[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pbd-se] Groups - Revised Section 2 of PbD-SE Specification uploaded
|
Hei Fred. Section “2.1.1 Proactive not Reactive; Preventative not Remedial” should also include “privacy awareness & training” as an important activity to achieving “proactive” and
“preventative”. Maybe text such as: 2.1.1.x Privacy awareness and training A key component of being proactive and preventative in privacy software engineering is to make sure that staff have adequate privacy training and
that regular awareness building activities are planned. A privacy engineering curriculum should be defined that covers the needs of the organization. This might include a training module on basics of privacy that everyone in the organization would enroll in.
Additional curriculum components might include a training module for specialized skills such as privacy engineering processes and tools, a training module on coding for privacy that includes code snipets for implementing specific privacy design patterns, a
training module on testing for privacy that covers technical topics of how to perform black box or white box testing of products and services to assure that privacy safeguards have been implemented as specified. Additional suggested curriculum components to
consider are training on how to manage third-party partners acting as data processors, in terms of security and privacy requirements. Lastly, in organizations with a code of conduct for employees, management of these organizations should consider adding a
section on privacy. Frank/
Submitter's message
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]