Lesson Plan

• Describe key concepts of personal data, security, confidentiality, integrity and availability.
• Explain why personal data security is important and identify common threats.
• Apply appropriate technical and organisational controls to protect personal data.
• Classify personal data using standard classification levels and select suitable safeguards.
• Evaluate legal obligations (e.g., GDPR) and best practices for individuals.

• Projector and screen
• Slide deck covering data security concepts
• Handout with data‑classification table and checklist
• Sample phishing‑email examples
• Password‑manager demo (software or website)
• VPN client for demonstration
• Whiteboard and markers

Begin with a recent headline about a major data breach to capture interest. Ask students what they already know about passwords and online privacy. Explain that by the end of the lesson they will be able to describe key security concepts, classify personal data, and recommend practical safeguards.

1. Do‑now (5’) – Students write on sticky notes one recent data‑breach story they have heard.
2. Mini‑lecture (10’) – Present definitions (personal data, security, confidentiality, integrity, availability) and why they matter.
3. Threats gallery walk (10’) – Small groups examine sample phishing emails and identify the tactics used.
4. Data‑classification activity (10’) – Using the handout, classify a list of data items into Public, Internal, Confidential, or Secret.
5. Technical‑controls demo (10’) – Show encryption (AES‑256), MFA setup, and VPN use on the projector.
6. Legal & organisational discussion (10’) – Brief overview of GDPR duties, DPIAs, and staff‑training requirements.
7. Quick quiz (5’) – Exit ticket with three short questions covering key concepts.

Recap the main points: definitions, common threats, classification levels, and core technical and legal controls. Collect the exit tickets to gauge understanding, and assign a homework task to create a personal data‑security checklist for their own devices.