In any organization, big or small, our people are our greatest asset. From a compliance perspective, we might sometimes be tempted to think of our people as a risk. After all, a high proportion of data breaches and violations of data laws occur when employees make mistakes.
Many of these mistakes could be prevented with improvements to the training provided. Train people well and they’ll become your eyes and ears on the ground. An effective training program will equip people with the necessary knowledge and skills to switch a potential risk into a real advantage.
Data protection laws, like the European Union and United Kingdom General Data Protection Regulation (GDPR) and California Consumer Privacy Act, require organizations to provide adequate training and awareness activity for employees who handle personal data. I’d argue that we should go beyond “adequate” and tailor our training programs to help our people understand how these laws apply to their specific roles, whatever they are.
Research on training provided
The Data Protection Network’s Privacy Pulse Report of data protection and privacy professionals found that the message about the need for data protection training had landed. Eighty percent of responders said their businesses had delivered data protection training within the last 12 months.
But is the quality and relevance of this training good enough for people to really get to grips with the data they use in their day-to-day roles? Is it sufficient to enable them to recognize weaknesses and change their behaviors?
The survey revealed that while some organizations provide training tailored to specific business areas or job roles, these were in the minority. The lion’s share of training was delivered through generic online courses.