Mirsky & Company provides free, downloadable resources created for lawyers and non-lawyers alike. Grounded in best practices, these resources are designed to assist organizations in understanding and managing their data security and privacy obligations.
DISCLAIMER: We make available the content and resources in these pages for educational and informational purposes only. Nothing in these pages constitutes legal advice nor should it be construed as legal advice in any way. The content and resources in these pages may not constitute the most up-to-date or accurate information. A user of these resources should contact his or her attorney to obtain advice with respect to any particular legal matter before relying on any of these resources. Mirsky & Company, PLLC expressly disclaims liability with respect to any actions or omissions taken or not taken based on the content and resources in these pages. The content and resources provided in these pages are provided “as is”; no representations are made that the content and resources are error-free.
Contents
Data Security Training Resources
Training checklists and quizzes for organizations and individuals to improve awareness of and preparation for common data security situations.
1.Data Security Checklist (Securing your Devices, Data and Accounts)
This is a checklist of basic device and account security measures that you and your organization’s staff can take to prevent or mitigate many common data security and privacy vulnerabilities - sort of the “low-hanging fruit” of data security and privacy protection. This checklist is organized into 3 parts: (1) Securing your Devices (2) Securing Your Data and (3) Securing Your Accounts.
PDF Format (updated Jun 5, 2024)
Google Form (Interactive Checklist) - Part 1: Securing Your Devices
Google Form (Interactive Checklist) - Part 2: Securing Your Accounts
Google Form (Interactive Checklist) - Part 3: Securing Your Data
PDF Format (fillable/interactive form)
2. Cybersecurity Training Quiz (for individuals and teams): Malware, Viruses and Phishing
This interactive quiz will help you improve your knowledge and awareness of the most common tactics hackers are using to trick you into disclosing confidential information, revealing account and device passwords, and making you download malicious software and files onto you computer or your company’s systems. The bad guys can be very skilled and it can be very difficult to tell what’s safe and what’s not, what’s real and what’s fake. This training will help.
Google Form (Interactive Quiz, including report generation)
PDF Format (w/o answer key) (fillable/interactive form)
PDF Format (answer key)
PRIVACY AND DATA SECURITY COMPLIANCE
Resources to assist businesses in complying with consumer privacy laws in the US (CCPA, etc.) and the EU (GDPR). Includes resources for data mapping, contract requirements, privacy policy and other disclosure requirements, consumer access rights (DSARs), opt-out obligations, Data Protection Impact Assessments (DPIAs).
1. State Law Privacy Compliance – Compliance Checklist (January 2023)
A checklist for compliance (summary checklist + detail) with new or amended state consumer privacy laws in California, Colorado, Connecticut, Utah and Virginia. Includes resources for data mapping, vendor and customer contract requirements, privacy policy and other disclosure requirements, SOPs for consumer access rights (DSARs), opt-out obligations, and Data Protection Impact Assessments (DPIAs).
Personal Data Access Rights
Resources to assist in managing processes for compliance with data access rights for individuals under data privacy laws such as GDPR and CCPA.
1. Data Subjects Access Rights Organizational Standard Operating Procedure: A step-by-step guide for responding to DSARs
This is a process guide for a business to respond to a request for data access rights from an individual. This is an “if this, then this, but not that” approach to how a business can manage, evaluate and respond to requests received from individuals exercising their data access rights under the GDPR, CCPA and other applicable data privacy laws.
2.DSAR Intake Interview Form
This is an “interview” form that may be used to for intake of a request for data access rights from an individual, and corresponds to items 7-10 in the DSAR Organizational SOP (see above), relating to procedures to verify the identity of the data requestor. You could post this intake form as a web form on your organization’s website, linked to from your Privacy Policy or from a separate “Data Access Rights” page on your website.
Data Mapping / Data Inventory RESOURCES
Forms and templates, including examples, for inventorying personal data through various stages in organizations: identification of source, legal purpose of collection, how used, where and how long stored, and where and to whom transferred.
1. Data Inventory Worksheet Questionnaire
Get started thinking through your data with this easy-to-use questionnaire.
Download Word Document
PDF Format
2. Sample Data Map / Data Inventory
This is a terrific 1-page illustration published by the Isle of Man (UK) government, of a data map/data inventory, showing the “why, who, when, where and what” questions for mapping your organization’s data. Putting together a map (and going through the exercise to do that) is critical to being able to do everything else with data privacy compliance, and not just with GDPR, but also with California's new law (CaCPA).
3. Blank Data Map / Data Inventory
This blank spreadsheet can be used to populate a data map / data inventory based on information collected during the data inventory questionnaire process (see above).
Download Excel Sheet
Google Sheet
4. Blank Data Map / Data Inventory (Populated Example)
This is an example of a completed (redacted) Data Map / Data Inventory Spreadsheet showing the populated data map / data inventory based on information collected during the data inventory questionnaire process (see above).