Marc Groman, Chief Privacy Officer for the (US) Federal Trade Commission, makes the case for having Privacy Weeks (see this article):
“Annual computer security and privacy awareness training for all employees is a good start, but it is just the beginning. Planning an agencywide “privacy week” or similar event is an excellent way to put privacy center stage and demonstrate your agency’s commitment to building a culture of privacy and security. The theme for the Federal Trade Commission’s privacy week held this past March was “Info — Handle With Care.” Your privacy week can include events such as educational seminars on compliance issues, training sessions on technology resources that protect sensitive information, or an all-day privacy fair. Thought-provoking or “catchy” posters in high-traffic areas, brochures and contests and prizes help to generate enthusiasm for the week’s activities and to communicate the message. Finally, to reinforce your agency’s commitment — in terms of resource investment and leadership buy-in — have your agency head host an event or deliver a speech explaining why privacy and security are important. …”
This is an interesting idea and good initiative, that potentially could apply (in general) also to enterprises and other organisations: educating employees, creating awareness of risks and threats and requirements in terms of security and privacy is a good way to improve privacy practices.
However, as I argued in a previous post, I believe this should be coupled with a more proactive approach (within organisations) to privacy policy enforcement and automation: “human-based” processes are indeed prone to mistakes and interpretations (and education …).
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment