Business firms, universities, government entities, and hospitals are subjected to constant automated efforts to achieve electronic theft of records pertaining to their customers, students, and patients, with hundreds of millions of such records falling into the hands of criminal syndicates each year. This cutting edge course focuses on the civil law that imposes significant regulatory duties on these entities to protect this vital personal and financial information from unauthorized access. When firms fail to protect this data, their customers often find their identities stolen, their bank accounts drained, and liabilities created that they are charged to pay. The firms themselves may face huge losses (such as Target) and fines, and some -- including law firms-- have been forced to terminate operations. This course will prepare students for expansive new career opportunities available to those with expertise in data protection law, which include many in-house positions that direct corporate compliance strategies for achieving compliance with privacy and security regulation. No technical background is required; the course will include an introduction to cybersecurity and information systems as well as explore data privacy issues and the risk assessment methods that regulatory agencies and courts are demanding of business entities as basic due diligence. Grades for the course will be based on a combination of short exercises and homework, and several announced short quizzes.