MARA 284-10
Seminar in Archives & Records Management
Topic: Technology, Privacy, and the Law
Spring 2022 Syllabus

Dr. A. Jansen
Other contact information:
Office location: Virtual
Office Hours: Saturdays, 8-10 am Hawaii Time upon request

Syllabus Links
Canvas Login and Tutorials
iSchool eBookstore

Canvas Information: Courses will be available beginning January 26th, 6 am PT unless you are taking an intensive or a one-unit or two-unit class that starts on a different day. In that case, the class will open on the first day that the class meets.

You will be enrolled in the Canvas site automatically.

Course Description

This course introduces the fundamentals of privacy management from a Records and Information Management (RIM) perspective.

Course Requirements


Grading will be based on a total accumulation of possible 100 points, distributed as follows:



Possible Points

Discussion Board Posts, Quizzes, and Formative Exercises

PLO: G, H and J

CLO: 1 – 4


Privacy-Tech Analysis and Presentation

PLO: G, H, and J

CLO: 1 – 4


Final Examination

PLO: G and H

CLO: 1 – 3





Discussion Board Posts, Quizzes, and Formative Exercises (30 points): Throughout the semester, students will be expected to participate in a variety of formative assignments, including discussion board postings, quizzes, and exercises applying their learning (such as identifying personally identifiable information in a record, or identifying metadata that could be used to re-identify a data subject).

Privacy-Tech Analysis and Presentation (50 points, divided over scaffolding assignments and final product): Student will select an application of an information and communications technology (for example, big data analytics for targeted advertising). From the perspective of a particular jurisdiction (e.g., California), the student will analyze and present:

  1. Information flows and data likely to be captured by the application;
  2. Privacy stakeholders impacted by the application;
  3. The legal and ethical frameworks applicable to the application;
  4. Best practices for the information flows and data, including:
    1. Privacy practices (such as consent, data minimization, etc);
    2. Security as related to privacy;
    3. Breach practices;
    4. RIM/archival best practices.
  5. Recommendations for how this information should be created, used, preserved, and accessed while respecting the identified privacy needs.

Student will create two products from this: 1. A written report (10 – 15 pages) detailing the analysis and student recommendations (25 points, inclusive of scaffolding assignments); and 2. An educational presentation (20 points, inclusive of scaffolding assignments) (video of approximately 7 – 10 minutes, infographic, other) on the privacy dimensions of their chosen application and how they relate to the broader themes of the course. Students will develop their project in consultation with the professor throughout the semester, and will post their educational presentation in the thirteenth week of the course for their classmates to engage with and respond to (5 points for peer response). Students may revise their presentation, incorporating peer feedback, prior to final submission with the analysis.

Final Examination (20 points): The final exam is open-book, open-notes, open-Google. Students may not consult with other people, however. Students will have twenty-four (24) hours from the opening of the exam to return the exam. The exam will take the form of a hypothetical scenario in which the student is to take the role of the records manager/archivist. After reading the hypothetical, the student will draft a memo to their hypothetical organization advising on:

  1. The potential privacy issues and stakeholders at play;
  2. The RIM considerations around the hypothetical;
  3. The technological considerations around the issues;
  4. The legal and ethical considerations around the issues; and
  5. The student’s recommendations to their organization.

Assignments Due
Unless otherwise noted, each module begins on Monday and ends on Sunday. As such, all work due that week must be time-stamped no later than Sunday 11:59 pm of that week (That’s 11:59 pm Hawaii Time, so you get the benefit of the time zone differences!).

Course Calendar

Subject to change with fair notice:





1/26- 1/30

Introductions, Syllabus, Course Requirements, Course Overview; Course Learning Objectives and Outcomes

Introduction: Defining Privacy


1/31- 2/6

Jurisdiction and Privacy Laws: GDPR, Data Localization Laws, and the International Nature of Data and Information Privacy


2/7 - 2/13

U.S. Privacy Law: Constitutional Privacy, Reasonable Expectation, and Third-Party Doctrine


2/14 - 2/20

U.S. Privacy Law: Statutory Privacy Law, Omnibus and Sectoral Regulation


2/ 21 - 2/27

Privacy self-management and consent


2/28- 3/6

Privacy frameworks: FIPPs, NIST, and ISO/IEC 27701:2019


3/7- 3/13

New tech, new threats?: Privacy, big data analytics, and emerging technologies

Midterm feedback due

Final project should be approved by this point


3/14 - 3/20

New tech, new protections: Cryptography, differential privacy, federated machine learning


3/21 - 3/27

Privacy and Recordkeeping: Transparency and Authenticity


3/28- 4/3

Recess Week – Relax, Recharge, Rejuvenate


4/ 4- 4/10

Privacy and Recordkeeping: Privacy, Access, and Archival Ethics


4/11 - 4/17

Metadata and Records Privacy


4/18- 4/24

Anonymization, De-identification, and Re-identification


4/25 - 5/1

Unequal Privacy: Positionality and Privacy Protection

Education Presentation Due for Peer Review


5/2- 5/8

Security and Privacy


5/9 - 5/15

Course Review/Reflections/Conclusions

Final Examination Due

Final Project Due



Course is pau (done in Hawaiian)!


  • Late assignments will not be accepted except in extreme circumstances, and in consultation with the course instructor. If accepted, late assignments submitted after the assignment deadline will receive a 10% point reduction for each day up to 5 days based on the total point value of the assignment. No points will be awarded after 5 days late. 
  • Discussion board postings will not be accepted for credit after the module's discussion has ended.
  • All course materials must be completed by the last day of the class.
  • NOTE: Students should provide their initial discussion board posts by the first Thursday of each module by 11:59 PM (Hawaii Standard Time), to leave ample time for follow-up discussion. Please participate early and actively in the required discussions.
  • Details for all the discussions and assignments will be provided in Canvas.

Course Workload Expectations

Success in this course is based on the expectation that students will spend, for each unit of credit, a minimum of forty-five hours over the length of the course (normally 3 hours per unit per week with 1 of the hours used for lecture) for instruction or preparation/studying or course related activities including but not limited to internships, labs, clinical practica. Other course structures will have equivalent workload expectations as described in the syllabus.

Instructional time may include but is not limited to:
Working on posted modules or lessons prepared by the instructor; discussion forum interactions with the instructor and/or other students; making presentations and getting feedback from the instructor; attending office hours or other synchronous sessions with the instructor.

Student time outside of class:
In any seven-day period, a student is expected to be academically engaged through submitting an academic assignment; taking an exam or an interactive tutorial, or computer-assisted instruction; building websites, blogs, databases, social media presentations; attending a study group;contributing to an academic online discussion; writing papers; reading articles; conducting research; engaging in small group work.

Course Prerequisites

MARA 284 - Technology, Privacy, and the Law has no prerequisite requirements

Course Learning Outcomes

Upon successful completion of the course, students will be able to:

  1. Describe and apply the legal and ethical principles of privacy that apply to managing both physical and digital records.
  2. Identify and respond to the challenges that new information and communications technologies pose for managing information privacy.
  3. Describe current best practices regarding information security and privacy.
  4. Demonstrate an understanding of information privacy as both jurisdictionally- and culturally-dependent, and identify the diverse stakeholders in information privacy.

Core Competencies (Program Learning Outcomes)

MARA 284 supports the following core competencies:

  1. G Describe the legal requirements and ethical principles involved in managing physical and digital information assets and the information professional#s role in institutional compliance and risk management.
  2. H Describe current information technologies and best practices relating to the preservation, integrity, and security of data, records, and information.
  3. J Describe global perspectives on effective information practices that are supportive of cultural, economic or social well-being..


Required Textbooks:

  • Lane, J., Stodden, V., Bender, S., & Nissenbaum, H. (Eds.). (2014). Privacy, big data, and the public good: Frameworks for engagement. Cambridge University Press. Available through Amazon: 1107637686arrow gif indicating link outside sjsu domain

Grading Scale

The standard SJSU School of Information Grading Scale is utilized for all iSchool courses:

97 to 100 A
94 to 96 A minus
91 to 93 B plus
88 to 90 B
85 to 87 B minus
82 to 84 C plus
79 to 81 C
76 to 78 C minus
73 to 75 D plus
70 to 72 D
67 to 69 D minus
Below 67 F


In order to provide consistent guidelines for assessment for graduate level work in the School, these terms are applied to letter grades:

  • C represents Adequate work; a grade of "C" counts for credit for the course;
  • B represents Good work; a grade of "B" clearly meets the standards for graduate level work or undergraduate (for BS-ISDA);
    For core courses in the MLIS program (not MARA, Informatics, BS-ISDA) — INFO 200, INFO 202, INFO 204 — the iSchool requires that students earn a B in the course. If the grade is less than B (B- or lower) after the first attempt you will be placed on administrative probation. You must repeat the class if you wish to stay in the program. If - on the second attempt - you do not pass the class with a grade of B or better (not B- but B) you will be disqualified.
  • A represents Exceptional work; a grade of "A" will be assigned for outstanding work only.

Graduate Students are advised that it is their responsibility to maintain a 3.0 Grade Point Average (GPA). Undergraduates must maintain a 2.0 Grade Point Average (GPA).

University Policies

Per University Policy S16-9, university-wide policy information relevant to all courses, such as academic integrity, accommodations, etc. will be available on Office of Graduate and Undergraduate Programs' Syllabus Information web page at: Make sure to visit this page, review and be familiar with these university policies and resources.

In order to request an accommodation in a class please contact the Accessible Education Center and register via the MyAEC portal.

icon showing link leads to the PDF file viewer known as Acrobat Reader Download Adobe Acrobat Reader to access PDF files.

More accessibility resources.