4 hours 7 minutes
Welcome to lesson 3.3 govern awareness and training.
So in this video we will cover the government function awareness and training and look at topics that should be covered in privacy training
So awareness and training. What you're looking at basically is how your workforce and third parties that are engaged in data processing are provided privacy awareness, education and training related to their duties and responsibilities in regard to privacy risk.
So really there are four subcategories here because each subcategories focused on a different element of your workforce. So P1 is looking at your workforce in general and making sure um that those that have privacy
basically that people are trained on privacy and know their roles and responsibilities in regard to privacy risk. With P. Two, this is ensuring that even senior executives are given uh some form of training regarding privacy awareness
and that they know their roles and responsibilities.
This kind of goes back to what we talked about in the beginning of the government function regarding accountability. Um That way when people know what their roles and responsibilities are. Um There aren't issues down the line of someone saying I didn't know that. Um So you want to make sure each level that the training is tailored to what those roles and responsibilities are. Even with P. Three looking at
um privacy personnel and them understanding their roles and responsibilities in their nuanced roles regarding privacy risk management. And even sometimes that you have training for your third parties that are processing personal data on your behalf from service providers to customers and partners
and making sure that they understand their roles and responsibilities.
So if you're looking at training that you would give to your workforce or senior executives are those um that have privacy risk management responsibilities within your organization. These are just a few of the topics that you could cover in your privacy training program.
You conclude training on best practices for data protection and management,
um compliance with privacy policies um For uh your I. S. Staff, you can include training on software patching um for your entire organization. It may be a good idea to include training on social engineering um so that people are aware of what to look for, whether they receive a phone call or get something through email. Um So they can ascertain whether or not it truly is um a real email um that it's a real person asking for the information or someone looking to get information so that they can hack or get access to information that they shouldn't have access to. As well as privacy training, possibly on identity theft.
Um phishing email scams is always a good one to do with your entire enterprise.
Um And it's actually something that you could do on possibly even a quarterly basis. Um So that your staff becomes more aware of what to look for in a phishing email as well as privacy training on passwords and making sure that they're keeping those secure, not sharing them with others in their team or in the enterprise
um As well as safe browser use and screen lock
that if they get up and leave their death to make sure that they're locking their screen, especially if they work in a business function where they're dealing with a lot of personal data, whether that's finance or customer service and then finally making sure that your staff are aware of how to report an incident um like that. Sometimes uh incidents can happen within the organization, so making sure that there's a phone number or an email address um or that your staff is aware of what the process is on reporting an incident becomes really important. So these are just a few of the areas that you can cover in your privacy training program. There are also others that you can look into whether you're purchasing training from a third party provider or creating training for yourself.
So in this video we reviewed subcategories of the government function training and awareness category. And then we discuss topics to cover in a comprehensive privacy training and awareness program. So I hope you'll join me as we get into the final video before moving into module number four.
NIST 800-53: Introduction to Security and Privacy Controls
This course will provide Executives, Assessors, Analysts, System Administrators and students with the foundational knowledge ...
2 CEU/CPE Hours Available
Certificate of Completion Offered
CIS Top 20 Critical Security Controls
This course will provide students with an overview of the CIS Top 20 Critical Security ...
4 CEU/CPE Hours Available
Certificate of Completion Offered