SECURITY AND PRIVACY TRAINING - 5320.2

Policy: Each state entity shall determine the appropriate content of security and privacy training based on the assigned roles and responsibilities of individuals and the specific security requirements of the state entity and the information assets to which personnel have access. Privacy training content will ensure personnel understand their responsibility for compliance with the Information Practices Act of 1977 and the penalties for non-compliance.

Governing Provisions:  Civil Code section 1798

Implementation Controls:  NIST SP 800-53: Awareness and Training (AT)