For Data Privacy Day this year, I’m happy to make available for the day two new short privacy training programs I created in collaboration with Intel. Ordinarily, I require a login to view my training programs, but for this day, I have put them outside the wall for anyone to see. So click on the programs below to watch them — I’ll keep them up through the weekend. Then, they’ll go behind the wall, so you’ll need to request an evaluation login to see them afterwards.
NOTE: These programs are now no longer publicly available. To see them, please contact us.
The first program is a short 2-minute awareness video about Data Retention.
The second program is an 8.5 minute program called Defining Personal Information. It seeks to explain how to identify personal information, which is a tricky issue because what counts as personal information is not static and is contextual and contingent in some cases.
These programs were created for Intel with their collaboration. Intel graciously allowed me to add generic versions of these programs to my training course library. And in support of Data Privacy Day, Intel was encouraging of my making them publicly available.
I. Data Retention
II. Defining Personal Information
I created this cartoon to illustrate the fact that despite the increasing risk that privacy violations pose to an organization, many organizations are not increasing the funding and resources devoted to privacy. More work gets thrown onto the shoulders of under-resourced privacy departments.
It is time that the C-Suite (upper management) wakes up to the reality that privacy is a significant risk and an issue of great importance to the organization. Looming on the horizon is the enforcement of the new EU General Data Protection Regulation (GDPR), which will begin in 2018. It’s never too early for organizations to start preparing. GDPR imposes huge potential fines for non-compliant organizations — up to 4% of global turnover in many cases. For more information, see the FAQ page I created about the GDPR and privacy awareness training.
Of course, the C-Suite may be quick to say that privacy is very important, but what matters most are the actions they take. Privacy office budgets and sizes should be going up by a lot these days.
I have produced a new Privacy Shield training course that provides a short introduction to the EU-US Privacy Shield Framework. Privacy Shield is an arrangement reached between the EU and US for companies to transfer data about EU citizens to the US. Privacy Shield replaces the Safe Harbor Arrangement, which was invalidated in 2015 in the case of Schrems v. Data Protection Commissioner.
When is a person harmed by a privacy violation?
The U.S. Supreme Court just handed down a decision in an important case, Spokeo Inc. v. Robins.
Plaintiff Thomas Robins sued Spokeo under the Fair Credit Reporting Act (FCRA) because Spokeo had inaccurate information about him in its profile. Spokeo’s profiles are used by potential employers and others to search for data about people. FCRA requires that information in profiles for these purposes be accurate, and it allows people to sue if information is not.
Please stop by the TeachPrivacy booth at the expo at the IAPP Summit.
1. Play our new game.
See if you can spot all the privacy and data security risks in this scene. Pick up a copy of the scene, see our poster, and try out our interactive module.