Privacy training that sticks | Overcoming 10 common excuses

by Sypher - March 09, 2023

Overcome common excuses such as perceived irrelevance, complexity, and lack of resources to build a culture of privacy within your organisation.

As a privacy professional, you know that 100% privacy is a myth. While policies and procedures are critical to managing privacy, human error can render them ineffective in the blink of an eye.

Privacy management isn't just about ticking boxes and following regulations. It's about people. Every person in your organisation plays a role, at some level, in protecting personal data, and a single weak link can put the entire chain at risk. 

That's why nurturing a privacy-first mentality is so important and - like it or not - education and training are simply pivotal to achieving it. 

💤 But let's be honest: people get super bored in training sessions… 

SO, how do you develop training programs that are engaging, practical, and tailored to the specific needs of both the organisation AND your colleagues?

Roadblocks to effective privacy training

While the good old snooze fest is probably your number one enemy, it’s not your only hurdle in your quest for the holy graal: a truly engaging privacy program. Let’s explore ten of the most common excuses surmountable challenges:

1. This privacy training is just not relevant for my job

How painful is it to sit through an inconsequential lecture? Don’t do this to your colleagues! 😴 If the content doesn't apply to their day-to-day work, they will not engage with it. 

Tailor your training to the specific roles and responsibilities of your colleagues. Use real-life scenarios and case studies to show them how privacy impacts their work.

2. Do I really need to learn all these privacy concepts?

Privacy regulations and their associated best practices can seem complex and overwhelming. Bombarded with too much information, people are likely to tune out. 

Break the content into bite-sized pieces and use visuals to help simplify complex concepts. Interactive activities and entertaining quizzes can also help reinforce learning.

3. Was this training program approved by leadership?

Without buy-in from leadership, your privacy training efforts will fall flat. It's important to get leaders on board with the importance of data privacy and the need for training. 

This can pave the way to a culture of privacy within the organisation and make it easier to engage colleagues in training.

4. I am so glad the training is over

No, it’s not! 🫣 Privacy training shouldn't be a one-and-done event. It’s ongoing. Without follow-up, learners are likely to forget what they've learned or revert back to old habits. 

Provide ongoing support and resources to reinforce the training, such as regular check-ins, newsletters, and refresher courses.

5.  I have better things to do right now

If your training is only available in one format, one location, at a fixed time, it may be difficult for some learners to access it — or very easy to avoid it. 

Consider offering training in different formats, such as online modules, live online sessions,  in-person sessions, or on-the-job training. Make sure the training is accessible to all learners, regardless of their location or technical abilities.

6. That’s not how we do things around here

Some colleagues may be resistant to the changes that come with a privacy-first mentality. They may feel that the new policies and procedures are too restrictive or cumbersome. 

Address these concerns head-on and explain why privacy is important for both the organisation and the individuals whose data is being protected.

7. Dedicated training is a nice-to-have — we can’t afford it

The good old lack of resources — time, money and people. It can make it difficult, if not impossible to develop and deliver effective privacy training. 

Work with leadership to secure the necessary resources and prioritise privacy training as a critical component of your privacy management program.

8. Data breaches will never happen to us

Until they do. Some learners may not fully comprehend the potential impacts of data breaches, such as financial losses, reputational damage, and legal liabilities. This lack of understanding can lead to a lack of engagement with privacy training and a failure to prioritise privacy in day-to-day work.

Again, use real-life examples and case studies to illustrate the potential consequences of data breaches and emphasise the importance of tight privacy practices in protecting personal data.

9. Should I report this or not? Neah, it’s probably nothing

Sure, until it’s something. Reporting incidents is not a sign of incompetence or weakness, but rather a responsible and necessary action that can help prevent catastrophic damage. Many incidents are not immediately apparent and may not be discovered until much later. Your colleague’s HUNCH can well be the difference between millions lost and millions saved

Encourage reporting on incidents and potential threats. Work with the IT team to provide feedback to reporters — even when it seems trivial — and guide them in the eventuality they get into actual trouble. Also consider creating a record of these reports. It can help identify patterns, address root causes, and prevent similar incidents and privacy gaps from occurring. The extra effort also demonstrates your organisation’s commitment to privacy. 

In a nutshell, encourage a culture of transparency and accountability.

10. We will never know if the training worked

If your training sticks, your colleagues from across the entire organisation will be considerate and attentive when handling personal data.

To know if your training is effective, you have ways to measure its impact. Use metrics such as quiz scores, feedback surveys, and incident reports to gauge the effectiveness of your training. This will help you identify areas for improvement and adjust your training approach accordingly.

Final Thoughts

Remember, privacy is not just about following regulations and ticking boxes. It's about people and their personal data. By nurturing a privacy-first mentality, you can demonstrate your commitment to protecting the privacy of individuals and build trust with both stakeholders and clients.

So, don't be afraid to think outside the box when it comes to privacy training. Use real-life scenarios, case studies, and interactive activities to engage colleagues and make privacy a priority in their day-to-day work.

Did you find this article helpful? Stay tuned for more by 📌 following our Social Media pages and/or 👉 subscribing to our weekly newsletter. We'll keep you up to date on topics such as Privacy Management, Information Security, and GDPR compliance.

Photo by Jason Goodman on Unsplash