational website(s)
Professor(s)
Reception:
The tutoring will be delivered on appointment to be scheduled by email.