Course Syllabus

Please note that the specifics of this Course Syllabus are subject to change. Instructors will notify students of any changes and students will be responsible for abiding by them. Even if you print this syllabus, please check the online version often.


IST 452: Legal and Regulatory Environment of Privacy and Security (3 credits) - Exploration of legal, regulatory, public policy, and ethical issues related to security and privacy for information technology professionals in public institutions, private enterprise, and IT services.

Students explore these topics in connection with privacy and information security, both generally and in the context of new and emerging technologies. A basic focus of the course will be the manner in which legal and regulatory principles have evolved in order to deal effectively with new privacy and security issues that have arisen as the pace of technological advancement in the information technology field has increased.

One key recurring theme will be the seemingly inherent tension between protection of privacy, on the one hand, and robust counterterrorism and law enforcement measures, on the other. The course will examine issues of civil liberties in connection with recent legislation aimed at strengthening the measures available to governmental authorities to gain access to information for law enforcement and counterterrorism purposes.

The semester will be divided into five discrete, yet interrelated units. The course will begin with an examination of basic legal and Constitutional principles in order to provide the necessary framework for onward discussion of specific legal and regulatory issues.  The class sessions of Unit One will consider the legal process generally, including sessions on civil and criminal law and procedure as well as on electronic evidence and electronic data discovery.  The privacy implications of the First Amendment to the U.S. Constitution will be discussed, with a particular emphasis on privacy & the media.  Unit One will also consider the fundamental concept of privacy in today's Information Age as well as international approaches to privacy, which in some ways differ markedly from the American approach.

Unit Two will consider privacy issues relating to law enforcement. Class sessions will examine the role of the Fourth and Fifth Amendments to the U.S. Constitution in regulating government searches and seizures, along with judicial opinions from the U.S. Supreme Court and other courts that have interpreted Constitutional principles in applying them to privacy-related cases.  UNIT Two will also include a discussion of Federal electronic surveillance statutes as well as court cases that have interpreted and refined constitutional principles that apply to searches and seizures in the Digital Age.

Unit Three will focus national security investigations and on the powers, rights and obligations of governmental authorities with respect to the compilation and maintenance of records containing personally identifiable information and on government access to personal data. Class sessions will consider the Privacy Act, the Freedom of Information Act and other relevant legislation, including laws governing electronic surveillance in so-called "National Security cases."  In particular, the relevant provisions of the USAPATRIOT Act and the Foreign Intelligence Surveillance Act will be examined. 

Unit Four will deal with issues of information security. The unit will begin with a discussion of data security and data breach notification statutes.  The emerging problem of cybercrime will be addressed in connection with a discussion of white collar crime generally.  Unit Four will also entail an overview of laws and polices relating to intellectual property, including class sessions dealing with trade secrets, copyrights, trademarks and patents.  The unit will conclude with a discussion of emerging issues related to health, education and employment privacy.

The private data industry will be the main topic of discussion in Unit Five. Issues will include financial privacy and other issues relating to the permissible commercial uses of personal data.


  • IST 432


Upon completion of the course, the student will be able to:

  • identify the various sources of law (i.e. statutory and case-based law) that delineate privacy rights
  • recognize the public policies underlying regulation of privacy rights and security duties
  • appreciate how laws, legal principles and policies have had to adapt and be reinterpreted in order to meet the new challenges posed by the emergence of new technologies, and in particular information technologies
  • apply those legal principles to the novel privacy and information security issues that have arisen in the Context of the Digital Age


  • TBD

Please note that when you compose an email to your instructor, others will likely be listed as "Teachers" from the Canvas interface. This is misleading because only your instructor, possibly TA/LA's listed here, are monitoring your messages. All of your course communications should be limited to those listed here.


  • Solove, D. J., & Schwartz, P. M. (2017). Privacy law fundamentals (4th ed.). International Association of Privacy Professionals (IAPP). ISBN 978-0998322315

Assignments & Grading


You will be required to write a number of group-based case briefs as well as one individual case brief. Guidelines regarding format, length and style will be provided. In addition, each group will be assigned to make one oral presentation of a case brief.


The assessments for this course will include 12 quizzes. The quizzes will each contain 10-15 questions. Question format will be multiple choice, true/false or short answer. Quiz questions will be based on the content of course PowerPoint presentations as well as the material contained in assigned readings.

Group Paper

Each group will research a topic related to the subject matter of IST 452 determined through a proposal and approval process administered by the instructor. Possible topics will be provided for group consideration. Groupa will be required to submit an abstract at least two weeks before their final papers. The abstract should include the key points of the topic and the reason for choosing it.

Submission Requirements

Spelling and grammar count. Your submissions will be marked down for incorrect spelling or poor grammar. This includes using contractions (i.e., Don’t instead of do not). In formal writing you spell out both words unless you are using the word in a direct quote.

Assignments are due at 11:59 PM ET on the Sunday (except where noted, see schedule) at the end of the week when the assignment was made.

Assignment submission length: For those assignments for which a minimum/maximum length is stated, please try to stay within the guidelines. You will be expected to make your basic points in that space.  Note that the maximum number of pages does not include a title page (i.e., formal title page or list of group members names & subject) or bibliographic information. Hence a “one page” BLUF might actually be three pages.

Submission format: This seems trivial but with 40 students it can quickly become an issue. The following are the procedures you should follow:

  • For individual assignments this is the expected format: Last name of student plus assignment or lesson # in the name of the document
  • For group-based assignments: Group Name Assignment or Lesson # in the name of the document
  • For all submissions for which you upload a document, please use only Microsoft Word (doc or docx - NO pdf files)

Group Formation Process

During the first week of the course, you will be assigned to groups of 3-4 students. If you would like to form a group (or part of a group) with students whom you know, please let the instructor know as soon as possible. Otherwise groups will be randomly assigned.  Please be aware that your group composition may change later in the course for various reasons. For example, some students may be added or dropped from your group during the official Add/ Drop phase of the semester.

Course Grading Breakdown
Grading Category Percentage of Final Grade
Homework 25.5%
Quizzes 50%
Group Paper 18%
Discussion Activities 4%
Peer Evaluation 2.5%
TOTAL 100%

Course Grading Scale

The following are minimum cutoffs for each grade:

  • 93.00% = A
  • 90.00% = A-
  • 87.00% = B+
  • 83.00% = B
  • 80.00% = B-
  • 77.00% = C+
  • 70.00% = C
  • 60.00% = D
  • less than 60.00% = F

Course Policies and Expectations

  • No make-up exams, quizzes or other assignments will be given without prior approval by the instructor and valid written documentation supporting the request. The same rule applies to homework assignments and in-class activities.
  • Make-ups for tests and/or assignments for students who do not comply with these rules may, at the discretion of the instructor, be allowed on a reduced-point basis.
  • Assignments turned in late will, at the discretion of the instructor, be graded on a reduced-point basis.
  • Logging into Canvas - Students are expected to login regularly to check for course updates, announcements, emails, discussions, etc.
  • Emailing through Canvas - Students are expected to use Canvas for all course email communication.
  • Attending virtual meetings - Students are expected to use specified virtual meeting tool(s) for collaboration, meetings, presentations, etc., as needed.

Academic Integrity

Penn State and the College of Information Sciences and Technology are committed to maintaining Penn State's policy on Academic Integrity in this and all other courses. We take academic integrity matters seriously and expect you to become a partner to the University/College standards of academic excellence.

For more information, please review these policies and procedures:

WARNING: In addition to other policies, using any material in any media format - from “answer sites” (such Course Hero, Chegg, and all others) and/or other type of sources - is considered CHEATING and will not be tolerated. Sanctions range from failure of the assignment or course to dismissal from the University. Contact your instructor with questions related to this topic.

University Policies

Review current information regarding various Penn State policies (such as copyright, counseling, psychological services, disability and military accommodations, discrimination, harassment, emergencies, trade names, etc.) on the University Policies page.


Find extensive information and links to many Penn State and IST resources (including the Penn State libraries, video conferencing tools, technology and software, writing and research help, and much more) on the Resources page.

Technical Requirements

Standard World Campus computer technical specifications are assumed for this course. Please test your computer for requirements. In addition, a webcam and a headset with a microphone are REQUIRED for the course. These may be used for virtual meetings, virtual office hours, interactions with classmates and your instructor, and group presentations - which are all conducted with virtual meeting tools. No special software is required.


The following schedule outlines the topics covered in this course, along with the associated time frames, readings, activities, and assignments. All due dates reflect Eastern Time (ET). Specifying the time zone ensures that all students have the same deadlines, regardless of where they live.

Course Summary:

Date Details Due