Did you celebrate Data Privacy Day this week? Data Privacy Day (January 28), led by the National Cyber Security Alliance, commemorates the 1981 signing of the first legally binding international treaty to address privacy and data protection. Rather than just break out the cake, balloons, and noisemakers this year, we decided to celebrate with a data privacy topic training checklist. In the life sciences industry, massive amounts of public and private data are collected, stored, and shared around the world. Proper training on the management of that data is critical to ensure privacy is maintained in an appropriate and secure manner.
Here’s a brief list of key training suggestions:
- Divide the training into three categories: patient data, customer data, and company data.
- Understanding the difference between public and private data is key. Public data is available to the public. Private data needs to be protected.
- Emphasize why data needs to be protected. Legal penalties, loss of public trust, remediation costs, and prison time are all possible consequences.
- Provide examples of patient data, and train learners to know to limit their access to Personal Health Information (PHI) and get written consent from the patient if they do need to access it.
- Remind learners that customer data also needs to be protected and cite cases in which customer data can be shared.
- Spend a significant amount of time covering company data and information. Don’t forget the perils of social media.
- Give them tactics for protecting electronic, print, and verbal data. For example, sign-on codes, usernames, and passwords need to be kept secret, and paper documents that contain sensitive information must be locked in file drawers when not in use.
- Data privacy is a global concern. Employees need to be sensitive to governing laws when they are dealing with anyone outside of the United States.
- The General Data Privacy Regulation (GDPR) is a comprehensive and timely law. Learners need to be aware of its requirements.
- When covering record retention and disposition, teach learners how to respond to a data breach. Stress the importance of notifying management and the legal department when a breach occurs.
Your customers, business partners, and patients all expect you to keep private information secure and confidential and there are severe consequences when that does not occur. The checklist above is a good starting point, but effective data privacy training needs to be carefully planned and vetted with the appropriate stakeholders to ensure it addresses the critical topics.
Thanks for reading!
PharmaCertify by NXLevel Solutions