PRIVACY + SECURITY TRAINING PROGRAM CATALOG

Transcription

1 PRIVACY + SECURITY TRAINING PROGRAM CATALOG

2 TeachPrivacy 261 Old York Rd., Suite 518 P.O. Box 706 Jenkintown, PA Phone: Fax: (215) DATA

3 ABOUT TEACHPRIVACY The TeachPrivacy Advantage Expertise Our training is created by Professor Daniel Solove, an internationallyknown expert in privacy and security. Interactive SCORM-compliant modules have interactive quizzes and activities. Topical We cover more than 50 topics, including HIPAA, FERPA, GLBA, phishing, passwords, portable devices, social media, and much more. Engaging Your workforce will want to take our training and they ll remember it. Short and Modular We have comprehensive courses and short individual modules on particular topics. Customizable We can customize anything TeachPrivacy was founded by Professor Daniel J. Solove, the John Marshall Harlan Research Professor of Law at the George Washington University Law School. He is also a Senior Policy Advisor at the law firm of Hogan Lovells. One of the world s leading experts in privacy law, Solove has authored nine books and more than forty articles. He is the lead author of the most widely-used textbook on information privacy law. He has given lectures around the world, testified before Congress, spoken at the Department of Homeland Security, U.S. Dep t of Education, FCC, FTC, the Library of Congress, and countless universities. Professor Solove has been interviewed and featured in several hundred media broadcasts and articles, including the New York Times, Wall Street Journal, Washington Post, Chicago Tribune, USA Today, AP, Time, Reader s Digest, ABC, CBS, NBC, CNN, and NPR.

4 OUR TRAINING 2 OUR TRAINING PHILOSOPHY I founded TeachPrivacy to create a new and fresh approach to training. Far too often, training is boring and obligatory, a check-the-box exercise like watching an airplane safety video. My goal is to make training engaging. Training should use the time-tested tools of effective education: stories, examples, and interactivity. Training should stimulate the senses. It should be fun, lively, and memorable. I am involved in all facets of the creation of our training. I believe people will learn more effectively when I can impart on them a genuine passion for the material. Professor Daniel J. Solove Professor Solove s knowledge of domestic and global privacy issues, including the often dynamic regulatory environments in Asia and Europe, is unmatched. Furthermore, his ability to take complex privacy issues and reduce them to simple, teachable concepts is exceptional. It is good to be working with the best in the privacy field! Steve Worster Chief Compliance Officer and HIPAA Privacy Officer StoneGate Senior Living, LLC In short, easily understood sessions, Professor Solove personally explains the concepts of information security and privacy in plain language. The excellent content combined with Solove s well-earned reputation make the TeachPrivacy series an essential part of an effective information security awareness program in any organization. Dennis Devlin Chief Information Security Officer, Chief Privacy Officer, and Senior VP of Privacy Practice, Savanture

5 Global Privacy and Data Protection Module ~ 25 mins Overview of privacy and data protection for the global organization. PRIVACY GLOBAL PRIVACY AND DATA PROTECTION COURSE OUTLINE THE PURPOSE OF THIS TRAINING People Care About Privacy Privacy and Security Your Role 3 Masterful synthesis of various privacy principles from regulation around the world covers the common core concepts and accounts for variation in approaches. Easy to customize. Anything can readily be changed, added, or removed. Easy to translate. All spoken text is written in the module, so translation can be without a voice track if desired to save on translation cost. WHY WE PROTECT PERSONAL DATA Respect Prevent Harm Individual Empowerment Trust Reputation Legal Compliance Contractual Compliance WHAT IS PERSONAL DATA? Identifying Personal Data or PII Sensitive Data DATA COLLECTION Lawful Data Collection Data Collection Limitation DATA DATA HANDLING AND PROCESSING Data Quality Limited Access Confidentiality Security Safeguards Data Retention USE OF PERSONAL DATA Minimum Necessary Use Purpose Specification INDIVIDUAL KNOWLEDGE AND PARTICIPATION Notice Access and Correction Consent TRANSFER AND SHARING OF DATA International Transfers of Data Sharing Data with Third Parties Sharing Data Internally ACCOUNTABILITY Accountability Personal Data Refers to Real People Privacy by Design Ask the Privacy Office

6 PRIVACY 4 Privacy Awareness Our general privacy awareness program, consisting of the following segments: Privacy Principles Nothing to Hide: Why Does Privacy Matter? The Relationship Between Privacy and Security 10 quiz questions ~ 15 mins European Union Privacy Law EU Data Protection Directive and the differences between EU and US privacy law (~ 9.5 mins) (abridged version ~ 6.5 mins) United States Privacy Law Types of US privacy law and common requirements (~ 6 mins) Global Privacy Law OECD Privacy Guidelines and the APEC Privacy Framework (~ 5.5 mins) The Safe Harbor Arrangement Derived from the EU Privacy Law program, this program provides a short introduction to the US-EU Safe Harbor Arrangement (~ 2 mins) Privacy by Design Advanced training for engineers, designers of programs/services, and policymakers. Identifies many privacy issues that should be considered (~ 15 mins)

7 PRIVACY 5 Privacy Principles Overview of the Fair Information Practice Principles (~ 6 mins) Nothing to Hide? Why Privacy Matters Why employees should care about protecting personal data (~ 6 mins) The Relationship Between Privacy and Security How data breaches are often caused by humans (~ 3 mins) The App from Hell Cartoon about the importance of privacy by design (~ 2 mins) The Data Misuse Nightmare Cartoon about harms caused by misusing data (~ 4 mins) What Is Personal Data? Defining personally identifiable information and data stewardship (~ 5.5 mins)

8 DATA SECURITY 6 Data Security Awareness Multi-topic course including: Data Security Overview 20-minute version Encryption available - all topics Passwords covered, but with Social Engineering abridged videos. Websites and Software 15 quiz questions. Data Disposal Physical Access Portable Devices and Remote Access Five Key Points for Data Security This course discusses five key points for data security: (1) data security involves you; (2) create powerful passwords; (3) click with caution; (4) keep data where it belongs; and (5) be vigilant (~ 7 mins) This program can be used for refresher training or data security awareness campaigns. It can also be used as a succinct introduction to a general data security training program. 15 quiz questions ~30 mins

9 DATA SECURITY 7 Condensed Version (~ 6 mins) We also offer a condensed version with abridged video content and 4 interactive quiz questions. Phishing Module ~12 mins Video Only ~ 8 mins Raises awareness about phishing and inform trainees about the dangers. Explains the warning signs to help trainees better spot phishing attempts, and it explains what people should do if they have any suspicions about an or phone call. The full-length course takes approximately 12 minutes to complete and contains a series of 3 short videos interspersed with 8 interactive quiz questions. This course can stand alone or can be snapped together with other topic segments. The full-length course is divided into three parts: (1) What Is Phishing? Discusses the dangers and types of phishing, including spear phishing and vishing (phishing via phone). (2) How Do You Spot a Phishing Attempt? Discusses the various warning signs to look out for. (3) What Should You Do When Things Seem Phishy? Discusses what people should do when they have questions or suspicions.

10 DATA SECURITY 8 Data Security Overview Security threats and why security is everyone s responsibility (~ 5 mins) Websites and Software Unauthorized software; detecting malicious websites (~ 4.5 mins) Physical Access Securing workspaces and locking unattended computers (4.5 mins) Passwords Selecting strong passwords (~ 6 mins) Encryption How encryption protects data (~ 4.5 mins) How to identify dubious links and attachments (~ 5.5 mins)

11 DATA SECURITY 9 Social Engineering Phishing, spear phishing, pretexting, and baiting (~5.5 mins) Data Disposal Disposing electronic data and paper documents (~3 mins) Portable Devices Dangers of putting sensitive data on portable devices. (~4 mins) Threats and Vulnerabilities Threats to data security and risky practices that lead to incidents (~3.5 mins) The Costs of Violations Describes the human, reputational, and financial costs of privacy and security violations (~4 mins) The Laptop that Traveled the World Cartoon about putting unencrypted data on a portable device (~ 3 mins) The from the IT Department Interactive cartoon about an from the IT department requesting a password (~ 3 mins) The Thumb Drive Discovery Interactive cartoon about finding an unknown USB drive (~ 3 mins)

12 HEALTHCARE DATA HIPAA HITECH 10 HIPAA Privacy for CEs Health Privacy Overview What Is PHI? Confidentiality and Snooping Minimum Necessary Rule Disclosures Personal Rights Authorizations Compliance Logs Enforcement 15 quiz questions ~40 mins or ~ 20 mins 20-minute version all topics covered, but with abridged videos, 10 quiz questions HIPAA Security for CEs and BAs Data Security Overview Encryption Passwords Websites and Software Data Disposal Physical Access Portable Devices Social Engineering Data Security Breach 15 quiz questions ~40 mins or ~ 20 mins 20-minute version all topics covered, but with abridged videos, 15 quiz questions HIPAA Overview Short basic overview of HIPAA. Contains a series of short videos with 8 interactive quiz questions mixed in. Topics: Scope PHI Responsibilities Use and Disclosure of PHI Patient Rights Security Enforcement Data Breach State Law 8 quiz questions ~ 15 mins A version for law firms is also available. HIPAA Privacy for BAs Health Privacy Overview What Is PHI? Business Associates Confidentiality and Snooping Minimum Necessary Rule Disclosures Compliance Logs Enforcement 15 quiz questions ~40 mins or ~ 20 mins 20-minute version all topics covered, but with abridged videos, 10 quiz questions

13 HEALTHCARE DATA HIPAA HITECH 11 Health Privacy: HIPAA and Beyond Basic overview of the privacy of healthcare data (~ 6 mins) What Is PHI? Definition of PHI (~ 6 mins) Confidentiality and Snooping The importance of not gossiping or snooping into PHI (~ 5 mins) Personal Rights HIPAA rights - notice, access, amendment, complaint (~ 4.5 mins) The Minimum Necessary Rule Overview of the rule and its exceptions (~ 6 mins) Compliance Logs Accounting for disclosures rule (~ 6 mins) Disclosure Mandatory disclosures and disclosures with and without authorization (~ 6.5 mins) Authorization Elements of a valid authorization (~4.5 mins) HIPAA Enforcement Penalties for violating HIPAA (~ 6mins)

14 HEALTHCARE DATA HIPAA HITECH 12 Business Associates Requirements for being a BA and how BAs are regulated (~ 6 mins) Research HIPAA and the Common Rule for research use of PHI (~ 7 mins) De-Identification Statistician and Safe Harbor methods (18 identifiers) (~5.5 mins) The HITECH Act Changes made to HIPAA by the HITECH Act/Omnibus Rule relevant to all employees (~ 4.5 mins) Texas Health Privacy Scope of Texas health law, access to records, enforcement, auditing, and breach notification (~ 5.5 mins) California Health Privacy Differences from HIPAA, access to records, enforcement, and data breach notification (~ 5.5 mins) Data Security Breach Threats to security and consequences of a breach (~ 5.5 mins)

15 HEALTHCARE DATA HIPAA HITECH HIPAA Security Overview Security threats and why security is everyone s responsibility (~ 5 mins) Websites and Software Unauthorized software; detecting malicious websites (~ 4.5 mins) Physical Access Securing workspaces and locking unattended computers (4.5 mins) Passwords Selecting strong passwords (~ 6 mins) Encryption How encryption protects data (~ 4.5 mins) How to identify dubious links and attachments (~ 5.5 mins) Social Engineering Phishing, spear phishing, pretexting, and baiting. (~5.5 mins) Data Disposal Disposing electronic data and paper documents.(~3 mins) Portable Devices Dangers of putting sensitive data on portable devices. (~4 mins)

16 FINANCIAL DATA GLBA 14 Financial Privacy Overview Briefly introduces the GLBA, FCRA, state laws, and data breach notification laws. How to protect financial data (~ 3.5 mins) Gramm-Leach-Bliley Act Scope, notice, confidentiality, data sharing, and security (~6.5 mins) Red Flags Red flags to look out for under the FTC Red Flags Rule. Interactive quiz questions ask trainees to identify red flags in various scenarios (~ 9 mins) COURSE OUTLINE Payment Card Data PCI The special ways that payment card data must be protected under the Payment Card Industry Data Security Standards (PCI DSS). How to identify the various types of payment card data; what data can be collected; how various types of payment data can be stored; the consequences of failing to follow the PCI standards; and various security practices that should be followed. 1. INTRODUCTION 2. PCI OVERVIEW Identifying Payment Card Data Threats Costs and Penalties 3. COLLECTION AND STORAGE OF PAYMENT CARD DATA Minimizing Collection Data Storage Physical Security Data Disposal 4. PROTECTING PAYMENT CARD DATA Passwords Protecting the Network Checking for Tampering 5. CONCLUSION 8 quiz questions ~ 16 mins

17 SOCIAL MEDIA 15 Facebook and the Mysterious Blue Disease Cartoon about posting personal data on a social media site Online Social Media Social media website privacy settings, the myth of total anonymity, the importance of expressly distinguishing personal versus employer views, and the danger of revealing details about a person even if that person isn t identified (~15 or ~ 10 min version available) General version and healthcare version available (~ 3 mins) General version and healthcare version available

18 EDUCATION DATA FERPA 16 FERPA for Higher Education Overview of FERPA to train faculty, administrators, and staff. (~ 15 mins) COURSE OUTLINE Cloud Computing in Education This video discusses the benefits and risks of educational institutions using cloud computing providers. Provides advice for how educational institutions should choose cloud providers, establish a relationship with them, and maintain that relationship with the appropriate protections for privacy and data security. (~ 6 mins) 1. FERPA S SCOPE Introduction What Does It Cover? What Isn t Covered? 2. FERPA RIGHTS AND ENFORCEMENT Who Has FERPA Rights? What Rights Does FERPA Provide? How Is FERPA Enforced? 3. CONFIDENTIALITY AND DISCLOSURE Confidentiality Directory Information Emergency Parents Other Instances 4. EXAMPLES Harassment Police Student in Distress Grades 5. CONCLUSION

19 Please contact us for an evaluation of our programs

20 261 Old York Rd., Suite 518 P.O. Box 706 Jenkintown, PA Phone: Fax: (215)