It is almost time, once more, for international Data Privacy Day; January 28, 2009!
Don’t just sit there; plan something to make your personnel, your family and friends, and/or your community more aware of privacy issues and concerns!
Here are a few ideas to get you started:
* Do a podcast about a privacy incident you were involved with or are concerned about. Share your viewpoints!
* Download a podcast about a security or privacy topic and play for your personnel. I’ve had some companies tell me that they’ve used my podcasts for training and awareness events for their personnel. Here are some I have available (these are all on the same web page; just scroll to see each):
– Data De-identification and Masking Methods
– What IT Leaders Need to Know About Using Production Data for Testing
– Demystifying Privacy Laws: What You Need to Know to Protect Your Business
– Information Security and Privacy Professionals MUST Work Together to be Successful
– How to Effectively Address Privacy in Business
* Film a short video discussing a privacy incident or topic of concern. Here are a couple of places to some ideas from, which you could also show on World Data Privacy Day, or sometime during the week:
– Privacy Issues, Photos, and the Internet. This is a GREAT one for the marketing folks to watch!
– Internet Privacy Video. This is highly informational! However, be aware that it is very loud, and does contain profanity and other expressions that some organizations, or the folks therein, may find offensive.
– Privacy and Social Networks
– Invasion of Privacy
BTW, it is on my to-do list for 2009 to film several short (1 – 3 minute) videos with my sons on various information security and privacy topics.
* Hold an awareness and training event to encourage personnel to discuss and share viewpoints about information security and privacy issues. I’ve done some very successul training events that had long-term learning benefits; see a package I created to hold such an event, my Privacy Professor Search #1.
* Hold a shredding event at your workplace, for your school, in your neighborhood, in your church, or some other location. Work with your local shredding companies; most will be happy to come to a site for such an event and make their shredders and high-power degaussers (for digital storage devices) available for use. See the Document Shredding Organization for more information and possible shredding vendors you can contact.
* Give each of your personnel who are mobile workers a self-encrypting USB drive, such as IronKey, to protect the confidential information they take out of your organization.
* Hold an “Information Security and Privacy” fair over the lunch time in your organization, and have a booth/table for each of your departments that impacts privacy, including Information Security, Physical Security, Privacy, Legal, Human Resources, Compliance and any others you have. Have knowledgeable representatives from each of these departments answer any questions they get from your personnel about related privacy issues.
* Invite a privacy or security expert from your area to talk about privacy issues to targeted groups within your organization, or as a type of lunch and learn awareness event.
* If you are a privacy expert, offer to discuss a topic with one of your local schools, colleges, churches, or other types of non-profit organizations.
* Arrange with a local small and medium sized business (SMB) warehouse, such as Costco, Sam’s Club, other other similar retail wholesalers, to provide a privacy tutorial at their site on World Privacy Day, or each day of the week of January 26.
* Subscribe to quarterly newsletter, such as Protecting Information, to provide ongoing, effective, awareness communications to your personnel.
* Here is an excerpt from a list of 142 awareness ideas I have in my book, Managing an Information Security and Privacy Awareness and Training Program (BTW, I was just asked to do a 2nd edition of this book, and I’ll have around 100 additional awareness ideas within it when it comes out in 2010):
“53. Hold an information security and privacy poster contest.
54. Host demonstrations of security and privacy software used by your organization.
55. Pick a privacy or information security policy and publicize it each month, explaining why the policy is needed.
56. Publicize recent news about information security and privacy on an intranet site.
57. Place new information security or privacy tips each week or month within your network log-on banner.
58. Have a drawing contest and give the winners a copy of an information security and privacy book.”
You can find more information and ideas for World Privacy Day (January 28, 2009) at:
* Here are my ideas from last year; they are still good ideas to do this year! See: “January 28 is International Data Privacy Day”
* The Carnegie Mellon CyLab site has a ton of great privacy information and resources. See
– MySecureCyberspace: The Portal
– MySecureCyberspace: The Game NOTE: This is FANTASTIC for not only kids and teens, but also adults.
– Privacy Bird® and Privacy Finder
* Nymity interview with David Hoffman, Director of Security Policy and Global Privacy Officer, Intel Corporation.
* The U.S. congress official support for designation of January 28, 2009, as `National Data Privacy Day‘
* A post about Data Privacy Day at databreaches.net
* Four good tips from the Harvard Digital Natives blog
Got other good ideas? Let me know!
Tags: awareness and training, Carnegie Mellon, CyLab, Data Privacy Day, Information Security, IT compliance, IT training, Nymity, policies and procedures, privacy bird, privacy training, risk management, security training