Americans today are accustomed to seeing cybersecurity in the news. Indeed, data has become a prized commodity that’s transforming the way businesses and institutions operate. But information privacy is more than a headline – it’s a dynamic, high-growth field facing a severe shortage of trained professionals. That’s why Maine Law offers a series of summer courses on critical and current information privacy issues.
Existing attorneys can leverage the session to earn CLE credits or venture into a growing and dynamic new practice area; current J.D. candidates can develop a valuable specialty while still in school. Whether you’re deeply familiar with information privacy law or new to the subject, this summer session could change your career.
2019 Information Privacy Summer Institute
The Center for Law + Innovation will host the tenth annual Information Privacy Summer Institute from May 28 – June 14, 2019. Additional information, including how to register, will be available soon.
In 2019, leading privacy scholars will gather at our 10th annual Information Privacy Summer Institute to discuss:
May 28 – 31, 2019
Personal data has become the raw material for business models in industries ranging from online advertising, social networking, cloud computing, health and financial services. Governments, too, rely on personal data for purposes such as national security and law enforcement, urban planning and traffic control, public health and education. Emerging technologies greatly enhance data collection, storage and analysis. In this context, privacy laws strain to continue to protect individual rights. This course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation, with an emphasis on the global nature of data. Students will be provided with the technological details needed to explore information security and management issues in domestic and international contexts. The final grade will be based on class participation, attendance and an exam.
Professor Gabe Maldoff
June 4-5, 2019
One of the most heavily regulated areas of information privacy law is in the health care industry, where privacy and data security issues are of paramount importance. This course explores the key data privacy and security issues facing health care enterprises and their vendors (and the broad variety of other entities that use and disclose health care information), including compliance with HIPAA and a broad variety of other state and federal privacy and data security laws applicable to healthcare data and the healthcare industry. We will discuss how health care privacy and data security law is evolving, what the key policy issues are for this debate and will provide practical advice on evaluating and applying law, regulations and best practices to the creation, use and disclosure of health care data.
Professor Kirk Nahra is a partner at Wiley Rein in Washington, DC, where he specializes in privacy and information security litigation and counseling, along with a variety of health care, insurance fraud, and compliance issues. He assists companies in a wide range of industries in analyzing and implementing the requirements of privacy and security laws across the country and internationally. He also works with insurers and health care industry participants in developing compliance programs and defending against government investigations into their practices. A long-time member of the Board of Directors of the International Association of Privacy Professionals (IAPP), he is the editor ofThe Privacy Advisor, the monthly newsletter of the IAPP. He was named as the Co-Chair of the Confidentiality, Privacy, and Security Workgroup, a panel of government and private sector privacy and security experts advising the American Health Information Community (AHIC) on privacy and security issues arising from health information technology.
June 6-7, 2019
Privacy law often focuses on federal statutes and law enforcement, but businesses and practitioners must also comply with numerous state privacy laws like the Student Online Privacy Protection Act (SOPIPA), the Illinois Biometric Information Privacy Act (BIPA), and Vermont’s Data Broker Registry. There are also the security breach notice acts, which vary from state to state. State Attorneys General often enforce where the Federal Trade Commission declines to, and facing a state enforcement action can be different than a federal action. This course will provide a survey of state privacy laws; explain the intersection between privacy & data security and Unfair and Deceptive Acts and Practices (UDAP) laws like state Consumer Protection Acts and Section 5 of the FTC Act; and discuss how state enforcement actions work.
Ryan Kriger (CIPP/US) is an Assistant Attorney General in the Vermont Office of the Attorney General’s Public Protection Division. He handles antitrust and consumer protection issues with a focus on technology and data security. Mr. Kriger has investigated several local and national security breaches, led multistate investigations, and frequently testifies before the state legislature on issues involving privacy, competition and consumer protection. He worked extensively on Vermont’s Data Broker Regulation laws.
Mr. Kriger has also worked on telecomm issues and patent trolling, among other areas. He is a lecturer on consumer protection law & policy and privacy issues at the University of Vermont and is on the Vermont Governor’s Cybersecurity Advisory Team and the Board of Advisors for the University of Vermont’s Center for Computer Security and Privacy.
Prior to joining the Attorney General’s Office, Mr. Kriger practiced for several years in New York City, working for both corporate defense firms and class action plaintiffs’ firms and focusing on antitrust complex litigation and commercial litigation, as well as electronic discovery and legal ethics.
June 11-14, 2019
This course will focus on how new technologies have historically created privacy challenges, and how the law has attempted to respond. It will include a discussion of the latest issues in blockchain, AI, machine learning, big data, and legal and ethical issues associated with these developments. Students will study how regulation has had an impact on privacy, and whether new regulations – proposed or adopted – are appropriate to the task. This year we will use the financial services industry, and fintech sector in particular, as a framework for exploring these issues.
Rita Heimes is Research Director at the International Association of Privacy Professionals, where she also serves as the in-house Data Protection Officer. She is an attorney and academic with many years of experience in the fields of privacy, information security, and intellectual property law. In her role as Research Director at the IAPP, she helps to promote the privacy profession through empirical and qualitative research on privacy functions globally as well as through outreach to academic institutions developing the next generation of privacy and security professionals. As the DPO, Rita facilitates and oversees the IAPP’s data protection policies and practices.
Prior to joining the IAPP, Professor Heimes was a law professor and academic dean at the University of Maine School of Law, where she directed the Center for Law + Innovation and developed the nation’s first Privacy Pathways program and one of the first intellectual property clinics. She also spent many years in private practice with law firms in Seattle, Boulder, and Portland (Maine). She remains an active scholar, and still coordinates and teaches in the Information Privacy Summer Institute at Maine Law.