Training and Awareness
- Information Privacy Basics for State Employees
The Enterprise Privacy Office (EPO) has developed training to introduce agency personnel to basic privacy concepts and best practices. The training is available to many agencies through the South Carolina Enterprise Information System (SCEIS) MySCLearning learning management system. A Microsoft PowerPoint version is also available. Contact EPO at email@example.com for more information.
- Online Cybersecurity Training (FREE!)
The U.S. Department of Homeland Security's Federal Virtual Training Environment (FedVTE) is a government-wide, online and on-demand cybersecurity training system designed to help the workforce maintain expertise and foster operational readiness. With courses ranging from beginner to advanced levels, the system is available at no cost to users, and is accessible from any internet-enabled computer. State of South Carolina employees may self-register using their official .gov email address. Government contractors or state, local, tribal and territorial government employees who do not have a .gov, .mil or .fed.us email address, may self-register with the email address used for official government business. Once the system recognizes that you are not using a pre-approved government email address, you will be prompted with further instructions.
Division of State Human Resources InfoSec and Privacy Professional Development ProgramThe Division of State Human Resources has developed a Professional Development Program (PDP) as a critical step towards achieving an Information Security (InfoSec) and Privacy workforce equipped to execute daily tasks, proactively prevent incidents, and protect State citizens and information assets. The components of the PDP include InfoSec and Privacy roles and responsibilities, a competency model for InfoSec and Privacy roles, and position descriptions and a training plan for the InfoSec and Privacy workforce.
EPO Privacy Tips
- Paper Records (PPU-2015-01)
- Faxes and Copiers (PPU-2015-02)
- Privacy and Physical Security (PPU-2015-03)
- Providing Notice (PPU-2015-04)
- Information Sharing (PPU-2015-05)
- Cyber Security Awareness (PPU-2016-07)
- Phishing Don't Take the Bait (PPU-2016-08)
- Ransomware (PPU-2017-01)
- To Shred Or Not To Shred (PPU-2017-02)
- Data Lifecycle (PPU-2017-03)
- Privacy By Design (PPU-2017-04)
- The Benefits of Data Classification (PPU-2017-05)
Other Privacy Tips
- Federal Trade Commission – Tips and Advice
- South Carolina Department of Consumer Affairs – Consumer Information
- PBS / SC ETV – “A Cyber Privacy Parable” Video
NOVA LABS Cybersecurity Lab – Training Videos, Quizzes and Games
IRS Disclosure Awareness Videos
International Association of Privacy Professionals (IAPP) Glossary of Privacy Terms
SANS Glossary of Security Terms
Frequently Asked Questions
- Q: What is the difference between privacy and security?
- Q: Why is privacy important?
- Q: What is data classification, and how will it advance agency privacy programs?
- Q: Isn’t privacy just something for my agency’s information technology (IT) department to worry about?
- Q: As an agency’s privacy liaison, what is a good way to get our privacy program started?
- Q: How can agency privacy liaisons find out more information?
- Q: I do not work for the government, but I want to learn more about privacy issues. Where can I get more information about protecting my personal information?
- Q: How can state and local government entities get assistance in meeting privacy requirements?
- Q: Who can use these services?
- Q: Which Information Security and Privacy Services (ISPS) contract vendors provide privacy services?
- Q: What privacy services do the Information Security and Privacy Services (ISPS) contract vendors provide?
- Q: How do I take advantage of the Information Security and Privacy Services contract?
- Q: Who do I contact with questions about the procurement process?
- Q: What if I need help determining the services I need?
- Q: Since the ISPS contract is a statewide term contract, is it mandated that state and local government entities use the ISPS contract for information security and privacy services?
- Q: What state resources are available in managing vendors on the ISPS contract?
Q: What is data classification, and how will it advance agency privacy programs?
A: Data classification is an important step in setting up your privacy program. It involves identifying the data that your agency holds and/or uses and then categorizing the data based on its sensitivity level. Once you have classified your data, you will have a better understanding of the risks and how to reduce those risks, such as through information technology security protections or employee training. A quick guide to the most common data classification circumstances and examples is available at https://admin.sc.gov/files/DataClassificationSchemaAndGuidelines071417.pdf.