Security and Privacy Training Requirements Guide
Many laws, regulations, and industry codes require privacy awareness training and/or data security awareness training. These include:
- International Laws – including GDPR and Personal Information Protection and Electronic Document Act (PIPEDA)
- US Federal Laws, Regulations, and Treaties – including HIPAA Privacy and Security Rules, Gramm-Leach-Bliley Act (GLBA), FACTA – FTC Red Flags Rule, Federal Information Security Management Act (FISMA), Federal Acquisitions Regulation, and EU-US Privacy Shield Framework
- US State Laws and Regulations – including New York Cybersecurity Regulation, Texas Health Privacy Law, and Massachusetts Data Security Law
- Standards and Industry Codes – Payment Card Industry Data Security Standard (PCI-DSS), ISO/IEC 27002, and NIST Special Publication 800-53 (Revision 4)
This Security and Privacy Training Requirements Guide, written by Professor Daniel Solove, will walk you through a brief description of each requirement with excerpts of the relevant provisions.
Please provide the required information below to access the PDF.