8. Sustain: Training and Awareness

Question 1

Training vs. Awareness

Answer 1

Training - Communicates an organization’s privacy message, policies, and process to motivate retention.

Awareness - Reinforces lessons learned in training through diverse methods.

Inadequate Training & Awareness Consequences:
- Non-compliance w/ laws and regulations
- mishandling of PII
- Reputational Harm

Question 2

Training Must Do:

Answer 2

• Address applicable laws
• Identify potential violations
• Address privacy complaints and misconduct
• Proper reporting procedures and consequences for violating laws
• Require acknowledgement

Question 3

Method and Delivery Options: Training vs. Awareness

Answer 3

Training
- In-Person or Virtual Instruction
- Self-led e-learning modules
- Simulators
- Just-In-Time Information

Awareness
- Newsletters
- Email Reminders
- Intranet Announcements
- Posters, Stickers, Signage
- Privacy Day Post

Question 4

Steps to Create a Privacy Program

Answer 4

• Ensure a Privacy Policy exists and is up to date
• Ensure employees are trained on the Privacy Policy
• Ensure training records exist
• Use metrics to measure results
• Update training based on feedback & compliance changes
• Reinforce learning with awareness activities

Question 5

Privacy Training Best Practices

Answer 5

• Partner with the Training/HR department
• Make it fun and customized to participants
• Use motivators like digital badges
• Ensure all new employees are trained
• Ensure repeat training is provided
• Solicit feedback

Question 6

Benefits of Creating a Privacy Program

Answer 6

• Establishing a common understanding of privacy
• Reducing human error
• Considering Privacy Up Front
• Improving customer interactions
• Expanding privacy office eyes and ears
• Changing the conversation