Take a
tour of our
Award-winning
compliance
training

Free 7-Day Trial
100+ Compliance
eLearning Topics

No Credit Card Required*

Take a
tour of our
Award-winning
compliance
training

Free 7-Day Trial
100+ Compliance
eLearning Topics

No Credit Card Required*

DATA PRIVACY TRAINING

Why does your company need Data Privacy training? Data Privacy training is about having a say in when and how personal information is collected, used, or disclosed. Companies have a duty to keep their clients’ private information private.

People may not think that Data Privacy affects their daily lives, but every time a person goes online or fills out a form, they give away data about themselves.

Your company has a duty to keep private information private. This includes only using it in the way you've promised, not disclosing it without permission, and destroying it at the appropriate time.

Data Privacy training and policies will ensure that your organization does just that.

Data Privacy is not only an ethical obligation; it's also what the law requires of your company.

Our Data Privacy and GDPR training will help protect you, your colleagues, your customers, and your company from the consequences of a Data Privacy breach and help employees understand the impact of GDPR and what your organization needs to do in order to be compliant.

iPhone, Android, Tablet, and desktop devices – seamless playback and tracking

Easily add your own learning screens to enhance stock content

Single enterprise licence covers your entire workforce, including contractors

Available in 20+ languages, with compliance training resources for local market regulations

TOPIC 1:

WHAT IS DATA PRIVACY TRAINING?


Video: Every time you go online or fill out a form, you give away information about yourself. Keep clients’ information private. Ethical and legal obligation to keep information private.

Interactive Screen: What do data privacy rules apply to? Types of data. Terminology, PII in the US, personal data in Europe. Know the types of data we hold, where data is held, what it’s used for, and the consequences of a breach.

Interactive Screen: What is the GDPR? Who does it apply to? Penalties. Consent.

Interactive Services: Rights of data subjects under GDPR. Breach notification. Right of access. Right to be forgotten. Data portability.

Scenario: Unsolicited calls and mailshots from a marketing company. How did they get information?

Key Learning: Your name, address, and telephone number can all be used to uniquely identify you, as can your login and payment details for retail sites. All this data is classified as personal data/PII.

Scenario: The pieces of data that can be used to identify and individual.

Key Learning: It's important that you know what data qualifies as personally identifiable information and understand how PII can be combined to identify an individual.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 2:

PROTECTING DATA


Text & Image Screen: We all have a responsibility to protect the data of our clients and employees. Privacy incidents are often caused by people making simple mistakes out of line with our policies.

Interactive Screen: Principles of data protection: notice and purpose, consent, security and access, disclosure and accountability.

Interactive Screen: Real-life example of how to protect data when working remotely.

Scenario: How to protect customer information.

Key Learning: Data must be stored securely and accessed only by authorized users. Policies must be in place to protect the anonymity of those about whom the data is stored.

Scenario: Ensuring security of personal information.

Key Learning: When using data outside of its normal intended environment, the data must be anonymized so as to remove any trace of PII by which the customer can be identified.

Scenario: Consequences of a data breach.

Key Learning: Not following principles of proper protection of protection of personal data/PII can have huge ramifications.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 3:

PROTECTING CONFIDENTIAL INFORMATION


Interactive Screen: Classifying information: public, internal, confidential, restricted.

Interactive Screen: Protecting information in communications: email, social media, phone, fax.

Scenario: Classifying information before sharing with a vendor.

Key Learning: Choosing a classification level to apply your data is a business decision based on how sensitive the data is. When you classify information and then follow the rules that apply, you help protect our company in the event of a security breach.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 4:

HANDLING SENSITIVE INFORMATION


Interactive Screen: Sharing information. NDAs and CDAs. Working with contractors and agents. Disclosure.

Interactive Screen: Storing data. Disposing data. Disposing of confidential information.

Interactive Screen: Examples of the precautions to take when handling information.

Scenario: Emailing a report containing confidential data.

Key Learning: Don't disclose confidential information unless you have received prior approval from the appropriate department. Never transmit sensitive or confidential information by any method in an unprotected format - use the encryption software authorized by the IT department.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 5:

HIPAA BASICS


Video: Healthcare organizations and professionals are obliged to protect you and the information they hold about you. HIPAA ensures that the use and disclosure of PHI held by medical practices is strictly controlled to protect you.

Interactive Screen: PHI includes any part of your medical record or payment history. Privacy rule. Transaction and Code Set standards. Security rule. Unique Identifiers rule. Enforcement rule.

Interactive Screen: Rules around sharing patient information. Storing patient information.

Scenario: Identify items that are classified as PHI.

Key Learning: PHI is any information about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual.

Scenario: Rules governing use of PHI.

Key Learning: PHI can be provided without your express written authorization to facilitate treatment, payment, or healthcare operations. Covered entities must follow the correct HIPAA privacy rules or suffer heavy penalties.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 6:

PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS


Interactive Screen: Every payment card transaction is protected by strict standards to keep personally identifiable information secure. Consequences of PCI DSS breaches..

Interactive Screen: Payment card dos and don'ts. Know our policies and requirements. Password management. Look out for suspicious activity. Clean house. Keep data inside the building.

Scenario: Investigating credit card fraud.

Key Learning: Credit card data is available at every stage of a transaction, except for order fulfillment.

Scenario: Preventing security breaches.

Key Learning: Gather as much information about a cyber-attack as quickly as possible. Apart from any payment card information that may have been stolen, the criminals may have hidden malware on the network.

Scenario: How to limit scale of breaches.

Key Learning: Once customers have provided their credit card details, the responsibility for this data remains with the merchant who must ensure the integrity of their procedures, processes, and systems at all times.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 7:

WORKING WITH THE CLOUD


Interactive Screen: How does cloud computing work? Where is your data, and what laws apply to it? Laws in Europe. Privacy Shield. Access to data. Encrypting data. Using a secure network.

Scenario: Data privacy risks associated with moving customer database to the cloud.

Key Learning: Responsibility and accountability always remain with the company, even if the physical location of the data is disputable.

Scenario: Moving data internationally.

Key Learning: Always comply with our policy when sending personal data/PII to another country. If in doubt, remove all the personal data/PII.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 8:

STORING DATA


Interactive Screen: Data lifecycle; create, store, use, archive, and destroy.

Scenario: Elements of an effective data security plan.

Key Learning: All aspects of security should be considered, including physical documents, hardware, and premises.

Scenario: Identifying confidential data.

Key Learning: Failing to secure confidential data could impact on individuals and also damage the reputation of our company.

Assessment: Five-question quiz on the content presented in this topic.

TOPIC 9:

DISCLOSURES


Interactive Screen: The laws around the information to be provided when handing over personal data/PII will vary depending on your location

Interactive Screen: Privacy statements and your right to be provided with one before disclosing any personal data/PII.

Interactive Screen: Real-life examples of disclosure in action.

Scenario: Identifying personal data/PII that should not have been included in a report.

Key Learning: An employer has a duty to their employees to protect personal data/PII and not disclose such data.

Scenario: What to do if you mistakenly receive personal data/PII.

Key Learning: If you find your self in possession of personal data/PII that you shouldn't have, notify HR and Legal of the disclosure.

Scenario: What do you need to tell people before you can collect their data?.

Key Learning: Customer must be informed of how their data will be used and that data should only be used in a manner consistent with the purpose for which it is obtained.

Assessment: Five-question quiz on the content presented in this topic.

 

MORE DATA PRIVACY TRAINING

Data Privacy training rules apply to any information that can be used on its own, or in combination with other clues, information, or context, to identify, contact, or locate an individual.

Different countries use different terms to describe this kind of data. For example, in the US, it’s known as personally identifiable information (PII). In Europe, it’s known as personal data. In the UK, Data Privacy is governed by the Data Protection Act of 1998.

Our Data Privacy training course helps you protect Data Privacy by teaching you the types of data held, where data is held, what it is used for, and the consequences of a Data Privacy breach. If personally identifiable information falls into the wrong hands, it may be possible for criminals to identify an individual and target them for illegal activity.

Data must be stored securely and accessed only by authorized users. Policies and training must be in place to protect the anonymity of those about whom the data is stored.

HIPAA is a piece of legislation that plays a central role in protecting your medical and personal data. The US Health Insurance Portability and Accountability Act ensures that the use and disclosure of PHI held by medical practices is strictly controlled to protect you.

Our Data Privacy training will teach your employees the many different standards governing cross-border movement of personally identifiable information (PII). Some countries require local PII to remain in the country. You must remove PII from documents that may be moving across borders.

In Europe, personal data cannot be transferred outside the EEA, except to certain countries that have been identified as providing adequate protection for the data, or if specific protections have been put in place that are authorized by the data protection authority in that European country.

These rules apply whether your data is on a cloud service or hosted on specific servers in another country. All employees need comprehensive Data Privacy training in order to protect your business and your clients.

The General Data Protection Regulation (GDPR) is an EU regulation aimed at strengthening data protection for EU citizens. It brings significant changes for all organizations doing business in the European Union (EU) or European Economic Area (EEA), regardless of where in the world the organization is physically located. So if you hold or process personal data for any EU citizen, regardless of where you are located and regardless of where the data is located or processed, the GDPR applies to you.

At the heart of the GDPR are core elements relating to consent, right of access, and data use. Protecting the privacy of the data we hold or process is not only our ethical obligation, but also what the law requires of our company. We're relying on you to help ensure we comply with GDPR at all times.

interactive services compliance training data privacy training
interactive services compliance training data privacy policy
interactive services compliance training general data protection regulation