Presentation is loading. Please wait.

Presentation is loading. Please wait.

Developing an Enterprise-Wide Privacy and Data Security Training Program Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota.

Published byClement Townsend Modified over 8 years ago

Similar presentations

Presentation on theme: "Developing an Enterprise-Wide Privacy and Data Security Training Program Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota."— Presentation transcript:

1 Developing an Enterprise-Wide Privacy and Data Security Training Program Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota John T. Jensen, CHPS, CIPP Assistant Director Privacy & Security Office University of Minnesota

2 Outline Drivers Organizational Complexity Key Project Components Costs and Timelines Lessons Learned Questions

3 Drivers Incidents Notification law New IT security laws Leverage resources Lots of regulation

4 Complexity of Higher Education –Multi-part missions –Culture of Openness –Decentralized Organization –Need for Privacy and Security –Diverse stakeholders –Regulations –Community Expectations

5 Developing a Balanced Approach: Key Assumptions University faculty, staff, and students create, use, access, store, and share private data. Must understand human dimensions as well as acknowledge the need to address not only what is required (law) but also what is expected (from the community).

6 Key Project Components Analysis & Planning Curriculum & Instructional Design Content Development Training Delivery & Tracking Awareness & Communications Evaluation & Measurements Reporting

7 Analysis & Planning Process Key Findings –Content –Technology and delivery –Patterns of use –challenges Recommendations

8 Analysis & Planning Mandatory or voluntary Role based? Scope measurements Opportunities

9 Purpose Educate users about institutional expectations. Educate users about good IT practices. Enhance productivity through standard practices.

10 Course Curriculum Data Security in Your Job Securing Your Computer Workstation Using University Data Self Assessment Personnel DataStudent Data Health DataFinancial Data Faculty, Managers, & Supervisors

11 Content Development Principal v. topical Identify subject matter experts Policy translation Course objectives Identify resources Lots and lots and lots of time!

12

13

14

15 Training Delivery & Tracking Privacy Coordinator/Liaison Structure Leveraging Existing Infrastructure –Human Resources System (PeopleSoft) –University portal (www.myu.umn.edu)www.myu.umn.edu –Database (Oracle) –eLearning System (WebCT – Blackboard) –Email Tracking & Delivery Enhancements –Tiered assignments for timed delivery –Reports

16 Communications & Awareness Challenges –Decentralized communication infrastructures –Multiple web identities –Communicating to Faculty –Communicating to research personnel “I work with rats, not data”

17 Communications & Awareness –A Multi-Tiered Approach –Packaged Communications (Mailings, Posters, Logos, Banners, etc) –Strategic Communications (Memorandums, electronic notices of course assignments, in- person meetings, Scripts for supervisors and coordinators)

18 Communications & Awareness - Packaged

19 Measurements : Evaluation & Reporting 1. I am confident that I can secure my work environment and the private data I may use in my job. 2. I am confident that I can identify resources for securing my computer workstation. 3. I am confident that I can create and use strong passwords. 4. I am confident that I can recognize actions that increase security risk. 5. I am confident that I can use best practices to reduce the risks associated with using and sharing University private data. 6. I am confident that I can identify security issues and take appropriate action to address them. 7. I am confident that I can identify what University data are private and what University data are public. Assessing Confidence Levels: Before and After Training

20 Costs and Timelines ComponentTimeCosts Analysis & Planning (front-end analysis) 80 hours (.5 months) $15,000 consultants only Curriculum & Instructional Design Content Development 1,500 hours (9+ months) $110,000 consultants only Training Delivery & Tracking Reporting 1,700 hours (10+ months) $170,000 business analyst and programmers Awareness & Communications500 hours (3+ months) $35,000 designers, consultants, materials Evaluation80 hours (.5 months) $7,000 Total23 months*$337,000*

21 Contact Information Privacy & Security Office University of Minnesota privacy@umn.edu Ross T. Janssen, JD, CIPP 612.626.5844 janss006@umn.edu John T. Jensen, CHPS, CIPP 612.626.3885 jense100@umn.edu

Download ppt "Developing an Enterprise-Wide Privacy and Data Security Training Program Ross T. Janssen, J.D., CIPP Privacy & Security Officer University of Minnesota."

Similar presentations

Planning Collaborative Spaces in Libraries

Planning Collaborative Spaces in Libraries
How Will it Help Me Do My Job?

How Will it Help Me Do My Job?
Leader - version.2.0 Building Organizations from the Inside Diana Jones Ritter, CGFM Executive Deputy Comptroller NYS Office of the State Comptroller.

Leader - version.2.0 Building Organizations from the Inside Diana Jones Ritter, CGFM Executive Deputy Comptroller NYS Office of the State Comptroller.
WV High Quality Standards for Schools

WV High Quality Standards for Schools
The CHE’s Accreditation Criteria QA Forum: Professional bodies February 2012.

The CHE’s Accreditation Criteria QA Forum: Professional bodies February 2012.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
School Based Student Reporting v4.0 1 Version 3 to Version 4 Update Training School Based Student Reporting Version 4.0.

School Based Student Reporting v4.0 1 Version 3 to Version 4 Update Training School Based Student Reporting Version 4.0.
March 29, 2012 Improving Health Outcomes for Children in Foster Care: the Role of Electronic Information Exchange.

March 29, 2012 Improving Health Outcomes for Children in Foster Care: the Role of Electronic Information Exchange.
Www.dundee.ac.uk/careers Graham Nicholson Director Careers Service University of Dundee Assessment of Personal Transferable Skills.

Graham Nicholson Director Careers Service University of Dundee Assessment of Personal Transferable Skills.
Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.

Supportive Services for Veteran Families (SSVF) Data Bigger Picture Updated 5/22/14.
Security Controls – What Works

Security Controls – What Works
Key Communities and Objectives Outcomes- Based Assessment Telling the Story Results Closing the Loop.

Key Communities and Objectives Outcomes- Based Assessment Telling the Story Results Closing the Loop.
Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.

Alliance for Strategic Technology (AST) SUNY Business Intelligence Initiative January 8, 2009.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Introduction to Web-Based Learning. Defining Web-Based Instruction Instruction via Internet and Intranet only. Synonymous with online learning.

Introduction to Web-Based Learning. Defining Web-Based Instruction Instruction via Internet and Intranet only. Synonymous with online learning.
Copyright 2003 Cuyahoga Community College District Knowledge Management: Making it Fly in Higher Education Presenter: Amy C. Eugene Director, Knowledge.

Copyright 2003 Cuyahoga Community College District Knowledge Management: Making it Fly in Higher Education Presenter: Amy C. Eugene Director, Knowledge.
Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.

Data Protection in Higher Education: Recent Experiences in Privacy and Security Institute for Computer Law and Policy Cornell University June 29, 2005.
Welcome to the Information Session on Leadership Competency Models

Welcome to the Information Session on Leadership Competency Models
Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.

Building Public Health / Clinical Health Information Exchanges: The Minnesota Experience Marty LaVenture, MPH, PhD Director, Center for Health Informatics.
Georgia Interoperability Network Training Project Overview Mark Hodges Georgia Tech Research Institute.

Georgia Interoperability Network Training Project Overview Mark Hodges Georgia Tech Research Institute.

Similar presentations

Ads by Google