Course 2020-2021 a.y.

20655 - CYBER RISK AND DATA PROTECTION LAW

Department of Law

Course taught in English
Go to class group/s: 25
CYBER (6 credits - II sem. - OB  |  IUS/04)
Course Director:
MARIA LILLA' MONTAGNANI

Classes: 25 (II sem.)
Instructors:
Class 25: MARIA LILLA' MONTAGNANI


Mission & Content Summary

MISSION

The course aims at identifying the main legal issues connected to the risk management that a cyber-company faces in light of the current European regulatory framework. The first part of the course deals with the topic of EU data protection. After describing the GDPR’s main provisions, it addresses the rules governing data processing and, in particular, the duties cast upon controllers and processors. In this context the role and obligations of data protection officers are illustrated. The second part of the course focuses on cybersecurity. After having described the main threats and vulnerabilities of networks, it illustrates the best practices and rules used to tackle them. In particular, it analyses the NIS Directive and the Cybersecurity Act in force into the European Union. It concludes with the discussion of how these rules are tailored within specific industries.

CONTENT SUMMARY

Part I. European Data Protection Law:

  • General provisions.
  • Principles and rights related to data processing and data subjects.
  • Controller and processor.
  • Security of personal data.
  • Data protection officer.
     

Part II. Cybersecurity:

  • Threats and Vulnerabilities.
  • Best Practices and rules.
  • The NIS Directive 2016.
  • Cybersecurity Act 2017.
  • Cybersecurity Governance.
  • Industry specific cybersecurity rules.

 


Intended Learning Outcomes (ILO)

KNOWLEDGE AND UNDERSTANDING

At the end of the course student will be able to...
  • Identify the risks linked to the processing of data and the use of networks
  • Identify the legal tools that cyber companies need to tackle the risks brought about by the digital environment in order to comply with within the current EU regulation.

APPLYING KNOWLEDGE AND UNDERSTANDING

At the end of the course student will be able to...
  • Assess practical situations related to the risks of processing data and the use of technologies
  • Apply the legal rules ot practical situations in which cyber companies need to tackle the risks brought about by the digital environment in order to comply with within the current EU regulation.

Teaching methods

  • Face-to-face lectures
  • Guest speaker's talks (in class or in distance)

DETAILS

  • Face to face classes are taught by Bocconi faculty members.
  • Some classes are covered by specific guest – professionals operating in cyber companies in the capacity of data protection officer and risk manager – to provide a more concrete understanding of the roles and duties that the law require them to perform.

Assessment methods

  Continuous assessment Partial exams General exam
  • Written individual exam (traditional/online)
   x x
  • Active class participation (virtual, attendance)
 x    

ATTENDING AND NOT ATTENDING STUDENTS

The exam aims at verifying the ability of students in identifying legal issues that can arise in relation to risk management and data processing and applying the legal solutions to them.

  • The questions test the students' ability to reason and apply legal provisions to case scenario, which means: unpacking the scenario, identifying the legal challenges, providing - where possible - the solution; if no solution is possible, then laying out the alternatives
  • The active class participation in the tutorials tests the students' ability to reason using the knowledge acquired in class

 

Students can take a partial written exam covering the first part of the course and complete the written exam at the end of the course with the second part. The weight is: 50% for the partial exam and 50% for the end of term exam.

Alternatively, students can take a general written exam covering both parts of the course and accounting for 100% of the final grade (50%+50%, as mentioned above). The detailed structure of the exams will be announced at the beginning of the course.

Active participation in the four tutorials of this course can bring up to 4 additional points towards the final mark of the students (on top of their exam mark).


Teaching materials


ATTENDING AND NOT ATTENDING STUDENTS

Students are required to have the slides and read, for each of the topics discussed in class, a scientific paper. All materials are available on the Bboard.

Last change 16/02/2021 15:39