Privacy Training and Awareness Tips.
Join Teresa Troester-Falk and Rachel Glass expound upon Privacy Training and Awareness below.
Teresa T. Falk:
Hi, everyone, and welcome to today’s Practical Privacy Snapshot. Practical Privacy Snapshot is where we invite experienced privacy professionals to share some operational tips, something that made a difference in operationalizing privacy compliance. I’m delighted that Rachel Glasser is joining us today. Rachel is Chief Privacy Officer at Wunderman Thompson; she’s been in the weeds on operational privacy compliance for a long time. She shares some tips on the practicality of privacy training and awareness. So Rachel
I’m excited to be a part of your Practical Privacy Snapshots. I’m happy to talk about one of my favorite aspects of a privacy compliance program, privacy training, and awareness. I love this aspect of privacy compliance programs because it’s truly the foundation of ensuring a strong privacy program.
As we all know, privacy is not the job of just one individual within your organization. It is an effort that needs to be put forth by everybody within your organization; it takes engagement and participation by everybody.
- Same Language. For that reason, I think it’s critically important that everyone speaks the same language. So what I mean by that is that we’re all using the same terminology, in the same way, that we’re using specific terms within the right context. So, for example, the definition of personal information has changed quite significantly over the last several years as new data protection legislation has been introduced and come to pass. So we all must understand what the new definition of personal information is so that we know what we’re dealing with when we’re engaging with our clients or we’re engaging with other types of data that might fall within that category. That’s the first thing that I think is most important.
2. Expectations. The next thing that I think is important is to be reasonable and practical in what you’re expecting from your employees. The idea of privacy training and awareness is not to make everybody a subject matter expert. Instead, it’s to promote awareness, just as the title says, and so with that, the idea is to help people understand where there may be issues, when things might need to be escalated, and how to spot those issues.
So, for example, if everybody understands the difference between aggregated data and personal information, then they would know that if they’re working with personal information, they might have certain obligations, and specific laws might apply. They might not know what the details of that are. Still, they know that there might be heightened requirements because their personal information is a means by which they’re issue spotting. Then they can escalate that and get the appropriate advice from the right person within your organization. So it’s critically important.
3. Spot Issues Quickly. Issue spotting is also critically important because the sooner you can spot some of these issues, the sooner you can mitigate them, and take corrective action. And that, of course, as we all know in the privacy world, and even in the world, when dealing with data, can be the ultimate thing. To catch any issues early and sort of cut them off at the pass.
4. Real-World Examples. And finally, what I think is critically important to a privacy training and awareness program is to use real-world examples. So if you’re using models that people can relate to in their personal lives, and things that you know consumers experience or data subjects experience, it’s much easier for you to educate your staff. It’ll be easier for them to relate what the issues are to their everyday lives.
What’s also really helpful is if you’re using actual cases as these examples, so people can then compare it to other things that they’re doing within their daily job. They can analyze and start to help them with issue spotting, it will help them know where some of the lines are, and you will be a more reliable organization.
Teresa T. Falk:
Those are some great tips. I especially like- talk the same language. I know there are so many occasions when you think you’re talking about the same thing and realize that the department that you were speaking with had a completely different understanding of what you’re talking about, and personal information, all of those great examples.
Let’s talk about Privacy Training and Awareness
Are you ready to demonstrate compliance with the CCPA, the GDPR, or other privacy laws? The key is operational know-how, a practical plan, and privacy expertise.
Ask us how we can help you feel confident and at ease with your privacy compliance efforts.