🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Security Awareness Coming Soon

SA Data Handling

Employees learn to identify data classifications, apply proper labeling, storage, sharing, physical security, and disposal practices, ensuring compliance and risk reduction across the organization in daily operations.

Who Should Take This

All staff members who handle any form of corporate information—such as customer records, internal reports, or project files—benefit from this awareness training. It targets non‑technical employees at any seniority level who need clear guidance on classification, safe handling, and when to consult data stewards or IT security.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

63 learning goals
1 Data Classification Fundamentals
2 topics

Why data classification matters

  • Recognize that data classification is the process of categorizing information based on its sensitivity level to determine appropriate protection and handling requirements.
  • Explain why data classification is necessary to protect the organization from data breaches, regulatory penalties, reputational harm, and loss of competitive advantage.
  • Explain the shared responsibility model where every employee who creates, accesses, or shares data is responsible for handling it according to its classification level.
  • Describe real-world examples of data breaches caused by improper data handling and the financial, legal, and reputational consequences that resulted.

Classification levels

  • Recognize public data as information explicitly approved for external release such as marketing materials, press releases, and published job postings.
  • Recognize internal data as information intended only for employees such as internal policies, meeting notes, org charts, and non-sensitive project documentation.
  • Recognize confidential data as sensitive business information such as financial reports, customer lists, strategic plans, contracts, and intellectual property that could cause harm if disclosed.
  • Recognize restricted data as the highest-sensitivity information including trade secrets, PII, PHI, payment card data, credentials, and encryption keys requiring the strictest controls.
  • Explain the principle that data should be classified at the highest level of any component it contains, so a document mixing internal and confidential data is classified as confidential.
  • Describe the role of data owners and data stewards in determining classification levels and approving exceptions to standard handling procedures.
  • Explain when and how data reclassification occurs, such as when internal project information becomes public after a product launch or when confidential data sensitivity increases due to regulatory changes.
  • Analyze a document containing mixed sensitivity data to determine the correct classification level and explain the reasoning behind the classification decision.
2 Data Labeling and Storage
2 topics

Labeling requirements

  • Describe how to apply classification labels to digital documents including headers, footers, watermarks, metadata tags, and file naming conventions that indicate sensitivity level.
  • Describe how to apply classification labels to physical documents including cover sheets, stamps, color-coded folders, and labeled storage containers.
  • Explain why unlabeled data should be treated as confidential by default until it is properly classified by the data owner.
  • Describe how email classification tags and sensitivity labels in Microsoft 365 or Google Workspace help enforce handling rules for messages containing sensitive content.
  • Explain the employee's responsibility to classify data at the point of creation and why waiting to label documents creates risk of mishandling during the unlabeled period.
  • Recognize common labeling mistakes including using incorrect classification levels, omitting labels on derivative documents, and failing to update labels after reclassification.

Storage requirements by classification

  • Describe approved storage locations for each classification level including which corporate drives, cloud platforms, and physical locations are authorized for internal, confidential, and restricted data.
  • Explain why restricted and confidential data must not be stored on personal devices, personal cloud accounts, or unapproved third-party platforms.
  • Describe requirements for encrypting sensitive data at rest on laptops, portable drives, and mobile devices to protect against loss or theft.
  • Explain how access controls such as folder permissions, role-based access, and need-to-know restrictions limit who can view stored data at each classification level.
  • Describe the risks of storing sensitive data in email inboxes and drafts folders where it may persist indefinitely and be exposed through account compromise.
3 Sharing and Transmitting Data
3 topics

Sharing rules by classification

  • Describe the sharing permissions for each classification level including who may receive the data, what approval is needed, and what channels are authorized.
  • Explain why confidential and restricted data should only be shared via approved secure channels such as encrypted email, approved file sharing platforms, or secure transfer portals.
  • Describe the risks of sharing data via personal email, consumer messaging apps, or social media and why these channels are prohibited for non-public business data.
  • Explain how to verify that a data sharing request is legitimate by confirming the recipient's identity, business need, and authorization before transmitting sensitive information.
  • Describe the risks of accidental data exposure through email auto-complete errors, reply-all mistakes, and misdirected file attachments containing sensitive information.

Cloud storage and collaboration tools

  • Describe the organization's approved cloud storage and collaboration platforms and the data classification levels each platform is authorized to handle.
  • Explain the risks of misconfigured sharing settings in cloud platforms including accidentally exposing confidential files to anyone with the link or to external users.
  • Describe best practices for sharing files in cloud platforms including setting expiration dates on shared links, restricting to specific recipients, and reviewing sharing permissions regularly.
  • Analyze a cloud sharing scenario to identify data handling violations and recommend corrective actions to properly secure the shared information.

Data handling during travel and remote work

  • Describe safe practices for handling sensitive data while traveling including using VPN connections, avoiding public WiFi for sensitive work, and not leaving devices unattended.
  • Explain the risks of viewing confidential data on screens in public places such as airports, trains, and coffee shops where shoulder surfing is a significant threat.
  • Describe the procedure for reporting a lost or stolen device that contained or had access to classified data including immediate notification to IT security and remote wipe initiation.
  • Analyze a remote work data handling scenario to determine whether the employee's use of personal devices and public networks complies with data handling policies.
  • Describe the organization's policy on handling sensitive data during international travel, including customs and border control device inspection risks.
4 Physical Data Security
2 topics

Clean desk and clean screen

  • Describe the clean desk policy requiring that sensitive documents, notebooks, and sticky notes are secured in locked drawers or cabinets when not actively in use.
  • Describe the clean screen policy requiring that workstations are locked when employees leave their desks and that sensitive information is not left visible on unattended screens.
  • Explain the importance of clearing whiteboards and removing printed materials from conference rooms after meetings that involve confidential or restricted information.
  • Recognize the risks of taking photographs of whiteboards or screens containing confidential information on personal mobile devices without proper data handling controls.

Secure printing and document handling

  • Describe secure printing practices including using pull printing or badge-release printing for confidential documents to prevent sensitive printouts from sitting unattended at the printer.
  • Explain the risks of leaving printed documents on shared printers, in unlocked mailboxes, or on desks in open office environments.
  • Describe proper procedures for transporting physical documents between locations including sealed envelopes, locked courier bags, and not reading sensitive materials in public places.
5 Data Disposal and Destruction
2 topics

Physical data destruction

  • Describe proper document destruction methods including cross-cut shredding for confidential and restricted paper documents and secure disposal bins for routine shredding services.
  • Explain why regular recycling and trash disposal is not acceptable for documents containing internal, confidential, or restricted information.
  • Describe the requirements for destroying physical media such as hard drives, USB drives, CDs, and backup tapes that contained sensitive data.

Digital data disposal

  • Explain why simply deleting files or emptying the recycle bin does not securely destroy digital data and why additional measures are needed for sensitive information.
  • Describe the procedure for requesting secure digital data destruction from IT including submitting a request, verifying completion, and obtaining a certificate of destruction for restricted data.
  • Explain data retention requirements and why data must be retained for specified periods before destruction, especially data subject to legal holds or regulatory requirements.
  • Recognize the difference between data archiving and data destruction and explain when each is appropriate based on retention policies and business needs.
6 Privacy and Sensitive Data Types
2 topics

Personally identifiable information

  • Recognize personally identifiable information (PII) including full names combined with Social Security numbers, dates of birth, addresses, phone numbers, email addresses, and financial account numbers.
  • Recognize protected health information (PHI) including medical records, diagnoses, treatment information, and health insurance details that require special handling under healthcare privacy regulations.
  • Recognize payment card industry data including credit card numbers, CVVs, expiration dates, and cardholder names that must be protected under payment security standards.
  • Explain the potential consequences of PII disclosure including identity theft, regulatory fines, mandatory breach notification, and litigation costs.
  • Recognize intellectual property data including trade secrets, proprietary algorithms, product roadmaps, and unpublished research that represents significant competitive advantage.
  • Recognize employee confidential data including salary information, performance reviews, disciplinary records, and personal contact details that require restricted handling.

Handling sensitive data scenarios

  • Analyze a data handling scenario to determine the correct classification level for a document containing mixed sensitivity data and recommend appropriate storage and sharing controls.
  • Analyze a data sharing request scenario to determine whether the request is authorized, identify missing approvals, and recommend the correct secure transmission method.
  • Analyze a data disposal scenario to determine whether the destruction method is adequate for the data's classification level and recommend improvements.
  • Analyze a remote work data handling scenario to identify policy violations related to device security, network security, and physical document management.
  • Synthesize a personal data handling checklist that covers classification, labeling, storage, sharing, and disposal for the data types most commonly encountered in the employee's role.
  • Synthesize recommendations for improving a team's data handling practices by identifying common violations, proposing process improvements, and suggesting training priorities.

Scope

Included Topics

  • Data classification levels used in corporate environments: public, internal, confidential, and restricted, with clear definitions and examples of each level.
  • Data handling procedures for each classification level including labeling requirements, storage locations, sharing permissions, transmission methods, and secure disposal practices.
  • Clean desk and clean screen policies including locking workstations when unattended, securing printed documents, and managing whiteboards and physical notes containing sensitive information.
  • Digital data handling including secure file sharing platforms, cloud storage policies, email attachments, removable media restrictions, and secure printing practices.
  • Data lifecycle management from creation and labeling through storage, sharing, archiving, and secure destruction of both digital and physical records.
  • Privacy awareness including handling of personally identifiable information (PII), protected health information (PHI), payment card data, employee confidential data, and intellectual property.
  • Remote and travel data handling including secure use of laptops in public places, VPN requirements, and handling sensitive data on mobile devices.

Not Covered

  • Technical implementation of data loss prevention (DLP) systems, encryption protocols, and access control lists (covered by IT security teams).
  • Detailed regulatory compliance requirements for specific frameworks such as GDPR, HIPAA, or PCI-DSS implementation details beyond employee awareness.
  • Database administration, backup management, and data recovery procedures.
  • Information security management system (ISMS) design and ISO 27001 certification processes.

SA Data Handling is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified