IMT4217 - Introduction to Data Privacy


Lessons are not given in the academic year 2017/2018

Course content

The course is structured in three parts:
- The socio-political drivers of privacy. Here we discuss ethical and political foundations for why privacy is needed and frame privacy in terms of a tradeoff between individual privacy and societal benefit. An introduction to principles, best practices, and current rules and regulations to address this balance is presented in the context of data.
- Organizational techniques for data privacy. Here we present techniques for preventing unwarranted access to individuals’ data in the context of an organization. We will discuss access control mechanisms and their use for limiting unneeded access, data transport security, response to unwanted events such as breaches, as well as a process for identifying privacy requirements and connecting these with their implementations.
- Disclosure control. Here we discuss definitions of privacy in databases containing population data. In particular, we will contrast syntactic and differential privacy and their respective suitability for balancing privacy costs with information benefits, as well as present mechanisms for creating differentially private algorithms for data query.

Learning outcome

- familiarity with ethical and political background of privacy
- familiarity with current rules and regulations governing data privacy
- familiarity with the information security management process as it pertains to data privacy
- familiarity withcommon definitions of privacy in the context of databases

- identify privacy related aspects of proposed data accesses
- research identified privacy aspects
- differentiate between different approaches to disclosure control
- design simple differentially private algorithms

General competence
- The candidate can analyze problems of data privacy and recognize legal requirements to be met
- The candidate can work independently and select appropriate classes of controls for addressing concerns regarding data privacy
- The candidate can acquire new knowledge and skills from research literature

Learning methods and activities

Reading assignments
Classroom discussion

Compulsory assignments

  • Assignments
  • Exercises

Further on evaluation

Re-sit in August.

Specific conditions

Exam registration requires that class registration is approved in the same semester. Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)

Course materials

Books/legal text/standards, conference/journal papers and web resources including:
- Stanford Encyclopedia of Philosophy
- Regulations concerning privacy
- Select online papers on disclosure control and information security


Detailed timetable


  • * The location (room) for a written examination is published 3 days before examination date.
If more than one room is listed, you will find your room at Studentweb.