This course examines the legal, policy, and operational management issues related to individual privacy and data protection. Primarily focusing on U.S. law, it includes as a contrast a depth exposure to the new EU General Data Protection Regulation that imposes a much more robust privacy regulatory regime. The EU's privacy regime exerts significant influence on foreign governments and multinational business organizations. We not only examine the privacy protections provided by U.S. statutory law and regulations (less attention is accorded to constitutional and tort law), but also study the ways technology can be used to protect individual and corporate privacy. The course will accentuate technology-related privacy concerns and risk mitigation strategies, in, for example: mobile phones; behavioral advertising (including tools to prevent targeted advertising and online tracking); social networks and online services (including dating and genealogy sites); encrypted communication systems; medical 'big data'; commercial drones; facial recognition and other biometrics; and geographic locational tracking. The course coverage enables students to take the exam to earn the initial certification as a Privacy Professional (CIPP/US).