Cyber Security in Law Clinic courses ETCV 598 CAPSTONE PRoject

Michael S. Wagenheim

  • 19 years at the University of Arizona putting technology to use in support of education
  • Distance Learning
  • Curriculum Development
  • Course Web Development (pre-D2L)
  • Assessment Technology
  • Technical Infrastructure
Director of IT (2014-present)
Director of IT (2010-2014)
Support Systems Analyst, Sr. (2000-2010)
Media Specialist, Sr./Technical Expert (1998-2001)

B.A. in Political Science

Introduction: Cyber Security in Law Clinic Courses

The project purpose: to develop a mini-D2L course as an introductory learning module that is focused on cyber security and the practice of law. It will be used to educate law students enrolled in our Law Clinic courses and, ultimately, it will be made available to the entire student body.

Law Clinics: the clinic courses give the students a valuable experiential learning opportunity that allows students a preview of what their future careers will hold while making them more attractive to potential employers. The clinics give students the opportunity to apply their knowledge on live case files that contain deeply personal and sensitive information about real people.

Representative Law Clinic courses...

  • Child & Family Clinic
  • Immigration Clinic
  • Worker's Rights Clinic
  • International Human Rights Clinic
  • Veterans Clinic
  • Wrongful Conviction Clinic
  • Criminal Prosecution Clinic
  • Civil Rights Restoration Clinic
Why we need to educate our law students in cyber security

Law Clinic Case files & Data Classification

From a data classification standpoint, the clinic case files contain the most sensitive data stored at the college. The college IT department provides the tools, infrastructure and consulting to support secure data handling but a system is only as robust as its weakest link - the people using the system. Cyber security in law is not formally covered in the existing college curriculum.

  • Students work under their faculty member's Bar license
  • Create a robust and consistent institutional voice on cyber security
  • We are not alone - colleagues at other institutions report the same challenges in their clinics

General Challenge: Society at large

Head in the sand when it comes to cyber security?

Specific Challenge: Law Culture in an academic setting

Cyber Security Culture in the Law Clinic Courses

"...but taking cyber security steps is an obstacle to productivity!"

Law Clinic students and faculty overcoming cyber security obstacles!

Mini-course Pedagogical Goals

  • students develop a broad sense of the cyber-security threats they will be facing as a practicing attorney
  • student understanding of ethical and legal responsibilities to protect attorney-client privilege in the Digital Age
  • recognition of the professional need to develop and incorporate the use of cyber-security best practices
  • an understanding encryption and how to make use of it as a tool to help protect attorney-client privilege

Practical Goals

Knowledge ---> Attitude ---> Behavior Relationship

The Theory of Planned Behavior states that attitude toward behavior, subjective norms, and perceived behavioral control, together shape an individual's behavioral intentions and behaviors.

Ajzen, I (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes. 50 (2): 179–211. doi:10.1016/0749-5978(91)90020-T.


  • students practice under Law Clinic faculty Bar licenses
  • demonstrate that the college has Law Clinic data security policies and procedures in place to meet university and regulatory body requirements
  • I am professionally responsible for the stewardship of Law Clinic case files


Law Clinic Cyber Security Student Survey & 3 Years of Working Experience

  • Survey: ~25% response rate - 16 total responses
  • Awareness
  • Attitude
  • Opinion

Notable Survey Results

  1. Have any of your courses at UA Law addressed attorney-client privilege best practices? 12/16 = Yes
  2. Have any of your courses at UA Law specifically focused on cyber-security best practices in relation to attorney-client privilege? 14/16 = No
  3. Are you aware of ethical or legal attorney-client privilege regulations/opinions issued by either the American Bar Association or the State Bar of Arizona? 9/16 = No
  4. Would you like to see more resources in your UA Law curriculum dedicated to cyber-security best practices? 15/16 = Yes

Mini-Course Design

Backward Design Model

A method of designing educational curriculum by setting goals before choosing instructional methods and forms of assessment. Backward design of curriculum typically involves three stages:

  1. Identify the results desired.
  2. Determine acceptable levels of evidence that support that the desired results have occurred.
  3. Design activities that will make desired results happen.

Wiggins, G., McTighe, J., & Association for Supervision and Curriculum Development. (2005). Understanding by design, expanded 2nd edition Association for Supervision and Curriculum Development.

Design Steps...

  1. Identified course-level objectives
  2. Created a series of cyber security topics
  3. Developed topic specific objectives that could be tied back to the course-level objectives
  4. Created assessments for each topic
  5. Created learning activities (video, readings, writing assignments) to support the assessments

Mini-course D2L modules

  • Understanding the Ecosystem - review the general landscape of cyber-security threats that you face in every day life.
  • Professional Responsibilities - two sub-modules 1.) the legal and ethical responsibilities as a practicing attorney as it relates to attorney-client privilege and 2.) during this module we will review ways to assess and improve your cyber-security posture as a practicing attorney and recognize the importance of developing this skill set.
  • Encrypt - two sub-modules 1.) how encryption works and how you can use encryption to protect case files that include sensitive data and 2.) learn how to encrypt a file and upload a file that you encrypted to the D2L Assignment Dropbox.
Developed with Gagne's 9 Events of Instruction in mind
  1. Gain attention
  2. Inform learners of objectives
  3. Stimulate recall of prior learning
  4. Present the content
  5. Provide “learning guidance”
  6. Elicit performance (practice)
  7. Provide feedback
  8. Assess performance
  9. Enhance retention and transfer to the job

Engaging Multimedia Examples...


  • Work with current Law Clinic students over the summer to refine the mini-course
  • Work with Law Clinic faculty over the summer to make sure that the mini-course is on target and make necessary adjustments
  • Launch mini-course the first week of Fall 2017 semester


  • Review D2L quiz scores
  • Survey Fall 2017 Law Clinic students
  • Re-assess the D2L mini-course with faculty

Future for this mini-course

  • Limitations
  • Build in D2L Competency as a prerequisite for students to obtain their Clio account
  • Eventually develop a semester-long cyber security and the practice of law course

Mini-course aspirations....

Effective Instructional Scaffolding will lead to positive cyber security behavior change as law students become practicing attorneys


Report Abuse

If you feel that this video content violates the Adobe Terms of Use, you may report this content by filling out this quick form.

To report a Copyright Violation, please follow Section 17 in the Terms of Use.