effective privacy training - international association of privacy … · 2014-04-28 · “in order...
TRANSCRIPT
![Page 1: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/1.jpg)
Effective Privacy Training: Building Accountability
Fazila Nurani, B.A.Sc. (E.Eng.), LL.B., CIPP/C, CISA
IAPP Canada Privacy Symposium
Networking Session
May 8, 2014
![Page 2: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/2.jpg)
Empowering Organizations to Minimize Privacy Risks
Objectives
• In this session we will discuss:
Privacy training in the context of the accountability
framework.
The adult learner and learning styles.
A learner-centric approach to privacy training.
The buy-in required to effectively roll out privacy e-
learning.
Practical tips for raising privacy awareness – beyond
formal training.
![Page 3: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/3.jpg)
Empowering Organizations to Minimize Privacy Risks
Accountability Framework
![Page 4: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/4.jpg)
Empowering Organizations to Minimize Privacy Risks
Training is Key to Building Accountability
“In order for a privacy management program to be
effective, employees must be actively engaged in
privacy protection. They need to be educated in
privacy protection generally, and for those who handle
personal information directly, they will need additional
training specifically tailored to their roles. Training
and education need to be recurrent, and the content of
the program needs to be periodically revisited and
updated to reflect changes.”
![Page 5: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/5.jpg)
Empowering Organizations to Minimize Privacy Risks
The Adult Learner
• Autonomous and self-directed.
• Goal oriented.
• Have accumulated life experiences and
knowledge.
• Relevancy oriented.
• Practical.
![Page 6: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/6.jpg)
Empowering Organizations to Minimize Privacy Risks
Understanding Learning Styles
![Page 7: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/7.jpg)
Empowering Organizations to Minimize Privacy Risks
Make No Assumptions…
![Page 8: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/8.jpg)
Empowering Organizations to Minimize Privacy Risks
The Four Critical Elements of Learning
1. Motivation.
2. Reinforcement.
3. Retention.
4. Transference.
![Page 9: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/9.jpg)
Empowering Organizations to Minimize Privacy Risks
E-Learning vs. Classroom Training
Interactive Accessible
Customized Standardized
Experiential Efficient
Enjoyable, social Cost savings
FOCUSED ATTENTION PRACTICAL
Consider using blended learning opportunities…
![Page 10: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/10.jpg)
Empowering Organizations to Minimize Privacy Risks
Buy-in Required for E-Learning
INSTRUCTOR (provides strong
content)
COURSE DEVELOPER
(addresses e-learning
principles)
ORGANIZATION (funds development of
the course)
HIRING ENTITY
(recognizes training via e-
learning)
STUDENT
(willingly takes the course)
![Page 11: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/11.jpg)
Empowering Organizations to Minimize Privacy Risks
Privacy “Awareness”
Beyond formal training:
• Fun privacy awareness initiatives.
• Targeted messaging based on areas of risk.
• Contests, quizzes, awards.
• Lunch and learns, awareness weeks…
![Page 12: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/12.jpg)
Empowering Organizations to Minimize Privacy Risks
Privacy Posters (Leaking Information)
infosecuritylab.com
![Page 13: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/13.jpg)
Empowering Organizations to Minimize Privacy Risks
Privacy Posters (Strong Passwords)
![Page 14: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/14.jpg)
Empowering Organizations to Minimize Privacy Risks
Other Security Related Posters
![Page 15: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/15.jpg)
Empowering Organizations to Minimize Privacy Risks
The Learning Pyramid
![Page 16: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/16.jpg)
Empowering Organizations to Minimize Privacy Risks
Assessment of Learning
• What do you want the learning outcomes to be?
• How success will be measured is an important
part of program development.
• Indicators: Short term – the learning occurs.
Medium term – there is a change in behaviour.
Long term – there is a change in culture.
Resource: Complete Guide to Security and
Privacy Metrics by Debra S. Herrmann
![Page 17: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/17.jpg)
Empowering Organizations to Minimize Privacy Risks
To Sum Up Adult Learning
• Blended learning to avoid frustration/boredom.
• Adult learning programs should: Meet the needs of the learner.
Enable learners to share their experiences.
Enable learners to learn from each other.
- Sharan Merriam
Professor of Adult Education, University of Georgia
![Page 18: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/18.jpg)
Empowering Organizations to Minimize Privacy Risks
The Learner-Centered Approach
“It is not whether we can meet the same learning outcomes with technology, but how do we use the technologies to enrich the experience, and go beyond what can be done in the face-to-face environment.” Source: No Significant Difference Phenomenon (2001) By: Thomas L. Russell Visit: http://www.nosignificantdifference.org/
![Page 19: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/19.jpg)
Empowering Organizations to Minimize Privacy Risks
Useful Links
• Sample e-learning courses: • PrivaTech privacy e-learning course (licensing model):
• http://www.privalearn.ca
• Sunnybrook Health Sciences Centre: • http://podcasts.sunnybrook.ca/ClinicalClerks/EPR_Course/player.html
• Course authoring tools to start from scratch: • www.udutu.com
• www.articulate.com
• www.suddenlysmart.com
![Page 20: Effective Privacy Training - International Association of Privacy … · 2014-04-28 · “In order for a privacy management program to be effective, employees must be actively engaged](https://reader034.vdocuments.net/reader034/viewer/2022043015/5f3839edf0207739341cfe84/html5/thumbnails/20.jpg)
Questions…?
Empowering Organizations to Minimize Privacy Risks
Contact:
Fazila Nurani
905-886-0751