1 / 21

Developing an Enterprise-Wide Privacy and Data Security Training Program

This report details the process of creating a comprehensive privacy and data security training program at the University of Minnesota. Key components include analysis and planning, curriculum development, training delivery methods, and communication strategies. The project aims to educate faculty, staff, and students about institutional data expectations and good IT practices, ensuring compliance with legal requirements while addressing community standards. The program emphasizes evaluation measures, stakeholder engagement, and leveraging existing infrastructure for effective implementation.

stuart-maldonado
Télécharger la présentation

Developing an Enterprise-Wide Privacy and Data Security Training Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota John T. Jensen, CHPS, CIPP Assistant Director Privacy & Security Office University of Minnesota Developing an Enterprise-Wide Privacy and Data Security Training Program

  2. Outline • Drivers • Organizational Complexity • Key Project Components • Costs and Timelines • Lessons Learned • Questions

  3. Drivers • Incidents • Notification law • New IT security laws • Leverage resources • Lots of regulation

  4. Complexity of Higher Education • Multi-part missions • Culture of Openness • Decentralized Organization • Need for Privacy and Security • Diverse stakeholders • Regulations • Community Expectations

  5. Developing a Balanced Approach: Key Assumptions • University faculty, staff, and students create, use, access, store, and share private data. • Must understand human dimensions as well as acknowledge the need to address not only what is required (law) but also what is expected (from the community).

  6. Key Project Components • Analysis & Planning • Curriculum & Instructional Design • Content Development • Training Delivery & Tracking • Awareness & Communications • Evaluation & Measurements • Reporting

  7. Analysis & Planning • Process • Key Findings • Content • Technology and delivery • Patterns of use • challenges • Recommendations

  8. Analysis & Planning • Mandatory or voluntary • Role based? • Scope • measurements • Opportunities

  9. Purpose • Educate users about institutional expectations. • Educate users about good IT practices. • Enhance productivity through standard practices.

  10. Course Curriculum

  11. Content Development • Principal v. topical • Identify subject matter experts • Policy translation • Course objectives • Identify resources • Lots and lots and lots of time!

  12. Training Delivery & Tracking • Privacy Coordinator/Liaison Structure • Leveraging Existing Infrastructure • Human Resources System (PeopleSoft) • University portal (www.myu.umn.edu) • Database (Oracle) • eLearning System (WebCT – Blackboard) • Email • Tracking & Delivery Enhancements • Tiered assignments for timed delivery • Reports

  13. Communications & Awareness • Challenges • Decentralized communication infrastructures • Multiple web identities • Communicating to Faculty • Communicating to research personnel • “I work with rats, not data”

  14. Communications & Awareness –A Multi-Tiered Approach • Packaged Communications (Mailings, Posters, Logos, Banners, etc) • Strategic Communications (Memorandums, electronic notices of course assignments, in-person meetings, Scripts for supervisors and coordinators)

  15. Communications & Awareness - Packaged

  16. Measurements : Evaluation & Reporting Assessing Confidence Levels: Before and After Training 1. I am confident that I can secure my work environment and the private data I may use in my job. 2. I am confident that I can identify resources for securing my computer workstation. 3. I am confident that I can create and use strong passwords. 4. I am confident that I can recognize actions that increase security risk. 5. I am confident that I can use best practices to reduce the risks associated with using and sharing University private data. 6. I am confident that I can identify security issues and take appropriate action to address them. 7. I am confident that I can identify what University data are private and what University data are public.

  17. Costs and Timelines

  18. Contact Information Privacy & Security Office University of Minnesota privacy@umn.edu Ross T. Janssen, JD, CIPP 612.626.5844 janss006@umn.edu John T. Jensen, CHPS, CIPP 612.626.3885 jense100@umn.edu

More Related