I created some new training programs last year, and here are some of the highlights:
The Ransomware Attack (~5 mins)
This short program (~5 minutes) consists of an interactive cartoon vignette about malware. The program is highly interactive, and trainees engage with a scenario involving ransomware. Although this program involves ransomware, the lessons it teaches apply broadly to all malware. The program focuses on how to avoid having malware installed on one’s computer and what to do (and not to do) if this ever happens.
The Life Cycle of Personal Data (~ 15 mins)
This privacy awareness training course (~ 15 minutes) is a highly-interactive overview of privacy responsibilities and protections regarding the collection, use, and sharing of personal data. The course has 8 quiz questions. The course tracks the life cycle of personal data, starting from when it is collected or created. The course concludes with a discussion of data retention and destruction.
Global Privacy and Data Protection
(Condensed Version ~ 20 mins)
(the full-length version is ~30 minutes long)
The Global Privacy and Data Protection training program is designed to provide basic privacy awareness training to the workforce of global organizations. The course synthesizes privacy concepts and explains them simply — in a manner that will work in many different countries. This program provides an overview of privacy principles and regulations and focuses on key concepts.
Social Engineering: Spies and Sabotage (~7 mins long)
This is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and scams. Key points are applied and reinforced with 4 scenario quiz questions. The course is fast, lively, and very interactive.
Data Security Breach (~5.5 mins long)
This is a short module (~5.5 minutes long) that consists of a short video and 4 quiz questions. The module can stand alone as a short awareness piece or be fused with other topics in a longer security awareness training program. The program discusses the causes and consequences of breaches, as well as the importance of early detection and reporting anything suspicious to one’s organization.
Privacy, Risk, and Trust (~5.5 mins)
This short course is a highly-interactive introduction to why protecting privacy is important. The course promotes privacy awareness by discussing the risks to organizations in failing to protect privacy and how protecting privacy fosters trust and improves relationships with people.
This privacy training program covers vendor management issues when data is shared with third party vendors. In particular, the program discusses due diligence in selecting third party vendors and the types of data protections that should be included in the contract with the vendor.
HIPAA Privacy: Psychotherapy Notes (~3 mins)
The video (~3 minutes) explains the special rules that HIPAA provides for psychotherapy notes. It explains the definition of “psychotherapy notes,” how they must be kept, restrictions on disclosure without authorization, and how patient access rights are limited. The interactive quiz (~2 minutes) tests on and reinforces the lessons in the video.
If you’re interested in potentially using any of these courses, please let me know. I’d be delighted to send you an evaluation login to see it.
HIPAA AHIMA Courses
I produced a 3-course series on the HIPAA for the AHIMA. The courses are designed to provide a roadmap to the HIPAA Privacy and Security Rules.
Safeguarding PHI (~1 hour)
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. This post was originally posted on his blog at LinkedIn, where Solove is a “LinkedIn Influencer.” His blog has more than 900,000 followers.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 24-26, 2016 in Washington, DC), an annual event that aims to bridge the silos between privacy and security.