Staff training for data protection
Data. Protection. Privacy. Regulation.
Serious-sounding words, but not ones that necessarily inspire staff to hop, skip and jump into work every day.
So how can you engage large teams with their responsibilities around data privacy? After all, almost everyone engaged in work, voluntary or paid-for, is responsible for handling personal information.
The London Borough of Hackney (LBH) is a local Government authority in the UK, responsible for the welfare of 300,000 residents and business owners.
It employs nearly 4000 people and work with countless other subcontractors and volunteers, all of whom come in to contact with personal data belonging to those who live and work in this part of London.
The introduction of General Data Protection Regulation (GDPR) in the UK on 25th May 2018, was an important catalyst to ensure LBH staff understood their responsibilities. Note: understood, not ‘aware of’ or ‘read about’. We’ll come back to why that’s important.
Since 2018 we’ve been running a compulsory online learning program for LBH staff.
Working with LBH, we identified 5 critical areas of responsibility, which we turned into questions. Previous user testing showed that learning modules described as questions performed better than traditional chapter-style titles.
The 5 questions answered in the learning plan are:
- What is information and what are my responsibilities?
- How can I collect information safely?
- How can I keep information safe?
- How can I share information safely?
- How long should I keep information?
Each question has a choice of tasks for participants to complete, to demonstrate they have understood the content. Answers are freeform – there are no multiple choice questions for people to game.
So far 3000 people have completed the program. You can read about the project from LBH’s perspective here: https://blogs.hackney.gov.uk/hackit/sharing-our-work-data-awareness-training-content
We’re really excited about the results so far and delighted that LBH has made the content available on Github for any other organization to use or repurpose.
Results from a staff survey demonstrated that the majority of respondents felt they:
- had a better understanding of whether they are allowed to collect data
- felt more confident knowing when and how to share and delete data
We’re working on a further iteration for a more general audience and would love your questions and feedback.
Follow @socialsimulator and let us know what you think