by Daniel J. Solove
I have created a new resource page for the TeachPrivacy website: Privacy and Security Training Requirements.
This page lists the requirements for privacy and information security training in laws, regulations, and industry codes. I provide a brief summary of each requirement as well as relevant excerpts from the texts of these provisions.
FEDERAL LAWS AND REGULATIONS
— FTC Red Flags Rule
STATE LAWS AND REGULATIONS
— Texas Health Privacy Law
— Massachusetts Data Security Law
— PCI DSS
— NIST 800-53
— ISO/IEC 27002
— US-EU Safe Harbor Arrangement
— Canada’s PIPEDA
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 21-23 in Washington, DC), an event that aims to bridge the silos between privacy and security.