Using OneTrust's Training module, you can conduct training across your organization to enhance users' knowledge of regulations and best practices related to privacy, security, ethics.
Providing training to your users can enhance your organization's compliance with laws and industry protocol.
Setup Checklist
Refer to the following steps when implementing Training:
Add users.
Add users to OneTrust manually in Global Settings. If you need to add multiple users, skip to the next step.
Bulk import users.
Add multiple new users at once using the Create Users bulk import template.
Assign roles and permissions.
Once you've added users, assign them appropriate roles. These roles will apply specific permissions for accessing and viewing courses and enrollment information. If you need to assign a custom role, see Creating Custom Roles for Training.
After you've selected a course, enroll your users. You can also select a language, set a deadline, and configure enrollment reminder emails.
Note
Course enrollment is not available for all customers. Specifically, if you have purchased the OneTrust LMS, you can assign courses in a Campaign. For more information, see the Campaigns knowledge base in myOneTrust.
Monitor and export enrollment information.
After enrolling users, view enrollment information on the Enrolled Users tab of the Course Details screen and export a full report of enrollment data, including the enrollment date, course status, and deadline for each user.
Training Permissions and Roles
The following permissions and roles are currently available for use with the Training module.
Training Permissions
Permission
Description
Info
AwarenessTrainingModuleAccess
Access the Training module from the main navigation menu.
Users must have this permission in order to access any Training feature.
AwarenessTrainingLibrary
Access the Training Courses screen and Course Details screen. Watch video previews of training courses.
Users must have this permission to access courses and course files.
AwarenessTrainingAssign
Assign courses to other users.
Users must also have AwarenessTrainingLibrary for this permission to work as expected.
Users must also have AwarenessTrainingViewEnrollment to see which users have been assigned specific courses.
AwarenessTrainingViewEnrollment
View the users enrolled in a course along with status and score.
Users must also have AwarenessTrainingAssign to view the enrollment wizard.
AwarenessTrainingRequestDemo
View and interact with the Request Demo button on the Training Welcome screen.
AwarenessTrainingDownloadSCORM
Download Training SCORM packages to upload them to external LMS tools.
Training Roles
Training Learner: Training Learners are low-level users who can only access training courses that have been assigned to them. Training Learners do not have access to any administrative functions.
Training Manager: Training Managers are business users who have access to most everyday and some administrative functions in the Training module. By default, Training Managers have limited access to destructive and configuration functions.
Employee: Employees are users who only need access to the Employee Portal, where they can find their assigned courses under My Action Items. This role is for customers who are using the OneTrust LMS.
Creating Custom Roles for Training
You can create custom roles for Training to allow your Learning and Development team to access and download course files.
About the role
This role is designed to give limited access to the OneTrust application for employees who need to preview and download Training files. It does not grant access to other application modules.
This role has 4 total permissions:
Permission
Description
Welcome
Grants access to the OneTrust application home screen.
Training Module Access
Grants access to the Training module from the main navigation menu and home screen.
Training Library
Grants access to the course library including the ability to preview courses.
permission.name.AwarenessTrainingDownloadSCORM
Grants access to download Training courses as SCORM files for upload to LMS tools.
If you want to add these permissions to an existing custom role, these permissions can be found in the Training section of the role customization interface.
To create a custom role by upload
On the Global Settings menu, select Roles from the User Management section. The Roles screen appears.
Click the Import button. The Import Role modal appears.
Enter a brief description of the role and its purpose.
Organization
Select the organization group with which the role is associated.
File
Click the Upload button and then use the file explorer to select the role spreadsheet.
The spreadsheet for this role (RoleAwarenessTrainingDownload.xlsx )is attached to this article or can be found in the Training Discussion group.
Adding and Editing Users
In order to access the OneTrust application, every user will need their own user profile. You can add users to the account directly from Global Settings. Users can be assigned multiple roles within multiple organizations, which can provide flexibility to accommodate each user's specific permissions needed to perform their respective job duties. Users can also be assigned to user groups through which they will inherit the roles associated with that user group in addition to their existing roles and permissions.
Note
For additional information, click here to reference frequently asked questions (FAQ) about user management.
To add a user
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the Add User button. The Add User Details section appears.
Complete the required fields and enter additional details, as needed. For more information, see Add User Screen Reference.
Click the Next button. The Assign Roles to User section appears. For more information, see Add User Screen Reference.
Click the Add Role button. The Add Role modal appears.
In the Role field, select a role to assign to the user.
In the Organization field, select the organizational group in which the user will have the defined role.
Click the Add button. The selected role appears in the Assign Roles to User section.
Note
You can assign multiple roles within multiple organizations to a user by repeating steps 5 - 8 or by clicking the Save and Add New button on the Add Role modal.
Click the Create button.
Note
The new user will be sent a Welcome email with a link to access the application. Clicking the link will take the user to the OneTrust Login screen and the user will be prompted to create a password before accessing the application.
To disable sending the Welcome email to new users that will use basic authentication to log in to the application (i.e. users with non-SSO email domains), disable the Welcome Email template on the Templates tab on the Email screen.
To disable sending the Welcome email to new users that will use Single Sign-On (SSO) to log in to the application, disable the Welcome Email (Directory User) template.
For more information on disabling email templates, see the To disable an email template procedure in Emails: Branding & Templates.
Add User Screen Reference
Section
Field
Description
User Details
First Name
Enter the user's first name.
Last Name
Enter the user's last name.
Email Address
Enter the email address for the user. The email address must be unique and will be used to access the application.
External User
Select the check box if this is an external user. Leave the check box blank if this is an internal user.
Enter Expiration Date
Enter the date on which an external user's access to the application should automatically expire.
Note
This field is available when the External User check box is selected. This optional feature can be used when you need to add external users for a short period of time; for example, just the amount of time necessary for a vendor to complete an assessment.
Additional Attributes (Optional)
Business Unit
Enter the user's business unit.
Department
Enter the department with which the user is associated.
Division
Enter the division with which the user is associated.
Employee ID
Enter the user's employee ID.
Job Title
Enter the user's job title.
Manager
Select the user's manager from the list of users within the application.
Manager (Legacy)
Enter the name of the user's manager.
Note
The Manager (Legacy) field will be deprecated in the future. OneTrust recommends using the new Manager field to populate this attribute for new and existing users.
Office Location
Enter the location of the user's office.
Assign Roles to User
Role
Select a role to assign to the user. You can select from the default roles provided in the application or select a custom role. You can also assign multiple roles to the user.
Select the organizational group in which the user will have the defined role.
For more information about organizational groups and hierarchy, see Managing Organizations.
User Information tab
On the User Information tab on the Users screen, you can modify an existing user's details and any additional attributes configured when the user was created.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user you want to edit. The User Information tab on the Users screen appears.
Hover over a field you want to modify, and click the Edit icon that appears. Editable fields become available.
Edit the fields, as necessary.
Click the Save button.
Editing a User's Email Address
Global Settings Configuration
Site Admins can configure whether a user is required to confirm changes to their email address using the Require Users to Confirm Email Address Change setting on the User Settings screen in Global Settings.
Based on the selected configuration, the following scenarios will apply:
Global Settings Configuration
Description
Require Users to Confirm Email Address Change setting is enabled in Global Settings
If a change is made to a user's email address, an email message will be sent to the new email address with a link to confirm the change. Another email message will be sent to the old email address to inform the user of the change request.
Note
The email address will be updated in the application only after the change request is confirmed using the received link.
Require Users to Confirm Email Address Change setting is disabled in Global Settings
Changes made to a user's email address will be automatically updated and will take effect immediately. Users will not be required to confirm the change once submitted.
Things to Know
If SSO is enabled, Site Admins will need to ensure that the new email address is updated in the IdP for the change to take immediate effect. It is important to update the email address correctly in both the IdP and the application to avoid user lockout and/or unwarranted access.
Note
A user's email address cannot be updated in the following scenarios:
The user being edited is an External user.
The user being edited is an Invited user.
The user being edited has multiple accounts in the same application environment.
The user who is attempting to update the user's information is an External Site Admin. OneTrust Consultants are generally External users and cannot perform this action within your account.
The user who is attempting to update the user's information is not assigned to the root organization.
The user is attempting to update their existing email address on a domain verified for SSO to an email address that is not on a domain verified for SSO.
To edit a user's email address
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user you want to edit. The User Information tab on the Users screen appears.
Hover over the Email Address field, and click the Edit icon that appears. Editable fields become available.
In the Email Address field, update the user's current email address to the new email address.
Click the Save button.
Roles tab
On the Roles tab on the Users screen, you can assign, edit, and remove roles from the user. Roles assigned to the user individually as well as roles inherited by the user through an assigned user group appear on the Roles tab. In addition, when the user logs in, they will then be able to see their access granted by their assigned roles.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user to which you want to assign a role. The User Information tab on the Users screen appears.
Navigate to the Roles tab. The roles assigned to the user appear.
Click the Add Role button. The Add Role modal appears.
Field
Description
Role
Select a role to assign to the user.
Note
Only existing Site Admins can assign the Site Admin role to another user.
Organization
Select the organizational group in which the user will have the defined role.
Complete the fields, as necessary.
Click the Add button.
To edit an assigned role
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user for which you want to edit a role. The User Information tab on the Users screen appears.
Navigate to the Roles tab. The roles assigned to the user appear.
Hover over the role that you want to edit, and click the Context Menu icon that appears.
On the Context menu, select Edit. The Edit modal appears.
Modify the fields, as necessary.
Click the Save button.
To remove roles from a user
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select User Management > Users. The Users screen appears.
Click the link in the Name column for the user from which you want to remove a role. The User Information tab on the Users screen appears.
Navigate to the Roles tab. The roles assigned to the user appear.
Select the check boxes corresponding to the role(s) you want to remove from the user. Multiple check boxes can be selected.
Click the Remove button. The Remove Role modal appears.
Note
At least one role must remain assigned to a user.
Note
If the role you are removing is tied to an assigned user group, the modal below will appear stating that the user will be removed from the respective user group. All inherited roles and permissions granted by the user group will be removed from the user. You can identify which roles were inherited from a user group using the User Group column on the Roles tab.
Click the Confirm button.
User Groups tab
On the User Groups tab on the Users screen, you can assign the user to user groups. When a user is added to a user group that has additional roles that the user may not currently have, the user will inherit the roles associated with that user group in addition to their existing roles and permissions. When the user logs in, they will then be able to see their additional access granted by those new roles.
The following responses are supported solutions to frequently asked questions (FAQ) about user management. The OneTrust team continuously monitors these inquiries and will make additional FAQ available as they are identified.
1.
Why am I receiving the following error message: "Unable to add user as an email update is In progress."
This error message appears if an update to a user's email address is actively in progress and an attempt to create a new user with that same email address is made. You can locate the user record that is actively being updated on the Users screen > All Users list by either searching for the user's old email address or by searching for the user's first or last name.
The error can be resolved using one of the following methods:
The user can confirm the change via the link in the email message sent to the new email address.
If the user is unable to confirm the change, you can cancel the change, disable the Require Users to Confirm Email Address Change setting in Global Settings, and update the user's email address again. With this setting disabled, changes made to a user's email address will be automatically updated and will take effect immediately. Users will not be required to confirm the change once submitted.
Click the gear icon in the upper right-hand corner to access Global Settings.
On the Global Settings menu, select Data Import > Import Templates. The Import Templates screen appears.
Download the Create Users import template.
Note
You can update users in bulk using the Update Users template.
Open the downloaded file in Microsoft Excel.
Complete the downloaded template for the users you want to import. For more information, see Bulk Import Fields.
Note
The bulk import process does not support the following characters when creating multiple users: /, |, and ;. A new row is needed for each user.
In addition, allow the bulk import to complete before uploading more files. Files larger than 64 MB are not supported.
On the Import Templates screen, click the New Import button. The New Import modal appears.
In the Import Name field, enter a name for the import.
In the Import Description field, enter a brief description of the contents of the import.
In the Import Type field, select the type of import which corresponds to the template you are using.
In the File field, click the Upload File button.
Use the file explorer to select the spreadsheet you want to import.
Note
Verify that the spreadsheet is saved as an .xlsx file.
Click the Submit button.
To view the status and result of your bulk import, select Data Import > Bulk Import on the Global Settings menu.
Note
If there was an error in the upload, click the link in the Result column for the import to download a report indicating the errors.
Bulk Import Fields
Users
The following fields are required for bulk importing users. Complete the remaining optional fields, as necessary.
Field
Description
Action
Enter Create.
Email Address
Enter the email address of the user you want to add. The user will need to use this email address to log in to OneTrust and all OneTrust platform emails will be sent to this address.
First Name
Enter the first name of the user.
Last Name
Enter the last name of the user.
Organization
Enter the name of the organization to which the user belongs.
The organization must already exist in OneTrust for the bulk upload to work correctly.
Role
Select the role you want the user to have.
If you want to assign a user to a different role, you can reassign the user's role on the Users screen.
User Type
Enter whether the user is Internal or External.
Expiration Date
(Optional)
Enter the expiration date for an external user's access to OneTrust in the format YYYY-MM-DD.
Note
Only enter an expiration date for external users, as needed.
Department
Enter the department to which the user belongs.
Business Unit
Enter the business unit to which the user belongs.
Employee Id
Enter the employee Id of the user.
Manager
Enter the name of the user's manager.
Division
Enter the division to which the user belongs.
Job Title
Enter the job title of the user.
Office Location
Enter the office location of the user.
Send Activation Email
Enter True or False to indicate whether to send the initial activation email to the user.
Note
A blank entry in this field is interpreted as True.
New Email Address
Enter the new email address to update for the user. The user will use this new email address to log in to OneTrust and all OneTrust platform emails will be sent to this address.
Note
The email address can only be updated for active, internal users by users with appropriate permissions.
Training Course and Packaging Guide
OneTrust Training Course Design
OneTrust Training courses are learning experiences de. igned for compatibility with modern LMS and LCMS platforms. These courses are interactive and require employees to participate and engage with the content being presented. Many of the courses also include assessments which help to gauge the success of the training. Because everyone learns and interacts at a different pace, it may take longer than the estimated runtime to fully experience the course and complete any assessments that are included.
This package includes 15 essential privacy and security courses covering data protection basics and key global regulations such as GDPR, CCPA, and LGPD.
This package includes 19 essential ethics, compliance, and security courses covering topics such as corruption, anti-trust, and whistleblowing. This package includes an 8unit course on anti-harassment.
This package includes access to the OneTrust Campaigns tool as well as Training's Bring Your Own Content (BYOC) feature.
Customization Options
We offer fully customized courses tailored to your programs and policies. Some course examples include topics like Code of Conduct, Gifts & Hospitality, and Privacy Policies. We can use training methodologies like gamification, and video/audio and include interactivity. These projects are uniquely scoped and can be translated for a fee.
Branding Projects:
This process is for projects that require branding only. There will only be a Technical Consultant assigned to these - no Project Manager.
Branding definition:
Branding colors throughout course
Logo on title screen
Custom Background (logo + branding)
1 resource or policy slide
Custom pass/fail quiz scores/percentages
Customized completion certificate
Branding + Markup Projects:
This process is for projects that require branding along with any markup changes that are captured in the course transcripts. There will be a Project Manager and a Technical Consultant working together.
Branding (as defined above)
Markup in course transcript:
Various levels of verbiage changes/swaps/updates.
Custom Course Projects:
This process is for projects made entirely from scratch using customer content.
Some course examples include topics like Code of Conduct, Gifts and Hospitality, and Privacy Policies.
We can use training methodologies like gamification and can include add-ons like video, voice-overs, custom knowledge checks and assessments.
Privacy Essentials
The courses in this package are available in the following languages: English (US), Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Norwegian, Polish, Portuguese (Brazil), Slovak, Spanish (Spain), and Swedish. OneTrust can facilitate translation to additional languages for a fee.
Topic
Description
Estimated Duration
Data Protection Basics Unit 1 - Why Privacy Matters
This unit answers questions such as:
What is privacy?
Why should I care about data protection?
Why is data protection important to my organization?
By helping employees understand data protection and information security, you can reduce errors that often result in data protection incidents.
10 minutes
Data Protection Basics Unit 2 - Personal Information
Recognizing personal data is a critical step in data protection.
This course introduces the concepts of sensitivity, identifiability, masking, aggregating and truncating to help employees better recognize and process personal data.
10 minutes
Data Protection Basics Unit 3 - Handling Personal Information
Data protection responsibilities begin the moment personal data enters your organization and continue until it is destroyed.
Through various scenarios, employees understand how to apply the data protection principles of transparency, consent, data minimization, purpose limitation, security, and access throughout the information life cycle.
10 minutes
Privacy and Data Protection Basics Review - A Knowledge Check (Quiz Only)
This course is designed as a refresher course for your team on the essentials of privacy and data protection.
It includes 15 questions, varying in difficulty, to assess how well employees remember their basic training.
10 minutes
Privacy and Data Protection Essentials
This introductory course provides learners the foundation needed to understand privacy concepts, including defining personal information, outlining the data lifecycle, defining privacy and its importance to organizations handling personal information.
The course also covers basic privacy principles and how they form the basis for laws and organizational policies.
10 minutes
Privacy and Security Awareness
Increase employees’ awareness of basic privacy and security practices in the workplace.
Topics include analyzing types of information, minimizing data access to only what is necessary, keeping information secure, properly destroying information, and staying alert.
10 minutes
Privacy by Design
This course explains what privacy by design is, how it works and how it benefits your organization.
Topics include identifying necessary data, protecting data, limiting how data can be used, limiting data sharing, ensuring accessibility of user controls and providing notice to individuals.
10 minutes
The California Consumer Privacy Act and California Privacy Rights Act (CCPA and CPRA)
The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) feature broad privacy requirements new to many businesses.
Get out in front of this sweeping legislation by helping employees understand the scope of the law, definitions of “personal information” and “consumer,” business obligations and consumer rights.
10 minutes
Brazil’s LGPD: A Practical Overview
Having a basic grasp of Brazil’s new data protection law lets mid-level employees better explain and enforce the policies and procedures your organization puts into place.
It also helps identify potential issues in data processing that should be addressed.
This course discusses the terminology used in the LGPD, data subject rights, the legal bases for data processing, basic privacy principles, and data controller obligations.
10 minutes
GDPR: A Practical Overview
This course discusses GDPR terms and their real-world applications, data subject rights, privacy principles and data controllers’ obligations, so mid-level employees can better explain and enforce GDPR policies and procedures within your organization.
24 minutes
GDPR: A Knowledge Check
How well do your employees understand basic concepts of the GDPR and their effect on the handling of personal data?
This course tests employees’ retention of what they’ve learned about the GDPR and identifies those who need follow-up training.
10 minutes
Identifying Phishing Attacks
This fully-interactive and timed unit raises learner awareness of various indicators to help identify phishing attempts.
Learners are challenged to review emails and decide which are legitimate and which are phishing attacks.
10 minutes
Recognizing and Avoiding Social Engineering
Data thieves use a variety of methods to trick employees into divulging information.
This course explores some of the tactics and common warning signs for phishing, spoofing, telephone and in-person scams.
10 minutes
Data Security for Remote Work
This course will outline essential information regarding employees working remotely and suggest best practices to mitigate potential data security vulnerabilities.
10 minutes
Incident Preparedness: Recognizing Risks
This training is designed to help you identify potential sources of incidents, many of which are common employee errors or social engineering attacks.
Learn best practices, potential consequences of security incidents, and recognize when to report issues that arise.
10 minutes
Ethics Essentials
The courses in this package will be available in the following languages, starting February 2023: English (US), Chinese (Simplified), Czech, Danish, Dutch, Finnish, French, German, Italian, Japanese, Norwegian, Polish, Portuguese (Brazil), Slovak, Spanish (Spain), and Swedish. OneTrust can facilitate translation to additional languages for a fee.
Topic
Description
Estimated Duration
Anti-Retaliation for Managers
Managers understand that employees are encouraged to report suspicious or discriminatory action.
This courses teaches managers what retaliation is, steps that they can take to prevent it, and the consequences of retaliation.
10 minutes
Speak Up: Whistleblowing in the Workplace
Healthy organizations have open and transparent cultures.
Promote your culture with OneTrust’s Speak Up training course.
Educate your employees on why they have the shared responsibility to step forward and how they’ll be protected.
10 minutes
Anti-Money Laundering
Familiarize learners with the basics and seriousness of money laundering.
Learners will navigate a money laundering scheme as a criminal and learn how to identify, recognize, and understand what measures to take to prevent it within the organization.
10 minutes
Introduction to Anti-Bribery
This course explains how to identify bribery and avoid it.
Learners will be provided with an overview of what activities are inappropriate, along with major legislation and penalties around the world.
10 minutes
Conflict of Interest
This course is intended to educate and explain the importance of understanding conflicts of interest. Employees will explore common types of conflicts of interest and how to identify and report them to the business.
10 minutes
Insider Trading
Educate and equip learners with an overview of how to handle material non-public information and explain the responsibilities relative to preventing insider trading.
10 minutes
Handling Confidential Information
Managing confidential information correctly is critical for preventing data breaches.
After completing this course, learners will be able to define key terminology, discuss information handling practices, identify how confidential information is organized and be able to do their part to keep confidential information safe.
10 minutes
Identifying Phishing Attacks
This fully-interactive course raises learner awareness of various indicators to help identify phishing attempts.
Learners are challenged to review emails, text messages, and voice calls and decide which are legitimate and which are phishing attacks.
10 minutes
Recognizing and Avoiding Social Engineering
Data thieves use a variety of methods to trick employees into divulging information.
This course explores some of the tactics and common warning signs for phishing, spoofing, telephone and in-person scams.
10 minutes
Data Security for Remote Work
This course will outline essential information regarding employees working remotely and suggest best practices to mitigate potential data security vulnerabilities.
10 minutes
Incident Preparedness
This training is designed to help you identify potential sources of incidents, many of which are common employee errors or social engineering attacks.
Learn best practices, potential consequences of security incidents, and recognize when to report issues that arise.
10 minutes
Anti-Harassment Unit 1: Anti-HarassmentBasics
Our workplaces should be friendly, welcoming, comfortable, and safe.
This course will introduce learners to workplace harassment, and teach them how to contribute to a safe work environment.
10 minutes
Anti-Harassment Unit 2: Responsibilities of Supervisors
This course will outline the responsibilities supervisors and people managers have to prevent harassment on their teams.
10 minutes
Anti-Harassment Unit 3: Reporting and Investigations
This course will educate employees on how to report harassment and what will happen after a report is made.
10 minutes
Anti-Harassment Unit 4: Handling Complaints
This course is designed to teach supervisors how to handle complaints and reports made by their team members, including when and how to escalate with HR.
10 minutes
Anti-Harassment Unit 5: Bystander Intervention
This course will educate team members on when and how to intervene in situations they observe.
10 minutes
Anti-Harassment Unit 6: Identifying Harassment in Practice
This course is a hands-on practice in identifying what is or is not harassment.
Learners will navigate multiple scenarios where harassment may be taking place and make decisions about what to do.
10 minutes
Anti-Harassment Unit 7: What Should I Do?
Sometimes you just need some advice. In this course, learners will act as the sounding board for others who aren’t sure what to do and offer advice on how to proceed.
10 minutes
Anti-Harassment Unit 8: Harassment in the News
Harassment can be big news and enforcement can carry big fines.
In this course, learners will read real news stories talking about the impact of harassment and how it’s enforced.
10 minutes
Privacy All Access
The courses in this package are available in English only. OneTrust can facilitate translation to additional languages for a fee.
Advanced Privacy Topics
Topic
Description
Estimated Duration
Data Privacy for Information Security Professionals Part 1
Information security professionals, system administrators and other IT employees must understand how to maintain privacy and navigate potential risks to personal information while managing an organization’s network.
Unit topics include inventorying and updating systems and information, deleting unnecessary information, setting and reviewing access controls, employee monitoring, vendor management, plus helping develop and implement policies and training.
10 minutes
Data Privacy for Information Security Professionals Part 2
This unit helps information security professionals, system administrators and other IT employees recognize security issues throughout the data lifecycle.
It addresses topics such as what personal information is and how to identify it, so they can better assist in determining appropriate uses for that data.
This, in turn, allows them to institute proper limitations on access to the data.
Understanding how data is classified also permits proper storage, archiving and destruction of data.
10 minutes
Advanced Data Subject Rights: GDPR
Under GDPR regulations, companies are obligated to comply with data subject requests in a timely, efficient manner.
This unit provides specific information on data mapping and minimization, plus data storage and sharing that facilitate compliance. We also review what constitutes “consent,” appropriate authentication and how privacy notices enable proper compliance.
10 minutes
Privacy Topics for Management and Customer-Facing Personnel
Topic
Description
Estimated Duration
Privacy for Managers
Managers are in a unique position to regularly gather personal information about the employees they oversee.
This unit is designed to help them recognize personal information when they encounter it, as well as understand their role in helping organizations maintain employee privacy.
10 minutes
Privacy Essentials for Sales Professionals
If your sales team can’t address customer concerns about basic privacy fundamentals and policies, sales can be delayed or lost.
This introductory unit provides them with foundational knowledge of key privacy concepts, including the definition of personal data, privacy laws that can affect sales professionals, the data lifecycle and data protection principles with a focus on data minimization.
10 minutes
Privacy Essentials for Finance
Employees working in the financial sector—for example, personal banking, investment banking, insurance, credit reporting, credit lending, and mortgage lending—handle a significant amount of information about individuals.
This introductory unit provides foundational knowledge of key privacy concepts, including the definition of personal data, global privacy laws that apply to the finance sector, and the data lifecycle.
10 minutes
Privacy and Customer Service
On the front lines of handling personal information, customer service employees need to be educated in proper processing to keep data safe and maintain customer privacy.
This unit discusses the importance of verification and authentication procedures, the critical privacy principles of data minimization and use limitation, as well as concerns about sharing data and taking notes when helping customers.
10 minutes
Protecting Privacy in Call Centers
Call center employees handle personal information every day and must be aware of how to handle it properly.
This unit examines several primary privacy concerns, including social engineering, note taking, data minimization, use limitation and security.
10 minutes
GDPR Compliance for Customer Service
Customer Service Employees will learn about Data Subject Requests and their role and responsibilities in responding to these requests.
Through a series of interactive scenarios, this unit will cover details about Data Subject Rights, what employees are and are not authorized to do in response to a request, and when a request may need to be escalated while providing context through real-life examples.
10 minutes
CCPA Compliance for Customer Service
Employees will learn about consumer rights and their role in fulfilling them, as well as when a request may require escalation.
In addition, they will learn about CCPA business requirements, such as providing consumers with the means to submit a request and the importance of authenticating consumers
10 minutes
Privacy in the Procurement Process
Employees are not always aware of privacy concerns that can arise when working with vendors.
This unit explains what a vendor is and how to select one, what to consider when ending a vendor relationship, and how to identify potential privacy risks while managing vendors.
10 minutes
Privacy Topics for Human Resources (HR)
Topic
Description
Estimated Duration
HR: Bring YourOwn Device (BYOD)
Human Resource professionals face special considerations and issues when employees use their own devices for work.
Understanding the risks involved with Bring Your Own Device (BYOD) and knowing how to communicate and enforce policies are key to protecting your organization and your employees.
10 minutes
HR: Employee Privacy and Third-Party Vendor Management
Discusses the potential risks and mitigation strategies involved with outsourcing health records management, 401K plan administration, and management of other benefit and wellness plans.
10 minutes
HR: Privacy Considerations When Monitoring Employees
This unit is designed to help you consider the implications of monitoring, so you can better protect your organization and the privacy of employees.
Monitoring employees, workplaces and information is becoming more and more important. Along with the need for monitoring comes the need for well-thought out policies, clear communication and careful implementation.
10 minutes
HR: Handling Employee Files
This unit covers the proper handling of data stored in employee files, including controlling access to those files, appropriate storage of medical and background check data, managing employee data throughout its lifecycle, exercising discretion when discussing employee information, and how to handle sensitive information.
10 minutes
HR: Privacy in the Hiring Process
How does privacy impact the hiring process when you need to reduce legal risks yet maintain a good reputation with applicants?
Learn how to protect the information of applicants and employees while protecting yourself and your organization from legal ramifications.
10 minutes
Privacy Topics for Marketing
Topic
Description
Course Duration
Marketing: Collecting Consumer Information
This unit focuses on privacy concerns raised when marketers collect information about consumers, including why information collection should be limited, the importance of a comprehensive privacy notice, and how laws vary depending on location and how information is collected.
10 minutes
Marketing: Using Consumer Information
With so many ways to use consumer information, marketers need to be tuned in to customers’ points of view, be aware of privacy risks, concerns and legal requirements associated with different methods of marketing, and understand the importance of customer controls.
10 minutes
Marketing: Maintaining Privacy When Working with List Vendors
Using list vendors to reach consumers allows your organization to expand its marketing reach.
This unit highlights important privacy concerns, plus concrete ways you can minimize risk when contracting with a list vendor.
10 minutes
Marketing: Interest-based Advertising for the Privacy-Conscious Marketer
By its nature, interest-based advertising centers on information collected about individuals.
How can your organization utilize this effective marketing technique while simultaneously protecting consumers’ privacy?
Learn about privacy concerns that may surface with interest-based advertising, plus how to recognize and avoid risk.
10 minutes
Marketing: Tracking Technologies and Privacy
Provide marketing employees with best practices for utilizing tracking technologies such as cookies effectively, while meeting consumer expectations and protecting your organization.
Explore necessary notices and consents, issues related to identifying individuals across devices through tracking technologies, and how to mitigate the risks of third-party data collection on websites and apps.
10 minutes
Marketing: Loyalty Programs
This unit examines how privacy can be maintained while collecting information from customers through a privacy program.
It explores why notice and choice are important, how to employ privacy principles and the potential effect of third parties on privacy.
10 minutes
Marketing: Children's Data Protection Around the World
Children’s personal information is subject to additional regulation and consideration beyond that of adults.
This course covers those considerations and requirements in various global laws and design codes.
10 minutes
Privacy Topics for Healthcare
Topic
Description
Estimated Duration
Privacy Essentials in the Healthcare Industry
This course will help define personal data and sensitive personal data, including health data.
The course will discuss general data protection principles, with a focus on data minimization and data lifecycle, meeting privacy expectations of individuals and list key privacy laws that affect processing of health data.
10 minutes
HIPAA for Self-
Insured Companies
Since self-insured companies may receive information about employee health or medical treatments, they must comply with HIPAA.
This course covers the obligations self-insured companies have to protect health data.
10 minutes
Global Privacy Regulations
Topic
Description
Estimated Duration
Canada PIPEDA
Canada's PIPEDA is a federal law that sets out the rules of how businesses can collect, use and disclose personal information in the course of commercial activities in Canada.
(Available in English and French Canadian.)
10 minutes
Virginia CDPA
The Virginia Consumer Data Privacy Act (CDPA) was signed into law on March 2, 2021 and will become effective on January 1, 2023.
This course covers: definitions, obligations, penalties, and more.
10 minutes
Thailand PDPA
The PDPA course covers the collection, use, disclosure, and/or transfer of personal data (data processing) within Thailand as well as data processing outside of Thailand.
(Available in English and Thai.)
10 minutes
Japan APPI
Is your organization compliant with Japan's Act on the Protection of Personal Information, or APPI?
This mini course will help your organization discover the various elements of personal information, principals' rights, and the duties for a Personal Information Controller under the APPI.
(Available in English and Japanese.)
10 minutes
South Africa POPIA
Is your organization compliant with South Africa’s POPIA?
POPIA protects the personal data of both natural and legal persons and applies to the processing of personal information by a responsible party.
10 minutes
Privacy in China
This course covers privacy regulation in China, including the Cybersecurity Law (CSL) and Personal Information Protection Law (PIPL).
(Available in English and Simplified Chinese.)
10 minutes
Colorado Privacy Act
The Colorado Privacy Act (CPA) was signed into law on July 7th, 2021 and will become effective on July 1, 2023.
This course covers: definitions, obligations, penalties, and more.
10 minutes
The Connecticut Data Privacy Act (CTDPA)
The Connecticut Data Privacy Act (CTPDA) was signed into law on May 10th, 2022 and will become effective on July 1, 2023.
This course covers: definitions, obligations, penalties, and more.
10 minutes
ISO 27001
ISO 27001 is an internationally recognized standard for information security management.
It provides a systematic approach for organizations to establish, implement, maintain, and continually improve their information security management system (ISMS).
The standard outlines a comprehensive set of controls and best practices designed to safeguard the confidentiality, integrity, and availability of information assets.
By adhering to ISO 27001, organizations can effectively manage risks, protect sensitive data, and demonstrate their commitment to maintaining a robust information security posture.
10 minutes
System and Organization Controls 2 (SOC 2)
System and Organization Controls 2 (SOC 2) is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
It focuses on evaluating the effectiveness of a service organization's controls related to security, availability, processing integrity, confidentiality, and privacy.
SOC 2 reports provide valuable insights to customers and stakeholders regarding the organization's ability to safeguard sensitive data and ensure the integrity of its systems.
By undergoing a SOC 2 audit, service organizations demonstrate their commitment to maintaining strong security and data protection practices, enhancing trust and confidence among their clients.
10 minutes
Payment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) is a comprehensive set of security requirements designed to protect sensitive cardholder data during payment card transactions.
Developed by major credit card companies, including Visa, Mastercard, and American Express, PCIDSS aims to ensure the secure handling, storage, and transmission of cardholder information.
It outlines a range of technical and operational controls that organizations must implement, such as network security, access controls, encryption, and regular system monitoring.
Compliance with PCIDSS is mandatory for all entities that handle cardholder data, including merchants, service providers, and financial institutions.
By adhering to PCIDSS, organizations demonstrate their commitment to maintaining a secure payment environment, reducing the risk of data breaches, and protecting the privacy and trust of their customers.
Using Training, you can enroll and unenroll users from training courses, view the details of their course assignment, and resend enrollment notifications.
Note
Course enrollment is not available for all customers. Specifically, if you have purchased the OneTrust LMS, you can assign courses in a Campaign. For more information, see the Campaigns knowledge base in myOneTrust.
To enroll a user in a course
On the Training menu, select Courses. The Courses screen appears.
Hover over a course tile until the Enroll button appears.
Click the Enroll button. The Enrollment Details screen appears.
Select a deadline and set a default language. You can also set automatic enrollment reminders, add any comments you have for the enrolled user, and opt to update the course to its latest version.
When selecting users across multiple pages of the user list, your selections from previous pages will remain intact when navigating to subsequent pages.
Note
To filter the list of enrolled users by managing organization, click the the filter icon.
Click the Submit button. The Course Details screen appears.
A list of enrolled users and course assignment details will display in the Enrolled Users tab.
Enrollment Details All Users Screen Reference
Note
When you select a record, you have the ability to select all available records at once.
Field
Description
Full Name
The user's name.
Email
The user's email.
Organization
The managing organization to which the user belongs.
Filter
Select the icon to filter the list of users by managing organization.
Enrollment Details Groups Screen Reference
Note
User Groups are added through the Global Settings menu. For more information, see Managing User Groups.
Field
Description
Select Row
Select the groups to be enrolled in the course.
Group Name
The name of the group.
Description
A brief description of the users in the group.
Number of Users
The number of users in the group.
To unenroll a user from a course
On the Training menu, select Courses. The Courses screen appears.
Hover over a course tile until the View Details button appears.
Click the View Details button. The Course Details screen appears.
Go to the Enrolled Users tab.
On the list of enrolled users, click the Context Menu icon at the end of a row for a user you want to unenroll. The Context menu appears.
Select Unenroll. A confirmation modal appears.
Important
Unenrolling a user will delete that user's history, including course progress and score.
Click the Unenroll button.
To resend an enrollment notification
On the Training menu, select Courses. The Courses screen appears.
Hover over course tile until the View Details button appears.
Click the View Details button. The Course Details screen appears.
Go to the Enrolled Users tab.
On the list of enrolled users, select the Context Menu icon at the end of a row for a user you want to receive a notification. The Context menu appears.
Select Resend Notification. A notification will be sent to the user via email.
To filter the list of enrolled users
On the Training menu, select Courses. The Courses screen appears.
Hover over course tile until the View Details button appears.
Click the View Details button. The Course Details screen appears.
Go to the Enrolled Users tab.
On the list of enrolled users, select the Filter icon. The Filter pane appears.
Configure the filter.
Click the Save button.
Click the Apply button.
Exporting Course Enrollment Data
Use the Export button on the Enrolled Users tab to download a spreadsheet report of enrollment data for a specific course.
To export course enrollment data
On the Training menu, select Courses. The Courses screen appears.
Hover over a course tile until the View Details button appears.
Click the View Details button. The Course Details screen appears.
Go to the Enrolled Users tab.
Click the Export button. A Report Download modal appears.
Click the Close button on the Report Download modal.
Click the task notification icon. The Alert Center pane appears.
Select enrollment-export from the list of tasks to download the file.
Note
The export will download as a Microsoft Excel spreadsheet.
View the export file.
For each enrolled user, the export will include the following:
