Training and Awareness Flashcards
Which members of an organization need privacy training?
By default, the training should include anyone who handles personal information on behalf of the organization.
What is the difference between training and awareness?
Training communicates an organization’s privacy message, policies and processes, and motivates individuals to retain and follow that information. It incorporates measurable outputs and outcomes via attendance and assessment metrics.
In contrast, awareness activities reinforce lessons learned in training through diverse methods
What are Privacy Champions?
Executives who serve as privacy program sponsors and act as advocates to further foster privacy as a core organizational concept. Privacy champions help organizations maximize resources, make privacy concerns relevant and can help fellow employees understand the rules for processing personal data.
What are common mistakes regarding privacy training and awareness efforts?
Not covering the basics
o Not giving employees proper rules for handling and processing personal data, e.g., acceptable use policies (AUP)
o Assuming everyone is as conscientious about privacy issues and current topics as privacy professionals are
o Thinking one communication channel is sufficient; some concepts must be explained in multiple ways and repeated several times
o Not effectively using a past incident as a learning opportunity
Which high-level steps may be used to create a privacy training program?
o Ensure a privacy policy exists and is up to date
o Ensure employees are trained on the policy
o Ensure training records exist
o Use metrics to measure results
o Update the training based on feedback and changes to compliance obligations
o Reinforce learning with awareness activities