Every time I read the news it seems there is a new data breach impacting client or employee privacy. Just last week UPS, Supervalu, Community Health Systems, North Dakota University, Shaw’s / Star Market / Albertson’s, and Schnucks have all been mentioned in articles related to new or recent data breaches. Of course there are also the ongoing articles discussing the costs and other ramifications of the Target breach.
According to the Ponemon Institute‘s 2013 Cost of a Data Breach Study: Global Analysis, 35% of all data breaches due to to a human factor such as a negligent employee or contractor. Breaches attributed to human factors can be avoided by improving your privacy awareness program.
Privacy Awareness vs. Education / Training
There is a difference between privacy education / training and awareness programs.
Privacy education involves formal training sessions covering either general privacy concepts and topics (such as supplied by the IAPP) or the requirements of an in-house privacy program. Privacy education should be provided when a new hire joins an organization, when a significant change is made to a privacy program, and at least annually with attendance required for any organizational member that accesses or comes in contact with personal information.
A privacy awareness program focuses on providing less formal reminders to organizational members of the importance of privacy. There are a variety of ways to accomplish this including emails, blogs, websites, posters, and privacy-related events. In my experience I have seen that while privacy education is critical (and required law or regulation in some cases) you can have a greater impact on your organization through an awareness program.
What can you do now?
Over my next several blog entries I will discuss various topics about privacy awareness initiatives. Until then you can visit the Privacy Ref Presentation & Papers page for two items.
Tips for minimizing human privacy errors is a top ten list of things you can do to help reduce the possibility of a data breach due to a human factor.
Privacy Communities: How To Build Them And Drive Awareness is a presentation that was done in conjunction with CO3 Systems describing how to create a cross-functional team to assist spread the word about privacy throughout your organization.