Privacy Awareness and Training (PAT)

Best Practices

  • Create a visibility over how employees of the organization get exposed to the personal information in each process, function, project and operation
  • Evaluate the state of awareness of the organization in respect of privacy, privacy principles, privacy regulations and preparedness
  • Identify the awareness and training requirements considering the criticality of data, the legal and compliance requirements, and the liabilities that the organization can face in case of a data breach
  • Identify the target audiences that need to be covered by the Privacy Awareness and Training program.
  • Design the Privacy Awareness and Training program that incorporates elements such as: Privacy principles, Data protection regulations, Legal liabilities of the organization and its employees, Do’s and Don’ts for privacy, Principles of due care, Privacy specific incident reporting.
  • Ensure that an adequate level of understanding exists about different terminologies used for the personal information like ‘Sensitive Personal Information’, ‘Personally Identifiable Information’, ‘Personal Health Information’, and ‘Non-Public Personal Information’.
  • Ensure that the organization’s business process owners, functions and operations have a fair level of understanding about the applicable privacy principles and their implications
  • Identify all the communication and collaboration channels and platforms that are used in the organization. Devise a strategy for utilizing these channels and platforms for creating privacy awareness
  • Incorporate privacy in the learning management system of the organization. An organization can deploy the privacy modules on their own learning management system or avail the services of professional bodies
  • Ensure that there exists a routine schedule to convey privacy specific messages across the organization
  • Ensure that there exists a mechanism that regularly assesses the privacy awareness of the organization
  • Ensure that the service providers, with whom an organization exchanges personal information, has a privacy awareness and training program

DSCI Privacy Framework