Computerworld reports on mistakes that companies make while trying to educate employees about privacy and data protection.

Many corporations have adopted a check-box approach toward compliance with [training obligations]. Here are five shortcuts I see them taking instead of using the opportunity to ensure that employees really know how to protect information.

1. Doing separate training for privacy, security, records management and ethics. Do you get one message from your chief privacy officer, one from your chief information security officer, and an annual sign-off on the code of ethics from your legal department? You’re not alone. In large companies, the people responsible for specific functions don’t want to dilute their messages by mixing them with related topics. So they each go their own way with training and awareness. The result is confused employees who just want one place to go to learn the do’s and don’ts of information management. [...]

3. Equating awareness with training. Does your company post some PowerPoint presentations to an intranet, send out some e-mails, put up some posters and say it has a privacy and security training program? An effective information-risk training program will certainly include awareness campaigns, but it will also include role-based training to educate smaller groups about what they should be doing to implement those policy objectives.

Read the full story to learn about all five mistakes.

This entry was posted on Friday, February 12th, 2010 and is filed under Anonymity, Identification, Security, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Possibly related posts:

• DHS Privacy Office Releases 2011 Annual Report
• Healthcare IT News: Experts name top 7 trends in health information privacy for 2011
• Computerworld Opinion: You say ‘shameful secret,’ I say ‘privacy’