DATA3790 Privacy and identity technology project Course description

The student will carry out a project in the field of data protection and identity technology, preferably in collaboration with a relevant IT company, individually or in a group of up to five students. The aim is to provide the students with an introduction to data protection and identity technology, while they solve a commercial problem in the form of an extensive project assignment with a work load equivalent to 10 hours a week over a 12-week period. If the project is carried out during the summer, the work must correspond to four days a week over a six-week period.

The increasing use of digital media and internet to solve more and more of our tasks in both our private life and our work life (banking, shopping, health, education, exams, employment, news, tourism etc.), increases the chance of a data breach or misuse of personal information. In order to prevent this and ensure that trust in digital solutions is maintained, we need good data protection. By good data protection we mean that personal data must be treated carefully and used in such a way that it benefits users, customers and employees.

The aim of the new legislation GDPR (General Data Protection Regulation) is to focus on these issues and demand that all businesses that process personal data have a good data protection system in place, which among other things means that the registered person’s rights are maintained in a secure and reassuring way. These rights are about the right to access, deletion, portability, correction of wrong data and limits to processing. To comply with the strict demands for good personal data protection, it is necessary to have good technical support. This could be technology that supports the identification of persons, process automation, fraud prevention, handling the rights and consent of the data subjects, administration and quality assurance of data processor agreements, internal control support etc.

In addition to the projects on offer, students can find their own projects within a relevant company, public organization or nonprofit. In this case, it is the student's responsibility to find a supervisor for the project within the external organization. All student-initiated projects must be approved by the course coordinator before the start of the project.

Completion of the course requires a placement in the relevant health care environment corresponding to two days a week over a 12-week period.If the project is carried out during the summer, the work must correspond to four days a week over a six-week period.

The elective course will only run if a sufficient number of students a registered.

No requirements over and above the admission requirements.

After completing the course, the student is expected to have achieved the following learning outcomes defined in terms of knowledge, skills and competence:

Knowledge

The student:

• has a fundamental understanding of what lies in personal data protection, and what good personal data protection is
• has knowledge of how personal data and identity management are connected
• has a fundamental understanding of how technology supports good personal data protection and secure identity (Personal data technology and identity technology)
• is aware of ethical as well as legal aspects of personal data, including the GDPR
• is aware of how personal data protection technology is used/can be used in business and industry, and in public administration

Skills

The student is capable of:

• implementing simple application of identity technology. For instance: how to use two-factor authentication, biometrics etc.
• using data protection and identity technology in areas of application such as handling consent, connecting several sources together to ascertain the correct identity etc.

General competence

The student is capable of:

• applying his/her knowledge of data protection and identity technology to solve problems relevant for business and industry/society

The students will work individually or in groups of up to five students to complete a project in the field of personal data and identity technology in cooperation with relevant external parties such as businesses or public organisations. The students are given access to relevant online resources, and receive supervision from an internal and/or external supervisor.

The course can be carried out individually by agreement with the course coordinator.

The projects are chosen/assigned at the start of the semester.

The following work requirements are mandatory and must be approved in order to prepare for the exam:

• A project outline that describes how the group will organise their work on the project.
• A standard learning agreement must be entered into between the project provider / supervisor and the student(s), and this must be approved by the course coordinator before the project can start.
• Three meeting minutes from supervisory meetings during the project period.
• An oral mid-term presentation, individual or in groups (max 5 students), 10 minutes + 5 minutes Q&A.

The deadlines for submitting the project outline and minutes of the meetings will be presented in the teaching plan, which is made available at the beginning of the semester.

Written project report (100% of the final grade).

A written project report delivered at the of the semester, individual or in groups (max 5 students), 4000 words +/-10 %.

For group projects, all members of the group receive the same grade. Under exceptional circumstances, individual grades can be assigned at the discretion of the project supervisor(s) and Head of Studies.

The exam result can be appealed.

All aids are permitted, as long as the rules for source referencing are complied with.

Grade scale A-F.

One internal examiners. External examiners are used regularly.