Americans today are accustomed to seeing cybersecurity in the news. Indeed, data has become a prized commodity that’s transforming the way businesses and institutions operate. But information privacy is more than a headline – it’s a dynamic, high-growth field facing a severe shortage of trained professionals. That’s why Maine Law offers a series of summer courses on critical and current information privacy issues.

Existing attorneys can leverage the session to earn CLE credits or venture into a growing and dynamic new practice area; current J.D. candidates can develop a valuable specialty while still in school. Whether you’re deeply familiar with information privacy law or new to the subject, this summer session could change your career.

The 2018 Information Privacy Summer Institute was held May 29 – June 15. 

Course Offerings

In 2018, leading privacy scholars gathered at our 9th annual Information Privacy Summer Institute to discuss:

2 credits/ 12 CLEs
May 29 – June 1, 2018

Course description:

Personal data has become the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health, and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health, and education. Emerging technologies greatly enhance data collection, storage, and analysis. In this context, privacy laws strain to continue to protect individual rights. This course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national, and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. The course will include at least one day focused on practical applications of the European Union’s General Data Protection Regulation. The final grade will be based on class participation, attendance, and an exam. Includes special one-day GDPR Conference.

Professor Bio:

Rita Heimes is Research Director at the International Association of Privacy Professionals, where she also serves as the in-house Data Protection Officer. She is an attorney and academic with many years of experience in the fields of privacy, information security, and intellectual property law. In her role as Research Director at the IAPP, she helps to promote the privacy profession through empirical and qualitative research on privacy functions globally as well as through outreach to academic institutions developing the next generation of privacy and security professionals. As the DPO, Rita facilitates and oversees the IAPP’s data protection policies and practices.

Prior to joining the IAPP, Professor Heimes was a law professor and academic dean at the University of Maine School of Law, where she directed the Center for Law + Innovation and developed the nation’s first Privacy Pathways program and one of the first intellectual property clinics. She also spent many years in private practice with law firms in Seattle, Boulder, and Portland (Maine). She remains an active scholar, and still coordinates and teaches in the Information Privacy Summer Institute at Maine Law.

2 credit/12 CLEs
June 4-5 & 7-8, 2018

Course Description:

Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become the broadest and most influential regulating force on information privacy in the United States — more so than nearly any privacy statute or any common law tort. Yet this body of law is regularly overshadowed and remains opaque to many businesses dealing with personal information and even legal and technical professionals. This course will explore the FTC’s role in privacy and data security.

The goal of this class is to equip students with an advanced understanding of the FTC’s privacy jurisprudence and the potential obligations of companies who deal with personal information within the FTC’s jurisdiction. Grades will be based on class attendance, participation, and a final exam.

Professor Bio:

Woodrow Hartzog is a Professor of Law and Computer Science at Northeastern School of Law where he holds a joint appointment with the College of Computer and Information Science and teaches privacy and data protection issues. His recent work focuses on the complex problems that arise when personal information is collected by powerful new technologies, stored, and disclosed online.

Prior to joining Northeastern in 2017, Professor Hartzog was the Starnes Professor of Law at Samford University’s Cumberland School of Law. He has also served as a Visiting Professor at Notre Dame Law School and the University of Maine School of Law. Professor Hartzog previously worked as an attorney in private practice and as a trademark attorney for the United States Patent and Trademark Office. He also served as a clerk for the Electronic Privacy Information Center. He holds a Ph.D. in mass communication from the University of North Carolina at Chapel Hill, an LL.M. in intellectual property from the George Washington University Law School, and a J.D. from Samford University.

1 credit/5 CLEs & 1 Ethics CLE
June 11-14, 2018, 9:00 am – 12:00 pm

Course Description:

This course will cover the “how” of privacy lawyering, including professional responsibility challenges confronted by in-house privacy counsel serving roles like Chief Privacy Officer and Data Protection Officer. It will provide students with pragmatic guidance on topics such as privilege, conflicts of interest under the GDPR (General Data Protection Regulation), playing the dual role of privacy lawyer and business counsel, and working with outside counsel. The course will include tips and strategies for building a privacy program and implementing privacy by design concepts. Additionally, the course will delve into privacy lawyering from the outside counsel’s perspective, including topics such as law firms as vendors, their privacy/security obligations, engagement letters, and data protection agreements.

Professor Bio:

Virginia “Ginny” Lee 05 has worked in the high-tech industry for over twenty years. Currently, she is Head of Global Data Privacy and Director, Senior Corporate Counsel at ServiceNow. Prior to this, she was Director of Global Privacy at Starbucks where she established a global privacy program. She was also Sr. Attorney for Privacy/Security at Intel Corporation, responsible for providing legal guidance on privacy and security matters, especially as they relate to “Privacy By Design.” Prior to Intel, she was the Director of Platform and Product Privacy at Yahoo! where she was responsible for the policy direction of Yahoo!’s varied products and platforms. Professor Lee has worked on policy, regulatory and compliance issues for the Network Advertising Initiative, a self-regulatory association for the third-party advertising industry. She currently also serves on the IEEE P7002 Working Group on Data Privacy Process, and the IAPP Privacy Bar Section Advisory Board.

In addition to her legal experience, Professor Lee has held positions in engineering and product management and technical support. she holds a B.A. in Applied Mathematics from the University of Maine, a M.B.A. from the University of New Hampshire, and a J.D. from the University of Maine School of Law. She is also a Fellow of Information Privacy (FIP), Certified Information Privacy Professional (CIPP/US, /G, IT) and Manager (CIPM). She is admitted to practice in Maine, Washington, and Oregon and is a registered patent attorney.

1 credit/6 CLEs
June 11-12 and 14-15, 2018, 2:00-5:00 pm

Course Description:

External privacy counsels and in-house practitioners alike must be ready on day one to advise their clients on specialized forms of contracting – specifically, data processing agreements. The obligation for a company that will share personal data with third parties to document its instructions to such data processors or data controllers is by now well-established in data protection practice and in law, notably in the European Union’s General Data Protection Regulation. This course will serve as a practicum for students and professionals, aiming to assist them to understand, construct, draft, negotiate and ultimately execute various forms of data processing agreements from both a customer and a vendor perspective with confidence. After surveying the origins of these instruments and distinguishing them from confidentiality and non-disclosure agreements (NDAs), students will review the European statutory requirements for data protection clauses, including the specialized data processing agreements that can be used to support international data transfers to entities established in jurisdictions that lack legally-sufficient data protection frameworks of their own (such as the United States of America). Relying on diverse source material, including standard agreements promulgated by some of the world’s largest multinational Internet and cloud service providers, students will evaluate the content of the agreements topic by topic, and will explore challenges that arise in the negotiation of the details of such clauses between service providers and their clients, particularly in the context of a power imbalance between negotiating parties, with different levels of risk tolerance.

Professor Bio:

Justin B. Weiss ’06 is the Global Head of Data Privacy for the Naspers Group of companies, where he leads on diverse matters such as legal compliance, contracts and M&A reviews, policy standard setting, privacy trainings and counseling to corporate, product, engineering and public policy functions on matters of data protection, privacy and consumer trust. Prior to Naspers, Justin was Assistant General Counsel for Privacy & International Policy at Yahoo, representing the company before world governments, APEC, COE, OECD, the EU’s Article 29 Working Party and international trade associations on regulatory matters implicating data analytics, search, online and mobile advertising business models, cross-border data flows, comparative privacy law and accountability. He has served as an expert privacy advisor to the OECD’s Working Party on Information Security and Privacy in its 30-year review of the OECD Privacy Principles and has co-authored a paper on Privacy by Design and User-interfaces with the Information & Privacy Commissioner of Ontario, Canada. He currently also serves on the Executive Committee of the Board of Directors for International Association of Privacy Professionals, and on the Advisory Council of the Center for Democracy & Technology.

Professor Weiss holds a J.D. from the University of Maine School of Law.