Good intentions aside, many companies are missing the opportunity to effectively train employees on data protection. "Many corporations have adopted a check-box approach toward compliance" with the obligations set out in various data protection regulations, says Jay Cline, CIPP, in a Computerworld article. Cline says common mistakes that companies make include separating rather than melding privacy, security and records management and ethics training; using too few communications channels; and failing to measure training effectiveness. "Employee training is probably the most important component of an information risk management process," he writes. "Yet few companies actually measure..."
If you want to comment on this post, you need to login.