5

I was completing a survey of the various regulations and standards that require Privacy or Security Awareness training, and have compiled the following list from various sources:

FEDERAL LAWS AND REGULATIONS

  • HIPAA
  • GLBA
  • FISMA
  • FTC Red Flags Rule

INDUSTRY CODES

  • PCI DSS

STANDARDS

  • NIST 800-53
  • ISO/IEC 27002

REGIONAL LAWS

  • US-EU Safe Harbor Arrangement
  • Canada’s PIPEDA
  • Texas Health Privacy Law
  • Massachusetts Data Security Law

But I am not seeing anything specific for the UK or EU. Are there regulations that apply?

Improve this question
6
  • You are v. careful in including only business-environment regulations. It might be worth it to mention it explicitly.
    – Deer Hunter
    Commented Oct 1, 2015 at 19:30
  • @DeerHunter actually, I would be interested in any general regulation (not a local institution's internal policies) that stipulates that Awareness training is required.
    – schroeder
    Commented Oct 1, 2015 at 21:06
  • The only thing I can think of is Cyber Essentials (mandatory for all new contracts with UK government?) - from memory this includes security training/awareness questions, though I do not think they are critical to certification.
    – R15
    Commented Oct 2, 2015 at 14:10
  • @R15 Cyber Essentials does not require Awareness, but it is part of the "10 Steps to Cyber Security" guidance.
    – schroeder
    Commented Oct 2, 2015 at 15:01
  • Would this be something located in Directive 95/46/EC?
    – pr-
    Commented Oct 23, 2015 at 15:28

1 Answer 1

Reset to default
1

I knew it had to be in DPA somewhere...while not an explicit reference to training/awareness, Data Protection Act 1998, Schedule 1, Part II, paragraph 10 states:

The data controller must take reasonable steps to ensure the reliability of any employees of his who have access to the personal data.

By implication, for staff to perform their data protection obligations reliably they will need to be aware of what those obligations are and trained in how to meet them.

Improve this answer
0

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .