Every comprehensive privacy program includes a formal training component. In-person classes, computer-based training and webinars are some of the ways to fill this need. Formal privacy training most often occurs once a year. However, other initiatives be promoted by your organization probably has annual training as well.
To keep privacy top-of-mind between annual training, an awareness program should be created. Awareness programs use informal, unscheduled mechanisms to remind your staff about protecting personal information. Over the next several blog entries I’ll discuss some of my favorite approaches.
One of the simplest and most common ways to keep privacy top-of-mind is through posters. You probably have this mental picture of a wall poster with a simple to remember, brief privacy message. This traditional approach generally allows the message to be read while people are walking past the poster. I think of them as office billboards. You know they are there, but is anyone really paying attention?
You need to get a bit creative to have your messages noticed.
First, get the experts involved
I always advocate leveraging the expertise you have in your organization. When you are ready to begin planning your poster campaign, reach out to the department that is responsible for publicity, marketing or internal communications within your organization.
I know of one privacy team that, on their own, developed awareness posters based on a ’50s science fiction movie theme. Prior to posting them the feedback was very positive, everyone loved them. They were great!
The day the posters went up an executive requested they be immediately removed; the posters did not meet corporate communication standards.
Reaching out to the marketing department first would have avoided the time, expense and embarrassment for the privacy team. In addition to getting their creativity and knowledge of corporate standards, reaching out to the experts allows you to expand the support for your privacy program.
Next, expand the messaging
Typically, a poster has a short, positive message that can be read as someone is passing by. “Protect our customer’s information as if it was your own” or “Lock your computer before you leave your desk” might be typical messages. After following this approach for a few iterations of posters at one company, we asked some of the staff what they thought. One person surprised us in their response.
“I know what I am supposed to do, but what happens if I don’t do it?” This simple comment gave us a new direction. We began a series of posters describing privacy incidents to alternate with the positive posters. These new posters described privacy mistakes and their impact.
To make this approach successful, the posters broke a rule. Instead of making the posters readable as someone walked by, there was detailed information about the privacy event on each one. How did we know this approach was successful? There were small crowds around the posters reading the details.
Finally, change the delivery
Throughout this discussion we’ve assumed traditional posters, a 2-foot by 3-foot sheet that hangs on a wall. There are, however, many other delivery methods you can use.
One of my favorites delivery methods is a screen saver. I first saw this method used in a hospital where each of the staff’s workstations, when locked, would show a HIPAA privacy message. It not only served the purpose of reminding the staff of their obligations, but also reminded visitors to respect the privacy of the patients.
An additional benefit of using the screen saver method is the ease of distribution. When it is time to change the poster, simply change the screen saver image. You also have the possibility of having multiple posters being used concurrently.
There are many other ways to deliver privacy messages. Consider where people in your organization spend their time and how to appropriate present your messages in those environments. Maybe create a small poster for offices and cubicles. What might be a good approach for a conference room?
Finally, consider the spaces in your office where customers may visit. These locations provide an opportunity to share appropriate privacy messages through posters that assure your customers that you are protecting their personal information. Properly done, this is an easy step to making your privacy program a differentiator for the products and services your organization provides.
This article was written by Bob Siegel from CIO and was legally licensed through the NewsCred publisher network.