OneTrust Training courses are learning experiences designed for compatibility with modern LMS and LCMS platforms. These courses are interactive and require employees to participate and engage with the content being presented. Many of the courses also include assessments which help to gauge the success of the training. Because everyone learns and interacts at a different pace, it may take longer than the estimated runtime to fully experience the course and complete any assessments that are included.
This package includes 15 essential privacy and security courses covering data protection basics and key global regulations such as GDPR, CCPA, and LGPD.
This package includes 19 essential ethics, compliance, and security courses covering topics such as corruption, anti-trust, and whistleblowing. This package includes an 8unit course on anti-harassment.
This package includes access to the OneTrust Campaigns tool as well as Training's Bring Your Own Content (BYOC) feature.
Customization Options
We offer fully customized courses tailored to your programs and policies. Some course examples include topics like Code of Conduct, Gifts & Hospitality, and Privacy Policies. We can use training methodologies like gamification, and video/audio and include interactivity. These projects are uniquely scoped and can be translated for a fee.
Branding Projects:
This process is for projects that require branding only. There will only be a Technical Consultant assigned to these - no Project Manager.
Branding definition:
Branding colors throughout course
Logo on title screen
Custom Background (logo + branding)
1 resource or policy slide
Custom pass/fail quiz scores/percentages
Customized completion certificate
Branding + Markup Projects:
This process is for projects that require branding along with any markup changes that are captured in the course transcripts. There will be a Project Manager and a Technical Consultant working together.
Branding (as defined above)
Markup in course transcript:
Various levels of verbiage changes/swaps/updates.
Custom Course Projects:
This process is for projects made entirely from scratch using customer content.
Some course examples include topics like Code of Conduct, Gifts and Hospitality, and Privacy Policies.
We can use training methodologies like gamification and can include add-ons like video, voice-overs, custom knowledge checks and assessments.
Privacy Essentials
The courses in this package are available in the following languages: English (US), Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Norwegian, Polish, Portuguese (Brazil), Slovak, Spanish (Spain), and Swedish. OneTrust can facilitate translation to additional languages for a fee.
Topic
Description
Estimated Duration
Data Protection Basics Unit 1 - Why Privacy Matters
This unit answers questions such as:
What is privacy?
Why should I care about data protection?
Why is data protection important to my organization?
By helping employees understand data protection and information security, you can reduce errors that often result in data protection incidents.
10 minutes
Data Protection Basics Unit 2 - Personal Information
Recognizing personal data is a critical step in data protection.
This course introduces the concepts of sensitivity, identifiability, masking, aggregating and truncating to help employees better recognize and process personal data.
10 minutes
Data Protection Basics Unit 3 - Handling Personal Information
Data protection responsibilities begin the moment personal data enters your organization and continue until it is destroyed.
Through various scenarios, employees understand how to apply the data protection principles of transparency, consent, data minimization, purpose limitation, security, and access throughout the information life cycle.
10 minutes
Data Protection Basics Knowledge Check (Quiz Only)
This course is designed as a refresher course for your team on the essentials of privacy and data protection.
It includes 15 questions, varying in difficulty, to assess how well employees remember their basic training.
10 minutes
Privacy & Data Protection Essentials
This introductory course provides learners the foundation needed to understand privacy concepts, including defining personal information, outlining the data lifecycle, defining privacy and its importance to organizations handling personal information.
The course also covers basic privacy principles and how they form the basis for laws and organizational policies.
10 minutes
Privacy & Security Awareness
Increase employees’ awareness of basic privacy and security practices in the workplace.
Topics include analyzing types of information, minimizing data access to only what is necessary, keeping information secure, properly destroying information, and staying alert.
10 minutes
Privacy by Design
This course explains what privacy by design is, how it works and how it benefits your organization.
Topics include identifying necessary data, protecting data, limiting how data can be used, limiting data sharing, ensuring accessibility of user controls and providing notice to individuals.
10 minutes
The California Consumer Privacy Act and California Privacy Rights Act: Awareness
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) feature broad privacy requirements new to many businesses.
Get out in front of this sweeping legislation by helping employees understand the scope of the law, definitions of “personal information” and “consumer,” business obligations and consumer rights.
10 minutes
Brazil’s LGPD: A Practical Overview
Having a basic grasp of Brazil’s new data protection law lets mid-level employees better explain and enforce the policies and procedures your organization puts into place.
It also helps identify potential issues in data processing that should be addressed.
This course discusses the terminology used in the LGPD, data subject rights, the legal bases for data processing, basic privacy principles, and data controller obligations.
10 minutes
GDPR: A Practical Overview
This course discusses GDPR terms and their real-world applications, data subject rights, privacy principles and data controllers’ obligations, so mid-level employees can better explain and enforce GDPR policies and procedures within your organization.
24 minutes
GDPR: A Knowledge Check
How well do your employees understand basic concepts of the GDPR and their effect on the handling of personal data?
This course tests employees’ retention of what they’ve learned about the GDPR and identifies those who need follow-up training.
10 minutes
Identifying Phishing Attacks
This fully-interactive and timed unit raises learner awareness of various indicators to help identify phishing attempts.
Learners are challenged to review emails and decide which are legitimate and which are phishing attacks.
10 minutes
Recognizing & Avoiding Social Engineering
Data thieves use a variety of methods to trick employees into divulging information.
This course explores some of the tactics and common warning signs for phishing, spoofing, telephone and in-person scams.
10 minutes
Data Security for Remote Work
This course will outline essential information regarding employees working remotely and suggest best practices to mitigate potential data security vulnerabilities.
(Available in English only.)
10 minutes
Incident Preparedness: Recognizing Risks
This training is designed to help you identify potential sources of incidents, many of which are common employee errors or social engineering attacks.
Learn best practices, potential consequences of security incidents, and recognize when to report issues that arise.
(Available in English only.)
10 minutes
Ethics Essentials
The courses in this package will be available in the following languages, starting February 2023: English (US), Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Norwegian, Polish, Portuguese (Brazil), Slovak, Spanish (Spain), and Swedish. OneTrust can facilitate translation to additional languages for a fee.
Topic
Description
Estimated Duration
Anti-Retaliation for Managers
Managers understand that employees are encouraged to report suspicious or discriminatory action.
This courses teaches managers what retaliation is, steps that they can take to prevent it, and the consequences of retaliation.
10 minutes
Speak Up: Whistleblowing in the Workplace
Healthy organizations have open and transparent cultures.
Promote your culture with OneTrust’s Speak Up training course.
Educate your employees on why they have the shared responsibility to step forward and how they’ll be protected.
10 minutes
Anti-Money Laundering
Familiarize learners with the basics and seriousness of money laundering.
Learners will navigate a money laundering scheme as a criminal and learn how to identify, recognize, and understand what measures to take to prevent it within the organization.
10 minutes
Introduction to Anti-Bribery
This course explains how to identify bribery and avoid it.
Learners will be provided with an overview of what activities are inappropriate, along with major legislation and penalties around the world.
10 minutes
Identifying Phishing Attacks
This fully-interactive course raises learner awareness of various indicators to help identify phishing attempts.
Learners are challenged to review emails, text messages, and voice calls and decide which are legitimate and which are phishing attacks.
10 minutes
The courses below are available in English only. OneTrust can facilitate translation to additional languages for a fee.
Conflict of Interest
This course is intended to educate and explain the importance of understanding conflicts of interest. Employees will explore common types of conflicts of interest and how to identify and report them to the business.
10 minutes
Insider Trading
Educate and equip learners with an overview of how to handle material non-public information and explain the responsibilities relative to preventing insider trading.
10 minutes
Handling Confidential Information
Managing confidential information correctly is critical for preventing data breaches.
After completing this course, learners will be able to define key terminology, discuss information handling practices, identify how confidential information is organized and be able to do their part to keep confidential information safe.
10 minutes
Recognizing & Avoiding Social Engineering
Data thieves use a variety of methods to trick employees into divulging information.
This course explores some of the tactics and common warning signs for phishing, spoofing, telephone and in-person scams.
10 minutes
Data Security for Remote Work
This course will outline essential information regarding employees working remotely and suggest best practices to mitigate potential data security vulnerabilities.
10 minutes
Incident Preparedness
This training is designed to help you identify potential sources of incidents, many of which are common employee errors or social engineering attacks.
Learn best practices, potential consequences of security incidents, and recognize when to report issues that arise.
10 minutes
Anti-Harassment Unit 1: Anti-Harassment Basics
Our workplaces should be friendly, welcoming, comfortable, and safe.
This course will introduce learners to workplace harassment, and teach them how to contribute to a safe work environment.
10 minutes
Anti-Harassment Unit 2: Responsibilities of Supervisors
This course will outline the responsibilities supervisors and people managers have to prevent harassment on their teams.
10 minutes
Anti-Harassment Unit 3: Reporting and Investigations
This course will educate employees on how to report harassment and what will happen after a report is made.
10 minutes
Anti-Harassment Unit 4: Handling Complaints
This course is designed to teach supervisors how to handle complaints and reports made by their team members, including when and how to escalate with HR.
10 minutes
Anti-Harassment Unit 5: Bystander Intervention
This course will educate team members on when and how to intervene in situations they observe.
10 minutes
Anti-Harassment Unit 6: Identifying Harassment in Practice
This course is a hands-on practice in identifying what is or is not harassment.
Learners will navigate multiple scenarios where harassment may be taking place and make decisions about what to do.
10 minutes
Anti-Harassment Unit 7: What Should I Do?
Sometimes you just need some advice. In this course, learners will act as the sounding board for others who aren’t sure what to do and offer advice on how to proceed.
10 minutes
Anti-Harassment Unit 8: Harassment in the News
Harassment can be big news and enforcement can carry big fines.
In this course, learners will read real news stories talking about the impact of harassment and how it’s enforced.
10 minutes
Privacy All Access
The courses in this package are available in English only. OneTrust can facilitate translation to additional languages for a fee.
Advanced Privacy Topics
Topic
Description
Estimated Duration
Data Privacy for Information Security Professionals Part 1
Information security professionals, system administrators and other IT employees must understand how to maintain privacy and navigate potential risks to personal information while managing an organization’s network.
Unit topics include inventorying and updating systems and information, deleting unnecessary information, setting and reviewing access controls, employee monitoring, vendor management, plus helping develop and implement policies and training.
10 minutes
Data Privacy for Information Security Professionals Part 2
This unit helps information security professionals, system administrators and other IT employees recognize security issues throughout the data lifecycle.
It addresses topics such as what personal information is and how to identify it, so they can better assist in determining appropriate uses for that data.
This, in turn, allows them to institute proper limitations on access to the data.
Understanding how data is classified also permits proper storage, archiving and destruction of data.
10 minutes
Advanced Data Subject Rights: GDPR
Under GDPR regulations, companies are obligated to comply with data subject requests in a timely, efficient manner.
This unit provides specific information on data mapping and minimization, plus data storage and sharing that facilitate compliance. We also review what constitutes “consent,” appropriate authentication and how privacy notices enable proper compliance.
10 minutes
Privacy Topics for Management and Customer-Facing Personnel
Topic
Description
Estimated Duration
Privacy for Managers
Managers are in a unique position to regularly gather personal information about the employees they oversee.
This unit is designed to help them recognize personal information when they encounter it, as well as understand their role in helping organizations maintain employee privacy.
10 minutes
Privacy Essentials for Sales Professionals
If your sales team can’t address customer concerns about basic privacy fundamentals and policies, sales can be delayed or lost.
This introductory unit provides them with foundational knowledge of key privacy concepts, including the definition of personal data, privacy laws that can affect sales professionals, the data lifecycle and data protection principles with a focus on data minimization.
10 minutes
Privacy Essentials for Finance
Employees working in the financial sector—for example, personal banking, investment banking, insurance, credit reporting, credit lending, and mortgage lending—handle a significant amount of information about individuals.
This introductory unit provides foundational knowledge of key privacy concepts, including the definition of personal data, global privacy laws that apply to the finance sector, and the data lifecycle.
10 minutes
Privacy and Customer Service
On the front lines of handling personal information, customer service employees need to be educated in proper processing to keep data safe and maintain customer privacy.
This unit discusses the importance of verification and authentication procedures, the critical privacy principles of data minimization and use limitation, as well as concerns about sharing data and taking notes when helping customers.
10 minutes
Protecting Privacy in Call Centers
Call center employees handle personal information every day and must be aware of how to handle it properly.
This unit examines several primary privacy concerns, including social engineering, note taking, data minimization, use limitation and security.
10 minutes
GDPR Compliance for Customer Service
Customer Service Employees will learn about Data Subject Requests and their role and responsibilities in responding to these requests.
Through a series of interactive scenarios, this unit will cover details about Data Subject Rights, what employees are and are not authorized to do in response to a request, and when a request may need to be escalated while providing context through real-life examples.
10 minutes
CCPA Compliance for Customer Service
Employees will learn about consumer rights and their role in fulfilling them, as well as when a request may require escalation.
In addition, they will learn about CCPA business requirements, such as providing consumers with the means to submit a request and the importance of authenticating consumers
10 minutes
Privacy in the Procurement Process
Employees are not always aware of privacy concerns that can arise when working with vendors.
This unit explains what a vendor is and how to select one, what to consider when ending a vendor relationship, and how to identify potential privacy risks while managing vendors.
10 minutes
Fraud Awareness
With call center fraud on the rise, employees need to be aware of how to prevent it. This course helps learners develop a basic understanding of what fraud is, how it manifests in the call center and/or customer service setting, and what precautions should employees take when facing such situations.
10 minutes
Privacy Topics for Human Resources (HR)
Topic
Description
Estimated Duration
HR: Bring YourOwn Device (BYOD)
Human Resource professionals face special considerations and issues when employees use their own devices for work.
Understanding the risks involved with Bring Your Own Device (BYOD) and knowing how to communicate and enforce policies are key to protecting your organization and your employees.
10 minutes
HR: Employee Privacy and Third-Party Vendor Management
Discusses the potential risks and mitigation strategies involved with outsourcing health records management, 401K plan administration, and management of other benefit and wellness plans.
10 minutes
HR: Privacy Considerations When Monitoring Employees
This unit is designed to help you consider the implications of monitoring, so you can better protect your organization and the privacy of employees.
Monitoring employees, workplaces and information is becoming more and more important. Along with the need for monitoring comes the need for well-thought out policies, clear communication and careful implementation.
10 minutes
HR: Handling Employee Files
This unit covers the proper handling of data stored in employee files, including controlling access to those files, appropriate storage of medical and background check data, managing employee data throughout its lifecycle, exercising discretion when discussing employee information, and how to handle sensitive information.
10 minutes
HR: Privacy in the Hiring Process
How does privacy impact the hiring process when you need to reduce legal risks yet maintain a good reputation with applicants?
Learn how to protect the information of applicants and employees while protecting yourself and your organization from legal ramifications.
10 minutes
Privacy Topics for Marketing
Topic
Description
Course Duration
Marketing: Collecting Consumer Information
This unit focuses on privacy concerns raised when marketers collect information about consumers, including why information collection should be limited, the importance of a comprehensive privacy notice, and how laws vary depending on location and how information is collected.
10 minutes
Marketing: Using Consumer Information
With so many ways to use consumer information, marketers need to be tuned in to customers’ points of view, be aware of privacy risks, concerns and legal requirements associated with different methods of marketing, and understand the importance of customer controls.
10 minutes
Marketing: Maintaining Privacy When Working with List Vendors
Using list vendors to reach consumers allows your organization to expand its marketing reach.
This unit highlights important privacy concerns, plus concrete ways you can minimize risk when contracting with a list vendor.
10 minutes
Marketing: Interest-based Advertising for the Privacy-Conscious Marketer
By its nature, interest-based advertising centers on information collected about individuals.
How can your organization utilize this effective marketing technique while simultaneously protecting consumers’ privacy?
Learn about privacy concerns that may surface with interest-based advertising, plus how to recognize and avoid risk.
10 minutes
Marketing: Tracking Technologies and Privacy
Provide marketing employees with best practices for utilizing tracking technologies such as cookies effectively, while meeting consumer expectations and protecting your organization.
Explore necessary notices and consents, issues related to identifying individuals across devices through tracking technologies, and how to mitigate the risks of third-party data collection on websites and apps.
10 minutes
Marketing: Loyalty Programs
This unit examines how privacy can be maintained while collecting information from customers through a privacy program.
It explores why notice and choice are important, how to employ privacy principles and the potential effect of third parties on privacy.
10 minutes
Marketing: Children's Data Protection Around the World
Children’s personal information is subject to additional regulation and consideration beyond that of adults.
This course covers those considerations and requirements in various global laws and design codes.
10 minutes
Privacy Topics for Healthcare
Topic
Description
Estimated Duration
Privacy Essentials in the Healthcare Industry
This course will help define personal data and sensitive personal data, including health data.
The course will discuss general data protection principles, with a focus on data minimization and data lifecycle, meeting privacy expectations of individuals and list key privacy laws that affect processing of health data.
10 minutes
HIPAA for Self- Insured Companies
Since self-insured companies may receive information about employee health or medical treatments, they must comply with HIPAA.
This course covers the obligations self-insured companies have to protect health data.
10 minutes
Global Privacy Regulations
Topic
Description
Estimated Duration
Canada PIPEDA
Canada's PIPEDA is a federal law that sets out the rules of how businesses can collect, use and disclose personal information in the course of commercial activities in Canada.
(Available in English and French Canadian.)
10 minutes
Virginia CDPA
The Virginia Consumer Data Privacy Act (CDPA) was signed into law on March 2, 2021 and will become effective on January 1, 2023.
This course covers: definitions, obligations, penalties, and more.
10 minutes
Thailand PDPA
The PDPA course covers the collection, use, disclosure, and/or transfer of personal data (data processing) within Thailand as well as data processing outside of Thailand.
(Available in English and Thai.)
10 minutes
Japan APPI
Is your organization compliant with Japan's Act on the Protection of Personal Information, or APPI?
This mini course will help your organization discover the various elements of personal information, principals' rights, and the duties for a Personal Information Controller under the APPI.
(Available in English and Japanese.)
10 minutes
South Africa POPIA
Is your organization compliant with South Africa’s POPIA?
POPIA protects the personal data of both natural and legal persons and applies to the processing of personal information by a responsible party.
10 minutes
Privacy in China
This course covers privacy regulation in China, including the Cybersecurity Law (CSL) and Personal Information Protection Law (PIPL).
(Available in English and Simplified Chinese.)
10 minutes
Colorado Privacy Act
The Colorado Privacy Act (CPA) was signed into law on July 7th, 2021 and will become effective on July 1, 2023.
This course covers: definitions, obligations, penalties, and more.
10 minutes
The Connecticut Data Privacy Act (CTDPA)
The Connecticut Data Privacy Act (CTPDA) was signed into law on May 10th, 2022 and will become effective on July 1, 2023.
This course covers: definitions, obligations, penalties, and more.
10 minutes
ISO 27001
ISO 27001 is an internationally recognized standard for information security management.
It provides a systematic approach for organizations to establish, implement, maintain, and continually improve their information security management system (ISMS).
The standard outlines a comprehensive set of controls and best practices designed to safeguard the confidentiality, integrity, and availability of information assets.
By adhering to ISO 27001, organizations can effectively manage risks, protect sensitive data, and demonstrate their commitment to maintaining a robust information security posture.
10 minutes
System and Organization Controls 2 (SOC 2)
System and Organization Controls 2 (SOC 2) is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
It focuses on evaluating the effectiveness of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy.
SOC 2 reports provide valuable insights to customers and stakeholders regarding the organization's ability to safeguard sensitive data and ensure the integrity of its systems.
By undergoing a SOC 2 audit, service organizations demonstrate their commitment to maintaining strong security and data protection practices, enhancing trust and confidence among their clients.
10 minutes
Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of security requirements designed to protect sensitive cardholder data during payment card transactions.
Developed by major credit card companies, including Visa, Mastercard, and American Express, PCIDSS aims to ensure the secure handling, storage, and transmission of cardholder information.
It outlines a range of technical and operational controls that organizations must implement, such as network security, access controls, encryption, and regular system monitoring.
Compliance with PCIDSS is mandatory for all entities that handle cardholder data, including merchants, service providers, and financial institutions.
By adhering to PCIDSS, organizations demonstrate their commitment to maintaining a secure payment environment, reducing the risk of data breaches, and protecting the privacy and trust of their customers.
