Legal Requirements for Information Security and Privacy Awareness and Training

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (http://gocsi.com/Training2011/OD/Awareness), I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 

I thought others may be interested in the answer to this as well. 

I’m not aware of a listing of information security and privacy training and awareness regulatory requirements that is broken down specific to industries, but here is a listing of regulations requiring such training that I’ve created.  I provide full details for each within Chapter 3 of my referenced book: 

  

Specific Regulatory Education Requirements[1] 

  

As mentioned earlier, there are a growing number of laws and regulations that include requirements for the covered entities to provide some type of information security and/or privacy awareness and training to not only their personnel, but also in some instances to their customers and consumers. 

 This is not an exhaustive list, but these laws and regulations include the following: 

  

  • HIPAA
  • HITECH Act
  • FCRA
  • Red Flags Rules
  • 21 CFR Part 11 (Electronic Records/Electronic Signatures)
  • Bank Protection Act
  • Computer Security Act
  • Computer Fraud and Abuse Act (CFAA)
  • Privacy Act
  • Freedom of Information Act (FOIA)
  • Federal Information Security Management Act (FISMA)
  • 5 U.S.C. §930.301 (for federal offices)
  • Appendix III to OMB Circular No. A-130 (2)
  • Digital Millennium Copyright Act (DMCA)
  • GLBA
  • Department of Transportation DOT HM-232
  • SOX Act
  • The Organization for Economic Cooperation and Development (OECD) Security and Privacy Principles
  • The European Union Data Protection Directive
  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
     

 


 

[1] Herold, R. (2010, p.23). Managing an Information Security and Privacy Awareness and Training Program, 2nd Edition. Boca Raton, FL:CRC Press.

Tags: , , , , , , , , , , , , , , , , , , ,

Leave a Reply