CH 7 - Training & Awareness

Question 1

What do Training & Awareness programs do?

Answer 1

1) Communicate privacy policies and procedures,
2) change bad behaviors and
3) reinforce good ones.

Question 2

What is the difference between training and awareness?

Answer 2

Awareness reinforces lessons learned during training.

Question 3

What is training?

Answer 3

Communicates the organization’s privacy message, policies and processes, including for data usage and retention, access control and incident reporting, and motivates individuals to retain and follow that information.

Training incorporates measurable outputs and outcomes via attendance and assessment metrics.

Question 4

Who needs training?

Answer 4

Staff, management, contractors and third parties - anyone who handles personal information on behalf of the organization.

Question 5

How to engage employees in privacy training?

Answer 5

Use motivators, incentives (e.g., iPad) and even internal competition.

Question 6

How do accountability obligations apply to training?

Answer 6

Recording who did the training and when.

Question 7

• Number of training or awareness opportunities by topic
• Number of individuals who enrolled or received awareness communication
• Training method
• Percent of training completed
• Results of quizzes or knowledge tests
• Changes to the number of privacy incident reports or requests for consultation or additional training

Answer 7

Sample training metrics