Tuesday, February 9, 2010

Top Five Mistakes of Privacy Training Programs

I won't prattle on about the breach of 50,000 Californians' SSNs along with their names and addresses inadvertently sent out last week by the Cal Dept of Health. The envelopes actually had the SSNs printed on the envelopes sent to some 50,000 recipients of health care aid. Anyone who can't reach out to their own comprehensive identity theft restoration service and avoid identity theft and the fallout from records entries should be ashamed.

Instead I will report the following...
Good intentions aside, many companies are missing the opportunity to effectively train employees on data protection. "Many corporations have adopted a check-box approach toward compliance" with the obligations set out in various data protection regulations, says Jay Cline, CIPP, in a Computerworld article. Cline says common mistakes that companies make include separating rather than melding privacy, security and records management and ethics training; using too few communications channels; and failing to measure training effectiveness. "Employee training is probably the most important component of an information risk management process," he writes. "Yet few companies actually measure..."

Full Story