Integration of Privacy and Security

Course Composition and Objectives

Privacy is a growing concern in the United States and around the world. As information technologies increasingly expand the ability for organizations to store, process, and exploit personal data, privacy is at the center of discussion and controversy among multiple stakeholders including business leaders, privacy activists, and government regulators. Innovative technologies and infrastructures, from pervasive Internet to mobile computing, are being rapidly introduced and adopted in daily life; smart digital devices, from wireless laptops, personal digital assistants to cellular and smart phones, carry with them new possibilities of ubiquitous information access, and so for privacy invasions. Public opinion polls have repeatedly shown information privacy to be of utmost concern in diverse organizational and societal contexts and it is argued that information privacy continues to be eroded as a result of technology innovations.

This course responds to the call for the balance between ubiquitous information availability and protection of privacy. It presents a multidisciplinary examination of privacy in the information age. It explores such important concepts as how the threats to privacy evolving, how can privacy be protected and how society can balance the interests of individuals, businesses and government in ways that promote privacy reasonably and effectively? This course seeks to contribute to a better understanding of the many issues that play a part in privacy and contribute to the analysis of issues involving privacy, and provides a variety of tools and concepts with which debates over privacy can be more fruitfully engaged. It focuses on three major components affecting notions, perceptions and expectations of privacy: theoretical analysis, technological development and organizational approaches.

• Develop a multi-disciplinary understanding of information privacy
• Realize the importance of integrating privacy in the software development process
• Addresses the challenges involved in communicating with users about privacy as well as the challenges associated with development and deployment of privacy policy
• Identify and understand the key issues related to the management of privacy and security in organizations
• Identify privacy and security risks and control objectives in organizations
• Think critically: the ability to identify and summarize key issues of an event, draw conclusions and implications, and present them in a clear and concise manner.
• Instructors Choice: Instructors may choose topics and learning objectives that meet the spirit of the course as defined here. Instructors may choose to devote more time to the learning objectives listed above or to add additional, complimentary objectives. Supplementary material and objectives should not overlap with the defined content of other courses in the curriculum

Course Description

This course is designed to introduce students to the major organizational, technical, operational and regulatory issues in information privacy and security, and to give them experience in performing a privacy analysis, designing privacy-aware applications and developing privacy policy in organizations. Topics covered include: conceptualizations and theories of privacy and security, privacy laws and compliance, building a privacy organizational infrastructure, integrating privacy in the software development process, performing a privacy analysis, privacy issues in outsourcing and cross-border data transfers, integrating privacy into customer relationship management and vendor management, information systems audit and intentional standards on privacy and security. This course will mix technical details, applied value and organizational insights of assuring privacy and security through the use of case studies, real-life problems, hands-on exercises and team projects.