All posts in Training: Privacy Awareness

Privacy Training for Data Privacy Day

Daniel Solove
Founder of TeachPrivacy

Data Prviacy Data Privacy Awareness Training Courses 01

Data Privacy Day Logo 01

For Data Privacy Day this year, I’m happy to make available for the day two new short privacy training programs I created in collaboration with Intel.  Ordinarily, I require a login to view my training programs, but for this day, I have put them outside the wall for anyone to see.  So click on the programs below to watch them — I’ll keep them up through the weekend.  Then, they’ll go behind the wall, so you’ll need to request an evaluation login to see them afterwards.

NOTE: These programs are now no longer publicly available.  To see them, please contact us.

The first program is a short 2-minute awareness video about Data Retention.

The second program is an 8.5 minute program called Defining Personal Information.  It seeks to explain how to identify personal information, which is a tricky issue because what counts as personal information is not static and is contextual and contingent in some cases.

These programs were created for Intel with their collaboration.  Intel graciously allowed me to add generic versions of these programs to my training course library.   And in support of Data Privacy Day, Intel was encouraging of my making them publicly available.

I. Data Retention

Privacy Awareness Training Module - Data Retention

II. Defining Personal Information

Privacy Awareness Training Module - Defining Personal Information

Continue Reading

“Privacy”: A Unique Play Starring Your Smart Phone

Daniel Solove
Founder of TeachPrivacy

Privacy Awareness

I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City.  The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers.  Technology is adeptly woven into the play.  At many points during the production, audience members are asked to use their smart phones.  The script is entertaining and intelligent.  There is never a dull moment, and I was laughing throughout.  Continue Reading

Spot the Privacy and Security Risks Training Game

Daniel Solove
Founder of TeachPrivacy

Spot the Risks Privacy and Information Security Awareness Training

I’m pleased to announce a new training program:  Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete.  Trainees are asked to spot the risks in an office.  Feedback is provided about each risk so trainees learn many of the most important best practices.

Continue Reading

New Privacy and Security Awareness Training Programs

Daniel Solove
Founder of TeachPrivacy

security awareness training

I created some new training programs last year, and here are some of the highlights:

Security Training Malware -- Ransomware Attack

The Ransomware Attack (~5 mins)

This short program (~5 minutes) consists of an interactive cartoon vignette about malware.  The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches apply broadly to all malware.  The program focuses on how to avoid having malware installed on one’s computer and what to do (and not to do) if this ever happens.

Module Lifecycle of Personal Data 01

The Life Cycle of Personal Data (~ 15 mins)

This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data.  The course has 8 quiz questions. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.

Continue Reading

10 Implications of the New EU General Data Protection Regulation (GDPR)

Daniel Solove
Founder of TeachPrivacy

EU GDPR Training General Data Protection Regulation

EU Flag EU Privacy TrainingLast week, the EU issued the General Data Protection Regulation (GDPR), a long-awaited comprehensive privacy regulation that will govern all 28 EU member countries.  Clocking in at more than 200 pages, this is quite a document to digest.  According to the European Commission press release: “The regulation will establish one single set of rules which will make it simpler and cheaper for companies to do business in the EU.”

The GDPR has been many years in the making, and it will have an enormous impact on the transfer of data between the US and EU, especially in light of the invalidation of the Safe Harbor Arrangement earlier this year.  It will has substantial implications for any global company doing business in the EU.  The GDPR is anticipated to go into effect in 2017.

Here are some of the implications I see emerging from the GDPR as well as some questions for the future:

1. Penalties and Enforcement

Under Article 79, violations of certain provisions will carry a penalty of “up to 2% of total worldwide annual turnover of the preceding financial year.”  Violations of other provisions will carry a penalty of “up to 4% of total worldwide annual turnover of the preceding financial year.”  The 4% penalty applies to “basic principles for processing, including conditionals for consent,” as well as “data subjects’ rights” and “transfers of personal data to a recipient in a third country or an international organisation.”

These are huge penalties.  Such penalties will definitely be a wake-up call for top management at companies to pay more attention to privacy and to provide more resources to the Chief Privacy Officer (CPO).  Now we can finally imagine the CEO at a meeting, with her secretary rushing over to her and whispering in her ear that the CPO is calling.  The CEO will stand up immediately and say: “Excuse me, but I must take this call.  It’s my CPO calling!”

EU Privacy Training Money

To date, EU enforcement of its privacy laws has been spotty and anemic, so much so that many characterize it as barely existent.  Will the new GDPR change enforcement?  With such huge fines, the payoff for enforcement will be enormous.  We could see a new enforcement culture emerge, with more robust and consistent enforcement.  If privacy isn’t much of a priority of upper management at some global companies, it will be soon.

Continue Reading

New Resource Page: Privacy and Security Training Requirements

Daniel Solove
Founder of TeachPrivacy

Privacy and Security Training Requirements 02

by Daniel J. Solove

I have created a new resource page for the TeachPrivacy website:  Privacy and Security Training Requirements.

Continue Reading

Why We Should Persuade and Train with Stories

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

 

Once upon a time, there was a teacher who wanted to train people. At first, the teacher stated a list of things to do and not do. But this had little effect. The teacher was upset and started to doubt whether he could ever get through to people. But then the teacher tried a new approach – using stories. People remembered the stories, and the training started to change people’s behavior. And the teacher and everyone he taught lived happily ever after.

Continue Reading

Burn Before You Learn or Learn Rather than Burn

Daniel Solove
Founder of TeachPrivacy

title image

By Daniel J. Solove

It seems as though every week brings news of another batch of data breaches . . . and they’re getting bigger. Target. Home Depot. Sony. Anthem. The list goes on and on.

The costs of many of these breaches are devastatingly large. And yet most data breaches are readily preventable. After reviewing more than 1,000 data breaches from 2014, the Online Trust Alliance (OTA) found that more than 90% of them could have been avoided.

Continue Reading

The $500,000 Value of Data Security Awareness Training

Daniel Solove
Founder of TeachPrivacy

data security awareness training

by Daniel J. Solove

It has long been difficult to quantify the ROI of data security awareness training.

But finally, I have been able to locate a number. According to a 2014 PricewaterhouseCoopers study: “The financial value of employee awareness is even more compelling. Organizations that do not have security awareness programs—in particular, training for new employees—report significantly higher average financial losses from cybersecurity incidents. Companies without security training for new hires reported average annual financial losses of $683,000, while those do have training said their average financial losses totaled $162,000.”

Continue Reading

The Privacy Pillory and the Security Rack: The Enforcement Toolkit

Daniel Solove
Founder of TeachPrivacy

privacy pillory

law blog 2

by Daniel J. Solove

Are privacy and security laws being enforced effectively? This post is post #2 in a series called Enforcing Privacy and Security Laws. See the end of this post for links to other posts in this series.

What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.

Continue Reading

The Best Preventative Medicine for Health Data Breaches

Daniel Solove
Founder of TeachPrivacy

data breach 1

by Daniel J. Solove

Last week, I gave a keynote address at a conference called Safeguarding Health Information: Building Assurance through HIPAA Security, sponsored by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). I’d like to summarize my remarks here for anyone interested who wasn’t able to attend.

Continue Reading

Why the C-Suite Should Have Coffee with the Privacy and Security Officers Every Week

Daniel Solove
Founder of TeachPrivacy

 

c suite blog 1

by Daniel J. Solove

As I discussed in a previous post, the two key things that organizations can do to prevent data incidents can be summed up in a simple rhyme:

The C-Suite must care

The workforce must be aware

In this post, I want to focus on the “C-Suite” – a term used for the upper management of an organization, its top officers.

The C-Suite must care about data security.

But far too often, the C-Suite doesn’t fully appreciate the risks and could use a better understanding of the law.

Continue Reading

The 2 Essential Ways to Prevent Data Breaches

Daniel Solove
Founder of TeachPrivacy

data breach post 1

by Daniel J. Solove

We’re in the midst of a crisis in data protection. Billions of passwords stolen. . . Mammoth data breaches. . . Increasing threats. . . Malicious hackers . . . Continue Reading

Follow Professor Solove on Social Media

Daniel Solove
Founder of TeachPrivacy

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:

Professor Solove’s LinkedIn Influencer blog

LinkedIn Influencer 02 You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.”  He blogs about various privacy and data security issues. His blog has more than 600,000 followers.

LinkedIn Influencer 01

*    *    *    *

Professor Solove’s Twitter Feed

Twitter 01Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.

*    *    *    *

Professor Solove’s Newsletter

Newsletter 01Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.

*    *    *    *

Professor Solove’s LinkedIn Discussion Groups

Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:

Privacy and
Data Security
HIPAA Privacy
and Security
Education Privacy
and Data Security
Image Group LinkedIn Logo Education Privacy 01 Image Group LinkedIn Logo HIPAA 01 Image Group LinkedIn Logo Privacy Security 01

The Most Effective Factor in Education

Daniel Solove
Founder of TeachPrivacy

most effective education blog 1

by Daniel J. Solove

I’ve been a teacher for the past 15 years, and I’ve taught in several mediums including live classes and computer-based e-learning. I have come to the conclusion that the most effective factor in education and training is fostering emotional investment.

Simply put, students must care about learning the material. The more they care, the more they learn.

The notion of getting emotional investment from students might sound like simple common sense, but it is often not done …and often not even attempted.

Continue Reading

A List of Privacy Training and Data Security Training Requirements in Laws, Regulations, and Industry Codes

Daniel Solove
Founder of TeachPrivacy

Privacy Writing 04by Daniel J. Solove

I was recently asked whether I had a list of the various laws, regulations, and industry codes that require privacy and/or data security training.  I know about a number of training requirements, but didn’t have a formal list.  I realized that such a list would be useful, so I created one with the help of Joe Newman, a former student who now does some work for my company. 

The PDF is here.  It provides information about each requirement, citations, and quotations of the relevant provisions.  Below is a summary.   If there are any training requirements we missed, please let me know.

Continue Reading

Higher Education Needs Privacy Officers and Privacy/Security Training

Daniel Solove
Founder of TeachPrivacy

Climbing Vines of Ivyby Daniel J. Solove

In 2007, Seung Cho, a student at Virginia Tech, killed 32 students and faculty and wounded 17. He then committed suicide.

One of the most troublesome things about this incident was that it might have been prevented if school officials and employees had a better grasp of privacy law. Appointed by the state governor, the Virginia Tech Review Panel issued an extensive report revealing that several University officials and employees knew about Cho’s mental instability but failed to share what they knew with each other. And nobody ever told Cho’s parents about his problems, his stalking of a female student, and his dark writings and erratic behavior. Cho’s parents said that if they had known, they would have taken him home and made him go to therapy. This is what they did when Cho had problems in high school.

Continue Reading

New Privacy Training Programs: US, EU, and Global Privacy Law

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

We have launched several new privacy training programs, including a series with brief introductions to privacy law.  We have completed a privacy training program about US Privacy Law with a video and interactive material / quiz questions.  And we just completed a training program about EU Privacy Law.  This program has a 7.5 minute video (as well as an abridged version at 4.5 minutes), and there’s a separate excerpt on the Safe Harbor Arrangement for those who only want to cover Safe Harbor in their training programs.

These programs are illustrated-as-I-talk.  You can preview the European Union Privacy Law video.

Coming soon: Global Privacy Law, which will focus heavily on the OECD Privacy Guidelines and  the APEC Privacy Framework.

European Union Privacy Training

 

 

New Financial Privacy Training Programs

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

We have begun producing a new program series about financial privacy.  The first two programs are completed.

The first part is an overview video that discusses the importance of financial privacy and the various laws and regulations that regulate.  These laws and regulations are discussed very broadly.  The video concludes with some key best practices for protecting financial data.  This video is made in a unique style — an animated piece of currency.

The second program focuses on the Gramm-Leach-Bliley Act (GLBA).  The video discusses the GLBA’s scope, notice, confidentiality, data sharing, and security.  The video also explains why protecting the privacy and security of financial data is important.

Gramm-Leach-Bliley Act Privacy Training GLBA

There are interactive materials and quiz questions to accompany the video.

Privacy and Security Training: Why Train? What Is Effective?

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

I recently presented at the ABA Antitrust Spring Meeting about privacy and data security training on a panel called “Compliance Tools for In-House Chief Privacy Officers.” I discussed why all organizations should have privacy training and what makes privacy training effective. I thought I’d share with you the gist of my talk.

Why Train?

The short answer – an ounce of prevention is worth a pound of cure. Privacy and security incidents can leave gaping wounds, and training can reduce the risk.

Continue Reading

New Privacy by Design Training Video

Daniel Solove
Founder of TeachPrivacy

I recently created this 2-minute comical cartoon vignette to teach about the importance of privacy and apps.  Far too often, apps are not designed with privacy in mind, and people install apps without considering the privacy implications.

More About Apps and Privacy

FPF & CDT, Best Practices for Mobile App Developers

Pew Internet Survey, Privacy and Data Management on Mobile Devices

TRUSTe, Get a Privacy Policy for Your Mobile App

FTC, Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing

New York Times Bits Blog, Consumers Say No to Mobile Apps That Grab Too Much Data

Washington Post Post Tech Blog, App Developers, Privacy Advocates Work Out Suggestions for Policy Disclosure

* * * *

This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of training on privacy and security topics.  This post was originally posted on his blog at LinkedIn, where Solove is an “LinkedIn Influencer.” His blog has more than 600,000 followers.

If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* Professor Solove’s LinkedIn Influencer blog
* Professor Solove’s Twitter Feed
* Professor Solove’s Newsletter

Please join one or more of Professor Solove’s LinkedIn Discussion Groups:
* Privacy and Data Security
* HIPAA Privacy & Security
* Education Privacy and Data Security

Educational Institutions and Cloud Computing: A Roadmap of Responsibilities

Daniel Solove
Founder of TeachPrivacy

by Daniel J. Solove

Increasingly, educational institutions and state entities handling student data are hiring outside companies to perform cloud computing functions related to managing personal information.

The benefits of cloud computing are that outside entities might be more sophisticated at managing personal data. These entities may be able to manage data more inexpensively and effectively than the educational institution could do itself. In many cases, cloud computing providers can provide better security than the educational institutions can.

Continue Reading