IT's critical role in data privacy training | Jan17 Newsletter
Somehow when we think about data security and privacy, we have a tendency to look to technology solutions to minimise risks. And, while technology solutions are certainly part of the privacy equation, there’s another area of risk that must be addressed: people.
People: the weak link in data privacy
Staff members, instructors, students, and even parents can all represent weak links when it comes to protecting sensitive data. Whether through viruses transferred between shared files or email, the sharing of passwords, or wilful data theft, the perils of people can’t be overlooked.
One gap that often exists when it comes to addressing the people peril is lack of information and understanding. Yes, you may have plenty of policies that guide how data are supposed to be used, but those policies are often ignored or openly flaunted by people who simply don’t understand the “why” behind the rules.
IT’s role in data privacy training
That’s where you come in. IT leaders have an opportunity, even a responsibility, to train technology users about the risks that their actions may represent—whether inadvertent or intentional. But that training must be more than a “one and done” initiative. And, the training must be designed from the end user’s perspective.
Here are some best practice tips for delivering privacy training designed to stick:
- Make it ongoing: Staff, students, and teachers come and go. Training delivered even a year ago may not have made its way to new members of your school’s community. Cybersecurity needs to be an ongoing communication campaign.
- Avoid techno-jargon: Words and concepts familiar to you often go far over the heads of those not steeped in data security terminology.
- Explain carefully the why behind the rule in meaningful ways: Often, data security rules create barriers or burdens for users. This makes users more likely to ignore the rules unless they clearly understand the impact.
- Share scary examples to drive your points home: Unfortunately, data security breaches are on the rise. These instances, though, can serve as fodder to feed your communication pipeline. Relate each example to the why behind specific rules or policies.
- Provide feedback—positive and constructive: Share examples of internal best practices as well as internal breaches as appropriate.
- Don’t forget about the parents: Parents also play a role in protecting data security and their own personal information. Make sure they understand the role and risk they represent.
One final tip: seek feedback from your users. Are you communicating clearly enough? Do they understand the why behind the requests? Do they have suggestions on how issues might be approached differently? Opening the lines of communication between IT and others can help build relationships that boost compliance.