Training
Featured CourseView All Courses

SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

SEC595Cyber Defense, Artificial Intelligence
SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
View course detailsRegister
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
NEW - AI Security Training
Can't find what you are looking for?

Let us help.

Contact us
Free Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

Customer Case Studies

Discover how organizations and individual cyber practitioners use SANS training and GIAC certifications

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Contact Sales
Contact Sales

Additional Information About your Data Protection Rights

Residents of the European Union and the United Kingdom

If you are a resident of the European Union (E.U.) or United Kingdom (U.K.), the E.U. or U.K. General Data Protection Regulation (collectively, the “GDPR”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy . Under the GDPR, you have a number of rights. For example, you can request to see a copy of the personal information we process about you, to delete or rectify your personal information, or to transfer your personal information elsewhere. You also have the right to make a complaint to your local supervisory authority and in the first instance to our Data Privacy Department.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the United States of America (U.S.A.) and other jurisdictions outside of the U.S.A., the E.U.- or the U.K.

We want to assure you that SANS is fully committed to compliance with the GDPR when it comes to international data transfers. We take data privacy seriously and apply the necessary safeguards to ensure the protection of your data. Specifically, we utilize the Standard Contractual Clauses (SCC) for our E.U.-based transfers and the International Data Transfer Agreement (IDTA) for our U.K.-based transfers, to guarantee that your data is transferred securely and in accordance with GDPR requirements. Your privacy and data security are of utmost importance to us, and we are dedicated to upholding the highest standards in this regard.

Residents of Australia

If you are a resident of Australia, the Privacy Act (“TPA”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy. Under the TPA, individuals have several rights including:

  • Right to Anonymity and Pseudonymity: Individuals have the right to interact with us without revealing their true identity or by using a fictitious name, unless this is impractical or legally prohibited for the specific transaction.
  • Right to Opt Out of Direct Marketing: Individuals have the right to opt out of receiving direct marketing communications at any time. Opt-out rights can be exercised by clicking here, by contacting privacy@sans.org, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.
  • Right to Access Personal Data: Individuals may request a copy of their personal data from us in a clear and readable format.
  • Right to Request Personal Data Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Notice of Data Collection: Individuals must be notified by us when we collect their information detailing the purpose of collection, potential disclosures and consequences of not providing the data.

You have the right to make a complaint with the Office of the Australian Information Commissioner. You also have the right to make a complaint to our Data Privacy Department.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of the Australia. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of Brazil

If you are a resident of Brazil, the General Personal Data Protection Law (“LGPD”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy. Under the LGPD, you have several rights that you can exercise free of charge and through a facilitated procedure, including:

  • Right to Confirmation of Processing and Access to Data: Individuals have the right to know if their data is being processed by us and to access that data in a clear format.
  • Right to Request Personal Data Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Anonymization, Blocking, or Deletion: Individuals may request the anonymization, blocking, or deletion of unnecessary or non-compliant data held by us.
  • Right to Data Portability: Individuals may request that their data be transferred to another service provider in a structured, machine-readable format.
  • Right to Deletion of Consent-Based Data: Individuals may request the deletion of data processed based on consent, with some exceptions.
  • Right to Request Information on Data Sharing: Individuals have the right to be informed about entities with which their data has been shared.
  • Right to Information on Consequences of Denying Consent: Individuals have the option to deny consent to the processing of certain information by us and may request information on its potential impacts.
  • Right to Revocation of Consent: Individuals may withdraw consent to the processing of their data by us at any time.
  • Right to Review of Automated Decisions: Individuals may request a review of our decisions based solely on automated data processing that affect them.
  • Right to Complain: Individuals may file complaints with the national data protection authority (ANPD) or consumer defense bodies. Individuals may also file a complaint to our Data Privacy Department.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of Brazil. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of Japan

If you are a resident of Japan, the Act on the Protection of Personal Information (“APPI”) regulates our handling of your personal data. Under the APPI, our use of your personal information must adhere to strict guidelines regarding the collection, use, and storage of personal data, including obtaining your consent before processing your data and ensuring that adequate security measures are in place to protect your personal information. Under the APPI, you have several rights, including:

  • Right to Access: Individuals may request access to their personal data held by us. This includes not only the data itself (which can be requested in hard or digital copy) but also information regarding the purpose of use and records of any third-party transfers.
  • Right to Request Personal Data Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Cessation of Use:Individuals may request that we stop using or delete their personal information if (i) the data is being used beyond the specified purpose without consent, (ii) the data was collected unlawfully or by deceitful means, (iii) a data breach has occurred that infringes on their rights, or (iv) the data is no longer necessary for the original purpose.
  • Right to Object to Third-Party Transfer: Individuals may request that their data not be transferred to a third party, especially if done without proper consent or a legal basis.
  • Right to Withdraw Consent: Where data processing is based on consent, individuals may withdraw that consent at any time.
  • Right to be Informed: We must provide individuals with information about the collection, purpose of use, and any potential third party recipients of individuals’ personal data.
  • Right to Complain:Individuals may file a complaint with our Data Privacy Department and with the Japanese supervisory authority, the Personal Information Protection Commission (PPC).

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of Japan. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of The Kingdom of Saudi Arabia

If you are a resident of the Kingdom of Saudi Arabia (“K.S.A.”), the Personal Data Protection Law (“PDPL”) is applicable to our use of your personal information. There are two connected regulations – the “Implementing Regulations to the PDPL” and the “Regulations on Personal Data Transfers Outside the Kingdom” (“Transfer Regulations”). The PDPL guarantees individuals several rights regarding their personal data, including:

  • Right to be Informed: Individuals must be informed of the legal justification for collecting their personal data, the purpose of the collection, the identity and reference address of the data collector, the entities to which the personal data may be disclosed, and their capacity; whether the personal data will be transferred, disclosed, or processed outside the KSA, the potential risks and consequences of not completing the data collection process, and the rights of the individual.
  • Right to Access: Individuals may request a copy of their personal data from us in a clear and readable format.
  • Right to Correction: Individuals may request the correction, completion, or updating of personal data held by us.
  • Right to Request Destruction: Individuals may request that we destroy any of their personal data that is no longer needed.
  • Right to Withdraw Consent to Processing: Individuals may withdraw their consent for us to process their personal data at any time, except in cases stipulated by the Personal Data Protection Law and its implementing regulations.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of the K.S.A. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of Singapore

If you are a resident of Singapore, the Personal Data Protection Act (“PDPA”) is applicable to our use of your personal information. The lawful basis for processing your personal information will depend on the personal information concerned and the specific context in which we collect it as detailed in the Privacy Policy. Under the PDPA, you have several rights, including:

  • Right to Access: Individuals may request access to their personal data and information on our use or disclosure of such personal data in the past year. A reasonable fee may apply for access requests.
  • Right to Correction: Individuals may request corrections to their data held by us. We must make corrections promptly and notify relevant parties.
  • Right to Withdraw Consent: Individuals may withdraw consent for the collection, use, or disclosure of personal data by us with reasonable notice. Note, there may be consequences to individuals who withdraw consent for the processing of data by us. We can explain those consequences upon receipt from an individual of a request for withdrawal of consent.
  • Right to be Informed: Individuals have the right to be informed about the purposes of data collection by us at the time it is collected.
  • Right to Data Portability: Individuals may have the right to obtain personal information in a format that allows the individual to transmit the information to another entity easily, and to the extent technically feasible, individuals have the right to have the personal information delivered in a readily usable format.
  • Right to Complain: Individuals may complain to our Data Privacy Department and, if unresolved, to the Personal Data Protection Commission (PDPC), without fear of discrimination.

SkillsFuture Program

Please note that SANS Training PTE Limited (“SANS Singapore”) participates in the Singapore SkillsFuture program, and that if you utilize a SkillsFuture Credit to assist in payment of a SANS course or GIAC certification, SANS Singapore as required by law may collect and provide certain information about you to the SkillsFuture Singapore Agency including your NRIC and/or passport number, attendance record at SANS courses, course assessments and GIAC examination results.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org. You may also reach out to singapore@sans.org to reach a local Data Protection Officer representative.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of Singapore. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

Residents of the United Arab Emirates

If you are a resident of the United Arab Emirates (“UAE”), the UAE Data Protection Law, officially known as Federal Decree Law No. (45) of 2021 (“PDPL”) establishes a comprehensive framework for the protection of personal data, ensuring privacy rights and accountability in data processing. You have several rights under the PDPL, including:

  • Right to be Informed: Individuals must be informed by us regarding data collection purposes, data sharing with third parties, data storage duration, and safeguards for international data transfers before processing occurs.
  • Right to Access: Individuals may request their personal data from us in a clear and machine-readable format.
  • Right to Rectification: Individuals may ask for the correction, completion, or updating of their personal data by us if it is inaccurate or outdated.
  • Right to Erasure: Individuals may request the deletion of their personal data held by us, particularly if it is no longer necessary for its original purpose, if consent is withdrawn, or if processing is unlawful.
  • Right to Restriction of Processing: Individuals may request the suspension or limitation of processing of their personal data by us in certain situations, such as when they dispute data accuracy or object to processing.
  • Right to Object to Processing: Individuals may object to their personal data being processed by us, especially direct marketing or statistical surveys (unless public interest applies), or if it violates PDPL principles.
  • Right to Data Portability: Individuals may request to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transfer it to another data controller if technically feasible.
  • Rights regarding Automated Decision-Making: Individuals have the right not to be subject to decisions based solely on automated processing that have legal or significant effects on them and can request human involvement and challenge the decision.
  • Right to Withdraw Consent: Individuals may withdraw consent easily and at any time, without affecting prior processing.
  • Right to Complain: Individuals may file a complaint with our Data Privacy Department and, if necessary, with the UAE Data Office if they believe their rights have been infringed upon.

If you wish to exert any of your rights, please contact us via email at privacy@sans.org.

You should be aware that your personal information may be transferred to, stored, and processed within the U.S.A. and other jurisdictions outside of the UAE. We will take all appropriate measures to safeguard your information in accordance with applicable legal requirements.

United States – State Privacy Rights

Residents of California

If you are a California resident, the California Consumer Privacy Act (“CCPA”) may grant you the following rights:

  • Right to Know: You may request from a business that collects personal information about you disclose the following: (1) the categories of personal information it has collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting, selling, or sharing personal information; (4) the categories of third parties to whom the business discloses personal information; and (5) the specific pieces of personal information it has collected about you. California residents may make a Request to Know up to two times every 12 months.
  • Right to Correction:You may request that a business correct inaccurate personal information that the business mains about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to Deletion: You may request that a business delete any personal information about you which the business has collected from you.
  • Right to Opt Out of Selling and Sharing: You may request that a business not sell your personal information to a third party or share your personal information with a third party for purposes of cross-context behavioral advertising. Opt-out rights can be exercised by clicking here or by contacting privacy@sans.org, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.
  • Right to Non-Discrimination: You may not be discriminated against because you exercised any of your CCPA rights.

If you are a California resident, you may specifically instruct us not to sell or share your personal information as described above. Please note, neither SANS, GIAC nor the SANS Technology Institute sells or shares the personal information of individuals under the age of 16. If you are a California resident and would like to make a request to exercise your rights under the CCPA, please contact privacy@sans.org. We will respond to verifiable requests received from California residents as required by law. For more information about our privacy practices, you may contact us as set forth in the Section entitled “Contact Us” in our Privacy Policy.

Process to verify Requests to Know, Requests to Delete, and Requests to Correct: We will acknowledge receipt of your Consumer Request, verify it using processes required by law, then process and respond to your request as required by law. To verify such requests, we may ask you to provide the following information: 

  • For a Request to Know categories of personal information which we collect, we will verify your identity to a reasonable degree of certainty by matching at least two data points provided by you against information in our systems that is considered reasonably reliable for the purposes of verifying a consumer’s identity.
  • For a Request to Know specific pieces of personal information, Requests to Delete, Requests to Correct, we will verify your identity to a high degree of certainty by matching at least three pieces of personal information provided by you to personal information maintained in our systems and also by obtaining a signed declaration under penalty of perjury that the requestor is the consumer whose personal information is the subject of the request.

An authorized agent can make a request on a California resident’s behalf by providing a power of attorney valid under California law, or by providing: (1) proof that the consumer authorized the agent to do so; (2) verification of their own identity with respect to a right to know categories, right to know specific pieces of personal information, or requests to delete, as outlined above; and (3) direct confirmation that the consumer provided the authorized agent permission to submit the request.

Residents of the United States (excluding the State of California)

Certain U.S. state consumer data protection laws provide residents with rights regarding their personal information. If you reside in a state with such a law, you may have the following rights, subject to applicable exceptions:

  • Right to Access: You may confirm whether a business is processing personal information and, where applicable, to access such personal information.
  • Right to Data Portability: You may obtain personal information in a format that allows you to transmit the information to another entity easily, and to the extent technically feasible, to have the personal information delivered in a readily usable format.
  • Right to Correction: You may correct inaccuracies in the personal information that a business has stored, taking into consideration the nature of the personal information and the purposes of the processing.
  • Right to Deletion: You may request that a business delete personal information about you that has been collected by the business.
  • Right to Opt Out: You may opt out of the processing of your personal information by a business for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Opt-out rights can be exercised by clicking here, by contacting privacy@sans.org, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

Appeals

If we decline to act on your request within a reasonable time frame, you may appeal our decision in accordance with applicable U.S. state law. We may respond to your request within 45 days of receipt and may subsequently extend that deadline by an additional 45 days when reasonably necessary. Should we need to extend the deadline, we will notify you of such need to extend within the initial 45-day response period.

Submitting Requests

Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests and Right to Appeal Requests, may be submitted by contacting us at privacy@sans.org. Right to Opt Out Requests may also be made by clicking here or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences. Unless a state law provides otherwise, you may exercise your rights outlined above once per 12-month time period free of charge. For additional requests, we may charge a fee in accordance with applicable law.

We will use the following process to verify Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests, and Right to Appeal Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, and then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Sensitive Data

We do not intentionally collect sensitive data. “Sensitive data” means personal information that, due to its nature, merits higher protection. This generally includes information regarding an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data used for identification, health information, sexual orientation or information, precise geolocation, information about children (under 16 years of age), government-issued identification numbers, citizenship status, financial account credentials and any other information that applicable law designates as sensitive or requiring a higher level of protection.

If you voluntarily provide us with sensitive data - for example, when requesting an accessibility accommodation - we will only use it for the purpose of responding to that request and will keep such information only as long as necessary to address the request or as required for regulatory or audit obligations.

Residents of Iowa (effective January 1, 2025)

If you are an Iowa resident, the Iowa Consumer Data Protection Act (ICDPA) may grant you the following rights:

• Right to Access: You have the right to request whether a business is processing your personal information and to access such personal information.

• Right to Data Portability: You have the right to obtain a copy of your personal information previously provided to a business in a portable and, if feasible, readily usable format.

• Right to Deletion: You have the right to request that a business delete your personal information that was collected about you.

• Right to Opt Out of Sale: You have the right to opt out of the sale of personal information.

Submitting Requests: Right to Access Requests, Right to Data Portability Requests, Right to Delete Requests, and Right to Opt Out of Sale Requests may be submitted by contacting us at privacy@sans.org. Right to Opt Out of Sale Requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

We will use the following process to verify Right to Access Requests, Right to Data Portability Requests, Right to Delete Requests, and Right to Opt Out of Sale Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Maryland

If you are a Maryland resident, the Maryland Online Data Privacy Act (MODPA) may grant you the following rights:

• Right to Access: You have the right to request whether a business is processing your personal information and to access such personal information.

• Right to Data Portability: You have the right to obtain a copy of your personal information previously provided to a business in a portable and, if feasible, readily usable format.

• Right to Correction: You have the right to request that a business correct inaccuracy in your personal information, taking into account the nature of the personal information and our purpose for processing the personal information.

• Right to Deletion: You have the right to request that a business delete your personal information that was collected about you, unless retention of the personal information is required by law.

• Right to Opt Out of Certain Types of Processing: You have the right to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

• Right to Know: You have the right to obtain a list of the third parties to which we have disclosed your personal information. If we do not maintain this information in a format specific to you, a list of the categories of third parties to whom we have disclosed any consumer’s personal information may instead be provided to you.

Submitting Requests: Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, Right to Opt Out of Processing, and Right to Know Requests may be submitted by contacting us at privacy@sans.org. Right to Opt Out of Processing requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

We will use the following process to verify Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, Right to Opt Out of Processing, and Right to Know Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Montana (effective October 1, 2024)

If you are a Montana resident, the Montana Consumer Data Privacy Act (MCDPA) may grant you the following rights:

• Right to Access: Consumers have the right to confirm whether an organization is processing personal information and to access such personal information.

• Right to Data Portability: Consumers have the right to obtain personal information in a format that allows the consumer to transmit the information to another entity easily, and to the extent technically feasible, consumers have the right to have the personal information delivered in a readily usable format.

• Right to Correction: Consumers have the right to correct inaccuracies in the personal information that an organization has stored, taking into consideration the nature of the personal information and the purposes of the processing.

• Right to Deletion: Consumers have the right to have organizations delete personal information that has been collected.

• Right to Opt Out: Consumers have the right to opt out of the processing of personal their personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

• Right to Appeal: Consumers have the right to appeal a business’ denial to take action within a reasonable time period. A business must respond to a consumer request within 45 days of receipt and may subsequently extend that deadline by an additional 45 days when reasonably necessary. When a business elects to extend that deadline it must notify the consumers within the initial 45-day response period.

Submitting Requests: Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests and Right to Appeal Requests, may be submitted by contacting us at privacy@sans.org. Right to Opt Out requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences. Consumers may exercise their rights outlined above once per 12-month time period free of charge. For additional requests, an organization may charge the consumer a reasonable fee if the request is manifestly unfounded, excessive, technically infeasible or repetitive.

We will use the following process to verify Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests, and Right to Appeal Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Nevada

If you are a Nevada resident, the Nevada Privacy of Information Collected on the Internet from Consumers Act (NPICICA) may grant you the right to request that a business not sell certain kinds of personal information that the business has collected or will collect about you. A “sale” under the NPICICA is the exchange of personal information for monetary consideration by the business to a third party to license or sell the personal information to third parties, with certain exceptions. If you are a Nevada resident and wish to obtain information about SANS’ compliance with Nevada law, please contact us at privacy@sans.org.

Residents of New Hampshire (effective January 1, 2025)

If you are a New Hampshire resident, the New Hampshire Privacy Act (NHPA) may grant you the following rights:

• Right to Access: You have the right to request whether a business is processing your personal information and to access such personal information.

• Right to Data Portability: You have the right to obtain a copy of your personal information previously provided to a business in a portable and, if feasible, readily usable format.

• Right to Correction: You have the right to request that a business correct inaccuracy in your personal information, taking into account the nature of the personal information and our purpose for processing the personal information.

• Right to Deletion: You have the right to request that a business delete your personal information that was collected about you.

• Right to Opt Out of Certain Types of Processing: You have the right to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

• Right to Non-Discrimination: You have the right not to be discriminated against by a business for exercising your rights listed above.

Submitting Requests: Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, and Right to Opt Out of Processing may be submitted by contacting us at privacy@sans.org. Right to Opt Out of Processing requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

We will use the following process to verify Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, and Right to Opt Out of Processing: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of New Jersey (effective January 15, 2025)

If you are a New Jersey resident, the New Jersey Privacy Law (NJPL) may grant you the following rights:

• Right to Access: You have the right to request whether a business is processing your personal information and to access such personal information.

• Right to Data Portability: You have the right to obtain a copy of your personal information previously provided to a business in a portable and, if feasible, readily usable format.

• Right to Correction: You have the right to request that a business correct inaccuracy in your personal information, taking into account the nature of the personal information and our purpose for processing the personal information.

• Right to Deletion: You have the right to request that a business delete your personal information that was collected about you.

• Right to Opt Out of Certain Types of Processing: You have the right to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. A business cannot process personal information of consumers for the purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) certain types of profiling without prior opt-in consent if the business has actual knowledge or willfully disregards that the consumer is a child at least 13 but under 17 years of age.

Submitting Requests: Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, and Right to Opt Out of Processing may be submitted by contacting us at privacy@sans.org. Right to Opt Out of Processing requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

We will use the following process to verify Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, and Right to Opt Out of Processing: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Oregon

If you are an Oregon resident, the Oregon Consumer Protection Act (OCPA) may grant you the following rights:

• Right to Access: Consumers have the right to confirm whether an organization is processing personal information and to access such personal information.

• Right to Data Portability: Consumers have the right to obtain personal information in a format that allows the consumer to transmit the information to another entity easily, and to the extent technically feasible, consumers have the right to have the personal information delivered in a readily usable format.

• Right to Correction: Consumers have the right to correct inaccuracies in the personal information that an organization has stored, taking into consideration the nature of the personal information and the purposes of the processing.

• Right to Deletion: Consumers have the right to have organizations delete personal information that has been collected.

• Right to Opt Out: Consumers have the right to opt out of the processing of their personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

• Right to Appeal: Consumers have the right to appeal a business’ denial to take action within a reasonable time period. A business must respond to a consumer request within 45 days of receipt and may subsequently extend that deadline by an additional 45 days when reasonably necessary. When a business elects to extend that deadline it must notify the consumers within the initial 45-day response period.

Submitting Requests: Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests and Right to Appeal Requests, may be submitted by contacting us at privacy@sans.org. Right to Opt Out requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences. Consumers may exercise their rights outlined above once per 12-month time period free of charge. For additional requests, an organization may charge the consumer a fee in accordance with the law.

We will use the following process to verify Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests, and Right to Appeal Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Tennessee (effective July 1, 2025)

If you are a Tennessee resident, the Tennessee Information Protection Act (TIPA) may grant you the following rights:

• Right to Access: You have the right to request whether a business is processing your personal information and to access such personal information.

• Right to Data Portability: You have the right to obtain a copy of your personal information previously provided to a business in a portable and, if feasible, readily usable format.

 Right to Correction: You have the right to request that a business correct inaccuracy in your personal information, taking into account the nature of the personal information and our purpose for processing the personal information.

• Right to Deletion: You have the right to request that a business delete your personal information that was collected about you.

• Right to Opt Out of Certain Types of Processing: You have the right to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Submitting Requests: Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, and Right to Opt Out of Processing may be submitted by contacting us at privacy@sans.org. Right to Opt Out of Processing requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

We will use the following process to verify Right to Access Requests, Right to Data Portability Requests, Right to Correction Requests, Right to Delete Requests, and Right to Opt Out of Processing: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Texas

If you are a Texas resident, the Texas Data Privacy and Security Act (TDPSA) may grant you the following rights:

• Right to Access: Consumers have the right to confirm whether an organization is processing personal information and to access such personal information.

• Right to Data Portability: Consumers have the right to obtain personal information in a format that allows the consumer to transmit the information to another entity easily, and to the extent technically feasible, consumers have the right to have the personal information delivered in a readily usable format.

• Right to Correction: Consumers have the right to correct inaccuracies in the personal information that an organization has stored, taking into consideration the nature of the personal information and the purposes of the processing.

• Right to Deletion: Consumers have the right to have organizations delete personal information that has been collected.

• Right to Opt Out: Consumers have the right to opt out of the processing of their personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

• Right to Appeal: Consumers have the right to appeal a business’ denial to take action within a reasonable time period. A business must respond to a consumer request within 45 days of receipt and may subsequently extend that deadline by an additional 45 days when reasonably necessary. When a business elects to extend that deadline it must notify the consumers within the initial 45-day response period.

Submitting Requests: Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests and Right to Appeal Requests, may be submitted by contacting us at privacy@sans.org. Right to Opt Out requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences. Consumers may exercise their rights outlined above twice per 12-month time period free of charge. For additional requests, an organization may charge the consumer a reasonable fee if the request is manifestly unfounded, excessive, or repetitive.

We will use the following process to verify Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt Out Requests, and Right to Appeal Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Utah

If you are a Utah resident, the Utah Consumer Privacy Act (CDPA) may grant you the following rights:

• Right to Access: Consumers have the right to confirm whether an organization is processing personal information and to access such personal information.

• Right to Data Portability: Consumers have the right to obtain personal information in a format that allows the consumer to transmit the information to another entity easily, and to the extent technically feasible, consumers have the right to have the personal information delivered in a readily usable format. Consumers may exercise that right once per 12-month time period free of charge. For additional requests, an organization may charge the consumer a reasonable fee if a request is excessive, repetitive, technically infeasible or manifestly unfounded.

• Right to Deletion: Consumers have the right to have organizations delete personal information that has been collected.

• Right to Opt Out: Consumers have the right to opt out of the processing of their personal information for purposes of (i) targeted advertising, and (ii) the sale of personal information.

• Right to Appeal: Consumers have the right to appeal an organization’s decision denying a consumer’s rights within a reasonable time period. A business must respond to a consumer request within 45 days of receipt of the appeal, explaining any actions it has taken and reasons for refusing a customer’s request. A business may subsequently extend that deadline by an additional 45 days when reasonably necessary. When a business elects to extend that deadline it must notify the consumers within the initial 45-day response period.

Submitting Requests: Right to Access Requests, Right to Data Portability Request, Right to Delete Requests, Right to Opt Out Requests and Right to Appeal Requests, may be submitted by contacting us at privacy@sans.org. Right to Opt Out requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences. Consumers may exercise their rights outlined above once per 12-month time period free of charge. For additional requests, an organization may charge the consumer a reasonable fee if a request is excessive, repetitive, technically infeasible or manifestly unfounded.

We will use the following process to verify Right to Access Requests, Right to Data Portability Request, Right to Correction Requests, Right to Delete Requests, Right to Opt out Requests, and Right to Appeal Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Residents of Virginia

If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) may grant you the following rights:

• Right to Access: You have the right to request whether a business is processing your personal information and to access such personal information.

• Right to Data Portability: You have the right to obtain a copy of your personal information previously provided to a business in a portable and, if feasible, readily usable format.

• Right to Correction: You have the right to request that a business correct inaccuracy in your personal information, taking into account the nature of the personal information and our purpose for processing the personal information.

• Right to Deletion: You have the right to request that a business delete your personal information that was collected about you.

• Right to Opt Out of Certain Types of Processing: You have the right to opt out of the processing of the personal information for purposes of (i) targeted advertising, (ii) the sale of personal information, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

• Right to Non-Discrimination: You have the right not to be discriminated against by a business for exercising your rights listed above.

Submitting Requests: Right to Access Requests, Right to Correction Requests, Right to Delete Requests, Right to Opt Out of Processing, and Right to Data Portability Requests may be submitted by contacting us at privacy@sans.org. Right to Opt Out of Processing requests may also be made by clicking here, or by enabling an online global privacy signal, such as Global Privacy Control, which is a browser tool that automatically communicates your opt-out preferences.

We will use the following process to verify Right to Access Requests, Right to Correction Requests, Right to Delete Requests, Right to Opt Out of Processing, and Right to Data Portability Requests: We will acknowledge receipt of your request, authenticate it using processes required by law, then process and respond to your request as required by law. To authenticate such requests, we may ask you to provide additional information as reasonably necessary.

Contact Us

To make a request or exercise your data privacy rights, if you have a complaint, or if you have any questions or suggestions regarding this Policy or our processing of your personal information, please contact us at privacy@sans.org or at +1 301-654-7267 and request to speak to the Data Privacy Department.