The top 5 mistakes of privacy awareness programs
The top 5 mistakes of privacy awareness programs: Via Computerworld Privacy News.
Privacy consultant Jay Cline identifies the errors companies often make when trying to educate employees about data protection.
The Health Insurance Portability and Accountability Act requires it. The Payment Card Industry Data Security Standard requires it. The ISO 27001 standard requires it. In fact, every regulation that mandates that reasonable measures be taken to protect information implicitly requires companies to set up training programs to help employees understand what those measures are.
But what does training actually mean?
Many corporations have adopted a check-box approach toward compliance with this obligation. Here are five shortcuts I see them taking instead of using the opportunity to ensure that employees really know how to protect information.
1. Doing separate training for privacy, security, records management and ethics. Do you get one message from your chief privacy officer, one from your chief information security officer, and an annual sign-off on the code of ethics from your legal department? You're not alone. In large companies, the people responsible for specific functions don't want to dilute their messages by mixing them with related topics. So they each go their own way with training and awareness. The result is confused employees who just want one place to go to learn the do's and don'ts of information management.
2. Equating campaign with program. When executives get money to spend on "soft" projects like privacy training, the natural first step is to launch an awareness campaign. Some deploy computer-based training modules. Once they do that, they might think that they have a program in place. But there's a difference between hitting employees with one or two messages a year and surrounding them with reminders that the policies are real, have teeth and are baked into the culture. A true training program has an annually refreshed calendar of messages and training for different employee groups throughout the year.
[...]
Read Original Article:(Via Computerworld Privacy News.)
Twitter
Digg
StumbleUpon
Technorati
del.icio.us
Facebook
Furl
LinkedIn
YahooRecent blog posts
- In Bid to Sway Sales, Cameras Track Shoppers
- Unprecedented 25-Year Sentence Sought for TJX Hacker
- EFF Appeals Dismissal of Warrantless Wiretapping Case
- Viacom Makes Its Case Against Yesterday's YouTube
- Obama supports Senators draft plan to rework U.S. immigration policy - Includes National Biometric ID card for all.
- Domain Names Can't Defend Themselves
- Hacker Disables More Than 100 Cars Remotely
- Judges Approves $9.5 Million Facebook ‘Beacon’ Accord
- Hooking Up The Big Brother Machine... And Fighting It
- Court: State Can Dump Non-Sex Offenders Into Registry
