Training: Law of Data Security and Investigations

SANS Institute's Legal 523 Course

A prospective student asked:  "I'm very interested in attending your SANS course.  I'm working on a consulting gig that heavily references international HR / employee data (personal info, training info, health info, etc.) and am interested to know if you will cover such things and (different-country-different-laws) sort of issues in the SANS course?"

Ben's Reply

The purpose of the course is not to fill students' heads with five days of facts, reciting every law in the world that touches on data privacy, security or investigations.
When teaching in the "Live Online" format, Ben is known for
being very animated through his webcam. He uses props, videos
 and theatrics. Something is always happening through the
webcam, which keeps students attentive and engaged.
 If you survey the world looking for all those laws, you'll find that there are so many of them (and they are constantly changing) that it would be impossible to recite and compare all of those laws in a course of any duration.

The course is only five-days long.  The students in the course hail from throughout the world (although the majority are from the US).  The students come from very diverse enterprises:  nonprofits, insurance, banking, government, public corporations, private corporations, higher education, law enforcement and much more.

Timeless Principles

In those five days, with this mix of intelligent people, I try to set a realistic goal:  Instead of teaching and comparing every relevant law in the world, I try to teach broad, timeless principles.  I aim to teach students how to think about this quickly changing field of law -- how to critically analyze the laws that apply to any given situation and how to develop practical strategies for compliance.

Continuing Professional
I emphasize techniques for staying out of trouble in this ultra-networked 21st Century, where the conflicting laws of many countries can apply all at once.

HR-related laws and investigations are an important topic.  Dealing with employee data is an important topic.  Learning to deal with law in a dynamic, multi-country environment is an important topic.

But you should not expect to walk out of the class with a recitation and country-by-country comparison of present employment data laws.  Even if it were possible to give you such a thing, it would be out-of-date in a week.

Coping with Risk

My goal is to help students cope rationally with the facts that:

(1) The laws applicable to them will change;

(2) It is impossible for the students or their employers to know all of the laws that apply to them; and

(3) The law of data privacy, security and investigations abounds with unanswered questions.

These facts imply that this area of law is filled with risk.  I strive to teach students how to manage legal risk, recognizing that the risk will never come close to zero.

Five days leaves a lot of time for focusing on particular issues.  If the prepared material does not cover specific topics, students and I talk a lot about those topics during breaks, before class and after class.  Obviously, in those five days I do not become your employer's lawyer, and I don't give specific legal opinions.  But I'm pretty good at teaching students how to get more information and how to cope with it at a practical level.

Students also learn a lot from each other.  When during class a student says, "I'm dealing X," it is common that some other students say they have dealt with X too.  Then the students talk and exchange cards and war stories during the breaks.

Different Modes of Delivery

The SANS Legal 523 course is delivered in these formats:

  • Live, in-classroom at major SANS Institute conference.  This is most dynamic and interactive format. 
  • Virtual Live (or vLive) - where I am teaching live through a webcam and students chat with me in realtime, as they view slides and take notes in the coursebooks.  (I try to optimize use of the webcam with props and theatrics that promote learning.)
  • OnDemand - where students listen, at their own pace, to an audio recording of me as they view slides and read notes online.  OnDemand is supplemented with periodic quizzes that prove students were paying attention; these quizzes help some students get CPE credit.
  • Self-Study - where students listen to an audio recording of me as they follow along in the coursebooks
  • On-Site - where I teach in-person, on location 

Unique Professional Education

My SANS Legal 523 course is unique in the world.  I know of nothing that competes with it as rigorous, practical education on the law of data privacy, security and investigations.  Professionals from all over the world, including lawyers, come to take that course.


Footnote:  In fact, dear reader, if you are aware of any other course in the world that compares to SANS Legal 523, I'd like to hear about it, just for the sake of knowing.

News November 2013:  SANS Masters Degree is now accredited.

Update: SANS Legal 523 OnDemand format.

Latest observations about Legal 523 course.

No comments:

Post a Comment