Over a hundred organizations are responsible for shaping the future of data privacy. In this new series we’ll profile some of the organizations that are helping to shape the massive privacy ecosystem through the eyes of the professionals that work there and learn more about their perspectives on privacy.
What is your organization’s role in the privacy ecosystem?
TeachPrivacy provides computer-based privacy training and information security awareness training to organizations in a wide array of industries. TeachPrivacy has FERPA training for schools, HIPAA training for healthcare providers and business associates, PCI training for merchants and others handling payment card data, and much more.
What key goals/issues is your organization focused on tackling?
Our goal is to provide training that really makes a difference. Training is one of the most important things an organization can do to mitigate the risk of having a data breach or a privacy incident. I founded TeachPrivacy because I thought that there was a better way to train employees about these issues – to really educate them, to show them why they should care.
My goal is to apply good teaching techniques to training. I learned a lot in teaching as a professor and in speaking to audiences of all types. I aim to create training that is engaging, concrete, vivid, and memorable.
How have your organization’s goals/focus changed over the years to address evolving technologies or challenges?
Our goals have remained stable – we are an education company. Our primary goal is to help organizations educate their workforce about privacy and data security. We want to make the best training we can create.
In the training I develop, I strive to use the techniques that work the best – using stories, interactivity, vivid imagery, varied styles and approaches, immersive experiences, activities, genuine passion, and memorable explanations. There is a timeless quality to these techniques. They have worked for thousands of years.
Looking ahead – what are the most important data privacy issues/concerns you think need to be addressed by the industry and/or government legislation?
It would take many books to answer this question. But one overarching point that I think is essential: The best legislation includes governance provisions – it requires a privacy and security officer, privacy and security programs, routine risk assessments, training, policies and procedures, etc. And there must be good enforcement. Laws without such provisions are often poorly followed.