Processing of Sensitive Data
A.Y. 2018/2019
Learning objectives
The main objective of the course is to provide basic legal instruments to the expert of information technology security who will need, in relation to the performance of his profession, to treat sensitive data. The course will focus on the processing of sensitive data in its wider variations. During the lectures, students will be made available of lecture notes bearing the main applicable regulations, draft of agreements releted to critical services and corporate policies regarding the use of IT tools.
The course will be held only on Friday to allow the presence also working students.
It's recommended to attend the course's lesson in order to pass the final exam.
The course will be held only on Friday to allow the presence also working students.
It's recommended to attend the course's lesson in order to pass the final exam.
Expected learning outcomes
At the end of the course students will have a knowledge of the main regulations in terms of confidentiality and privacy, in an Italian and European context. Students will also acquire basics on the rights of the new technologies, which will be useful in their professional careers.
The setting of the course is highly practical and vocational.
The setting of the course is highly practical and vocational.
Lesson period: First semester
Assessment methods: Esame
Assessment result: voto verbalizzato in trentesimi
Single course
This course cannot be attended as a single course. Please check our list of single courses to find the ones available for enrolment.
Course syllabus and organization
Single session
Lesson period
First semester
Course syllabus
Friday. 14:00-18:00
Schedule of lessons
Lesson 1
Date: 29 September 2018
Presentation of the course. The evolution of privacy from the "golden age" right in the United States a fundamental right of the individual in the European legal tradition. Introduction to GDPR.
Lesson 2
Date: October 5th 2018
Protect personal data and understand its processing- Recitals of EU Regulation no. 2016/679 (GDPR) - "Sensitive" data and particular categories of data.
Lesson 3
Date: October 12, 2018
The rights and principles applicable to the processing of personal data. The guidelines of the WP Art. 29 for its application. Measures, guidelines, prescriptions and best practices adopted by the
Garane Privacy for the processing of genetic, biometric and health data.
Lesson 4
Date: October 19, 2018
Data processing in the public and private sector. Privacy and implications related to remote control of employees. Measures, guidelines and provisions concerning video surveillance, geolocation and use of e-mail and internet.
Lesson 5
Date: October 26, 2018
Roles and responsibilities of the subjects involved in the data processing: Data Controllers, Joint Data Controllers, Data Protection Officers, Data Processor, System Administrators. Examples of Data Governance.
Lesson 6
date: November 9th 2018
Risk analysis and privacy impact assessment. Technical and organizational measures envisaged by the GDPR. Cybersecurity in standards and international best practices.
Lesson 7
Date: November 16, 2018
Violations of personal data (data breach). Iillustration of the most significant cases with particular reference to data breaches of "sensitive data". How to prepare for incident management and relations with digital forensics activities.
Lesson 8
Date: November 23, 2018
Information and consent. The Code regarding the protection of personal data (Legislative Decree 30 June 2003, n. 196) harmonized with the community legislation with the recent Legislative Decree 10 August 2018, n. 101. Lesson 9
Date: November 30, 2018
Data on the "clouds". Legal aspects of cloud computing in healthcare (in collaboration with Avv.Valerio Vertua)
Lesson 10
Date: 7 November 2018
The sanctioning aspects of the GDPR and of the Privacy Code - Company policy on the date related protection and information security with particular reference to data processing "Sensitive" and confidential information.
Lesson 11
Date: December 14, 2018
Examples of document compliance for the provision of public and private organizations operating in the health and pharmaceutical sectors.
Lesson 12
Date: December 21, 2018
IT contracts - Introduction to copyright - Processing related to marketing and online reputation (in collaboration with Avv. Simone Bonavita).
Schedule of lessons
Lesson 1
Date: 29 September 2018
Presentation of the course. The evolution of privacy from the "golden age" right in the United States a fundamental right of the individual in the European legal tradition. Introduction to GDPR.
Lesson 2
Date: October 5th 2018
Protect personal data and understand its processing- Recitals of EU Regulation no. 2016/679 (GDPR) - "Sensitive" data and particular categories of data.
Lesson 3
Date: October 12, 2018
The rights and principles applicable to the processing of personal data. The guidelines of the WP Art. 29 for its application. Measures, guidelines, prescriptions and best practices adopted by the
Garane Privacy for the processing of genetic, biometric and health data.
Lesson 4
Date: October 19, 2018
Data processing in the public and private sector. Privacy and implications related to remote control of employees. Measures, guidelines and provisions concerning video surveillance, geolocation and use of e-mail and internet.
Lesson 5
Date: October 26, 2018
Roles and responsibilities of the subjects involved in the data processing: Data Controllers, Joint Data Controllers, Data Protection Officers, Data Processor, System Administrators. Examples of Data Governance.
Lesson 6
date: November 9th 2018
Risk analysis and privacy impact assessment. Technical and organizational measures envisaged by the GDPR. Cybersecurity in standards and international best practices.
Lesson 7
Date: November 16, 2018
Violations of personal data (data breach). Iillustration of the most significant cases with particular reference to data breaches of "sensitive data". How to prepare for incident management and relations with digital forensics activities.
Lesson 8
Date: November 23, 2018
Information and consent. The Code regarding the protection of personal data (Legislative Decree 30 June 2003, n. 196) harmonized with the community legislation with the recent Legislative Decree 10 August 2018, n. 101. Lesson 9
Date: November 30, 2018
Data on the "clouds". Legal aspects of cloud computing in healthcare (in collaboration with Avv.Valerio Vertua)
Lesson 10
Date: 7 November 2018
The sanctioning aspects of the GDPR and of the Privacy Code - Company policy on the date related protection and information security with particular reference to data processing "Sensitive" and confidential information.
Lesson 11
Date: December 14, 2018
Examples of document compliance for the provision of public and private organizations operating in the health and pharmaceutical sectors.
Lesson 12
Date: December 21, 2018
IT contracts - Introduction to copyright - Processing related to marketing and online reputation (in collaboration with Avv. Simone Bonavita).
IUS/01 - PRIVATE LAW - University credits: 6
Lessons: 48 hours
Professor:
Rodolfi Alessandro