The Top 5 Mistakes of Privacy Awareness Programs
“The Top 5 Mistakes of Privacy Awareness Programs”
IDG News Service (02/08/10) ; Cline, Jay
Every regulation that mandates that reasonable actions be taken to secure data requires organizations to establish training programs to help workers better understand those measures. There are five potential compliance shortcuts that organizations could take instead of making the most of the opportunity to make sure that workers really understand how to protect data. One shortcut is doing separate training for privacy, security, ethics, and records management, which can result in employees receiving mixed and sometimes contradictory messages. Another is confusing an awareness campaign with genuine training. Third, organizations may hold a few PowerPoint presentations and put up some posters, thinking this is a sufficient privacy and security training program, and neglect role-based training to help smaller groups understand what they need to do to carry out larger policy goals. A fourth shortcut is failing to use all available multimedia outlets—posters, PowerPoint presentations, big-screen televisions, podcasts, etc.—to reach employees. And lastly, organizations may neglect to measure the impact of their employee training program on inside breaches and other serious threats to security.
(Link to Source/Publication)
