Training: Law of Data Security and Investigations

SANS Institute's Legal 523 Course

A prospective student asked: "I'm very interested in attending your SANS course. I'm working on a consulting gig that heavily references international HR / employee data (personal info, training info, health info, etc.) and am interested to know if you will cover such things and (different-country-different-laws) sort of issues in the SANS course?"

Ben's Reply

The purpose of the course is not to fill students' heads with five days of facts, reciting every law in the world that touches on data privacy, security or investigations.

When teaching in the "Live Online" format, Ben is known for
being very animated through his webcam. He uses props, videos
and theatrics. Something is always happening through the
webcam, which keeps students attentive and engaged.

If you survey the world looking for all those laws, you'll find that there are so many of them (and they are constantly changing) that it would be impossible to recite and compare all of those laws in a course of any duration.

The course is only five-days long. The students in the course hail from throughout the world (although the majority are from the US). The students come from very diverse enterprises: nonprofits, insurance, banking, government, public corporations, private corporations, higher education, law enforcement and much more.

Timeless Principles

In those five days, with this mix of intelligent people, I try to set a realistic goal: Instead of teaching and comparing every relevant law in the world, I try to teach broad, timeless principles. I aim to teach students how to think about this quickly changing field of law -- how to critically analyze the laws that apply to any given situation and how to develop practical strategies for compliance.

Continuing Professional
Education

I emphasize techniques for staying out of trouble in this ultra-networked 21st Century, where the conflicting laws of many countries can apply all at once.

HR-related laws and investigations are an important topic. Dealing with employee data is an important topic. Learning to deal with law in a dynamic, multi-country environment is an important topic.

But you should not expect to walk out of the class with a recitation and country-by-country comparison of present employment data laws. Even if it were possible to give you such a thing, it would be out-of-date in a week.

Coping with Risk

My goal is to help students cope rationally with the facts that:

(1) The laws applicable to them will change;

(2) It is impossible for the students or their employers to know all of the laws that apply to them; and

(3) The law of data privacy, security and investigations abounds with unanswered questions.

These facts imply that this area of law is filled with risk. I strive to teach students how to manage legal risk, recognizing that the risk will never come close to zero.

Five days leaves a lot of time for focusing on particular issues. If the prepared material does not cover specific topics, students and I talk a lot about those topics during breaks, before class and after class. Obviously, in those five days I do not become your employer's lawyer, and I don't give specific legal opinions. But I'm pretty good at teaching students how to get more information and how to cope with it at a practical level.

Students also learn a lot from each other. When during class a student says, "I'm dealing X," it is common that some other students say they have dealt with X too. Then the students talk and exchange cards and war stories during the breaks.

Different Modes of Delivery

The SANS Legal 523 course is delivered in these formats:

Live, in-classroom at major SANS Institute conference. This is most dynamic and interactive format.
Virtual Live (or vLive) - where I am teaching live through a webcam and students chat with me in realtime, as they view slides and take notes in the coursebooks. (I try to optimize use of the webcam with props and theatrics that promote learning.)
OnDemand - where students listen, at their own pace, to an audio recording of me as they view slides and read notes online. OnDemand is supplemented with periodic quizzes that prove students were paying attention; these quizzes help some students get CPE credit.
Self-Study - where students listen to an audio recording of me as they follow along in the coursebooks
On-Site - where I teach in-person, on location

Unique Professional Education

My SANS Legal 523 course is unique in the world. I know of nothing that competes with it as rigorous, practical education on the law of data privacy, security and investigations. Professionals from all over the world, including lawyers, come to take that course.

--Benjamin Wright

Footnote: In fact, dear reader, if you are aware of any other course in the world that compares to SANS Legal 523, I'd like to hear about it, just for the sake of knowing.

News November 2013: SANS Masters Degree is now accredited.

Update: SANS Legal 523 OnDemand format.

Latest observations about Legal 523 course.

About

Benjamin Wright is an attorney in private practice. He teaches the Law of Data Security and Investigations for the SANS Institute. He is author of The Law of Electronic Commerce (published by Wolters Kluwer) and Business Law and Computer Security (published by SANS). He helps others navigate the law of data compliance, including privacy, e-commerce, e-discovery, cloud contracts, records management and cyber investigations.

He is spotlighted in the book The Devil Inside the Beltway for his uncommonly insightful advice to LabMD in its now famous information security law dispute.

Public Statements Are Not Legal Advice

None of Mr. Wright's public statements, such as remarks on blogs, twitter, youtube web pages, social media and the like, are guaranteed for accuracy or are legal advice for any particular situation. You use the ideas in those statements at your own risk. If you need legal advice, you should consult a lawyer.

Mr. Wright's blogs, updates, tweets, web comments, youtube videos, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer.

Mr. Wright does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Wright has done anything illegal or unethical, he asks that person promptly to telephone him at 1.214.403.6642. Promptness helps mitigate damage.

Any person accessing any of Mr. Wright's blogs, tweets, profiles, comments, web pages or other public activities or statements agrees not to use data from them in a way that is adverse to Wright's interests.

No Advertisement

Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Communication with Mr. Wright via private message does not, in itself, create an attorney-client relationship.

Privacy/Security Vision

Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

IMPORTANT Confidentiality Notice

Benjamin Wright is licensed as an attorney. Some of Mr. Wright's non-public records stored in the cloud are confidential and subject to protections associated with attorney work and communications. The laws of many countries recognize such protections. Mr. Wright insists that you recognize those protections with respect to his records and communication.

Relationships

The only person responsible for Mr. Wright's words is Mr. Wright.

Mr. Wright has earned money from some organizations he mentions online, such as Messaging Architects/Netmail, SANS Institute and LabMD.

Attribution

Some images, sounds and font output associated with Wright's work and comments are copyrighted by Corel Corporation or its licensors or partners like iStockphoto; they reserve all their rights. Some images are declared on wikimedia to be public domain. Mr. Wright strives to respect IP rights, but sometimes technology behaves in surprising ways. If you are an IP owner and you have a problem with something published by Mr. Wright, please telephone him promptly. Trademarks are property of their respective owners.

Dallas, Texas. Tel: +1.214.403.6642

InfoSec & Forensics Law

Training: Law of Data Security and Investigations

Different Modes of Delivery

No comments:

Post a Comment

SANS Quote

How to Get Electronic Evidence

Government Agency & School Records