ACIT4280 Privacy by design Course description

Privacy by Design is a fundamental requirement of the General Data Protection Regulation (GDPR) for all systems operating on personal information. This course provides an introduction to privacy and data protection including the legislation such as the GDPR, privacy enhancing technologies, privacy management, designing for privacy, and privacy patterns in software design. It enables the students to understand regulation, to identify privacy risk and consequences of data breaches, introduces them to privacy controls and builds skills in their application in a structured privacy engineering process.

General knowledge about information security, data processing and information system architecture would be beneficial.

No formal requirements over and above the admission requirements.

Knowledge

On successful completion of this course the student has:

• knowledge of basic legal privacy concepts and data protection regulations and will be able to apply them in systems analysis and design
• knowledge of concepts of privacy by design and privacy impact assessment and the ability to compare different assessment methods
• applicable knowledge of principles of architectural tactics for privacy and privacy patterns.

Skills

On successful completion of this course the student can:

• map legal privacy principles to technical privacy concepts
• design and plan solutions that map security and privacy goals to mitigation mechanisms and technologies
• apply privacy by design and analyze software architectures using privacy impact assessments

• apply appropriate architectural tactics for privacy and privacy patterns in order to derive and create solutions that mitigate privacy risks

General competence

On successful completion of this course the student can:

• explain and apply their knowledge of security and privacy enhancing technologies

• Online course material for preparatory reading (flipped classroom approach)
• Bi-weekly lecture and case discussions
• Bi-weekly presentations of student home assignment cases

The following required coursework must be approved before the student can take the exam:

One group assignment (2-5 students) consisting two parts: a report and a presentation.

Individual written exam, 3 hours. The exam result can be appealed.

New/postponed exam: In case of failed exam or legal absence, the student may apply for a new or postponed exam. New or postponed exams are offered within a reasonable time span following the regular exam. The student is responsible for registering for a new/postponed exam within the time limits set by OsloMet. The Regulations for new or postponed examinations are available in Regulations relating to studies and examinations at OsloMet.

None.

A-F

Two internal examiners. External examiner is used periodically.