So maybe we could have some sort of monthly reminder email, with explanations?
A gentile but direct reminder is more effective I think, but it wouldn't hurt to reference the full list once a breach is noted (for everyone).
This list seems pretty complete:
Thanks,
RichardÂ