Course - Introduction to Data Privacy - IMT4217
IMT4217 - Introduction to Data Privacy
About
Lessons are not given in the academic year 2024/2025
Course content
Data privacy has a significant overlap with information security. Importantly, information security is a prerequisite for privacy. Furthermore, many organizational techniques from information security are applicable to maintaining data privacy. However, data privacy also differs from information security in significant ways. One of these lies in the focus on control of inferences from given data and information. This course is centered on introducing quantitative theory for this inference control often referred to as statistical disclosure control. We will discuss formal definitions of privacy in databases containing population data. In particular, we will contrast syntactic and differential privacy and their respective suitability for balancing privacy costs with information benefits. We will spend significant time studying differentially private algorithms for querying data. In addition, we will discuss ethical and political arguments for why privacy is needed and discuss the framing of privacy in terms of a tradeoff between individual privacy and societal benefit. In this context, we will critique current popular technical and regulatory approaches to data privacy from a quantitative theory perspective.
According to the UN declaration of human rights, privacy is a fundamental human right. Data privacy reduces information asymmetries and therefore reduces inequalities in power between individuals and corporations and other institutions, reduces possibilities for persecution, allows dissent, and is intrinsically connected to democracy. As such it touches on a multitude of UN’s Sustainable Development Goals, including gender equality (5), Industry, Innovation and Infrastructure (9), Reduced Inequalities (10), Sustainable Cities and Communities (11), and Peace, Justice and Strong Institutions (16).
Learning outcome
Knowledge:
The successful student will have an advanced understanding of the theoretical underpinnings of data privacy. She will be able to relate this understanding to areas ranging from the philosophical, through the political and organizational, to the technical. In particular, she will know privacy as a process of adapting to a changing circumstance and understand the significance of randomness in protecting privacy and quantifying risk, and be able to operationalize this understanding.
Skills:
- identify privacy related aspects of data uses
- evaluate proposed technical mechanisms for privacy protection
- apply differentially private mechanisms when the sensitivity to requested information to changes in data is readily available
General competence:
- acquisition of new knowledge and skills from research literature
- quantitative and qualitative analysis of problems
- relating technology and society
Learning methods and activities
- Lectures.
- A multi-part obligatory activity which includes reading assignments and exercises spread throughout the semester.
- Voluntary activities. While lectures will introduce tools and concepts as they are needed,self-guided study is expected.
- Online discussions. An efficient learning tool is explaining to others. The use of an instructor monitored online forum for discussions and questions will be encouraged. Note that teaching activities might need to be performed within a limited time span.
Compulsory assignments
- Approved exercises
Further on evaluation
Re-sit exam, generally held in august, will be written except when the number of students is too low (might be changed to oral). Beyond that, the entire class must be repeated provided it is offered.
Specific conditions
Admission to a programme of study is required:
Cyber Security and Data Communication (MTKOM)
Digital Infrastructure and Cyber Security (MSTCNNS)
Information Security (MIS)
Information Security (MISD)
Security and Cloud Computing (MSSECCLO)
Recommended previous knowledge
Knowledge of calculus, basic probability theory and statistics commensurate with university level introductory classes.
Course materials
The course primarily reflects the contents of a monograph specifically written for this course that will be made available to the students at the beginning of the semester (a draft is available at https://folk.ntnu.no/staal/dist/privacybook.pdf).
Other materials that form the basis of this course include:
- The Algorithmic Foundations of Differential Privacy (https://www.cis.upenn.edu/~aaroth/privacybook.html)
- Stanford Encyclopedia of Philosophy (https://plato.stanford.edu/entries/privacy/)
- Reports from the Norwegian Data Protection Authority (https://www.datatilsynet.no/en/about-privacy/reports/)
- Regulations concerning privacy: GDPR Homepage (https://www.eugdpr.org/), Datatilsynet (https://www.datatilsynet.no/regelverk-og-skjema/nye-personvernregler/)
- Select materials on disclosure control and information security
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
No
Language of instruction: English
Location: Gjøvik , Trondheim
- Computer and Information Science
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"