Privacy Awareness and Training (PAT)
- Create a visibility over how employees of the organization get exposed to the personal information in each process, function, project and operation
- Evaluate the state of awareness of the organization in respect of privacy, privacy principles, privacy regulations and preparedness
- Identify the awareness and training requirements considering the criticality of data, the legal and compliance requirements, and the liabilities that the organization can face in case of a data breach
- Identify the target audiences that need to be covered by the Privacy Awareness and Training program.
- Design the Privacy Awareness and Training program that incorporates elements such as: Privacy principles, Data protection regulations, Legal liabilities of the organization and its employees, Do’s and Don’ts for privacy, Principles of due care, Privacy specific incident reporting.
- Ensure that an adequate level of understanding exists about different terminologies used for the personal information like ‘Sensitive Personal Information’, ‘Personally Identifiable Information’, ‘Personal Health Information’, and ‘Non-Public Personal Information’.
- Ensure that the organization’s business process owners, functions and operations have a fair level of understanding about the applicable privacy principles and their implications
- Identify all the communication and collaboration channels and platforms that are used in the organization. Devise a strategy for utilizing these channels and platforms for creating privacy awareness
- Incorporate privacy in the learning management system of the organization. An organization can deploy the privacy modules on their own learning management system or avail the services of professional bodies
- Ensure that there exists a routine schedule to convey privacy specific messages across the organization
- Ensure that there exists a mechanism that regularly assesses the privacy awareness of the organization
- Ensure that the service providers, with whom an organization exchanges personal information, has a privacy awareness and training program
DSCI Privacy Framework