On LinkedIn this week, we announced we will be offering CIPP/C training in November. The course will be led by yours truly and held over four days in the span of two weeks. We did this back in June, and it worked nicely. If you’re thinking of getting certified soon, you might want to sign up. Reach out to Andy at the IAPP to do so. 

And, even if you’re not thinking of taking the exam, the training is still important.

For more than 20 years now, the IAPP and many data protection authorities, like the federal privacy commissioner, have been talking about the need for training. In the EU, it’s actually part of the law. Here, we just keep on talking about it. And, what’s problematic is that by just talking about it, people are ignoring the message. There are still tons of people handling sensitive personal information without basic privacy training. It’s frustrating.

Case in point is this week’s news story about a massive data breach in Manitoba. A database with the sensitive medical information of children was accidentally sent by email to approximately 100 wrong organizations. To make matters worse, the CBC news article (which we summarize below) goes on to explain the file was password-protected, but the password was included in the email! Ugh!

See? Obviously the two decades of talking about training are not sufficient. People who handle personal information must be properly trained. Maybe not everyone needs to be an expert, but some basics around how to do privacy properly are clearly and still required in Canada.

In other news, I wanted to give a shout-out to a former privacy pro. Some of you will remember Lisa Campbell, who was acting general counsel for a couple of years at the OPC and then went on to other important roles in government. Well, yesterday, Lisa Campbell was named the first woman to head up the Canadian Space Agency. Congratulations, Lisa! See? Privacy training is good for all sorts of reasons!