Do all employees in a state agency need to take annual security and privacy training?

Yes.  All employees and contractors must receive security and privacy training, at least once annually, on state and departmental information security and privacy policies and laws, including the consequences of violating them. Additionally, all third parties who have access to personal, confidential, or sensitive state information must receive the security and privacy training on an annual basis.

Refer to Budget Letter 06-34, Information Security Notification and Reporting, and Management Memo 06-12, Protection of Information Assets, for additional requirements and details.