My lunchtime speaking engagement was at the International Association of Privacy Professional's Boston KnowledgeNet. I had the pleasure to share the panel with Mike Spinney from SixWeight (www.sixweight.com) and identity theft guru Robert Siciliano. We had a spirited discussion about privacy training and awareness. You can access their blogs in the panel to the right.
Our conclusion -- People are one of the weakest links in information security: employee negligence or wrongdoing is among the most common causes of security breaches.
Implement and train employees to follow formal information security policies that protect the private information of employees and customers.
Limit the number of people who have access to and/or handle confidential documents. Be careful when hiring new employees and perform full reference checks and, where warranted, ask new hires to sign confidentiality agreements.
Privacy awareness is as important as training and it should be continuing education.