©2004 MediaPro, Inc.1 Privacy Training: Strengthening the Weak Link By John Block Director, MediaPro, Inc. IAPP TRUSTe Symposium June 9, 2004

©2004 MediaPro, Inc.1

Privacy Training: Strengthening the

Weak Link

By John Block

Director, MediaPro, Inc.

IAPP TRUSTe Symposium

June 9, 2004


Introduction

John Block

Director, MediaPro

Susan Welch

Global Privacy Manager, Procter & Gamble

Lyn Watts

Group Product Manager, Microsoft


“The weak link in many companies privacy ‘chain’ is the

untrained employee. Awareness training is not an option,

it’s a necessity!”

- Fran Maier

Executive Director, TRUSTe


"Human history becomes more a race between education

and catastrophe."

- H.G. Wells

Outline of History (1920)


Agenda

Privacy training implementation: six steps to achieve

desired outcomes

Best practices within the six steps

Case studies from P&G and Microsoft

Q & A


How the Best Ones Do It…

Dr. Jack Zenger

Human Resource Development Hall of Fame

Extensive research with hundreds of organizations

Insight into what differentiates successful training

outcomes

The “best ones” follow six steps


How the Best Ones Do It…

1. Obtain a Clear Vision of Organizational Goals

2. Link Privacy Training Outcomes to Business Needs

3. Earn Support of Senior Management

4. Position and Publicize Privacy Training

5. Conduct Privacy Training Effectively

6. Measure and Sustain Privacy Training Impact



Business issues driving the need to protect privacy

Core values related to a culture of privacy

Strategies employed to achieve privacy goals

Behavioral changes identified to achieve privacy goals



“We look at privacy the same way we look at our car

business. People trust our cars. They should feel that

same level of trust for how we handle their data.”

- Andrea White

Toyota

“Our culture fosters respect for our customers and

our employees. Our vision for privacy is no exception.

We’ve woven it into the very fabric of our culture.”

- Matt Leonard

IBM


Compelling case for doing privacy training

How training will help achieve business goals

Key indicators of success

What each target audience needs to know about privacy

to support business goals



“Linking privacy training to company goals is a ‘heavy

lifting’ exercise. I guess compliance can be a goal if you

want it to be. And it can be tied to customer satisfaction

goals, security goals and even positive labor relationships.

But we also key it to our ‘Standards in Business Practices’

in areas like respecting employees and ethical business

conduct. That seems to strike a cord with our employees

and position privacy as part of H-P culture.”

- Barb Lawler

Hewlett-Packard



Breakout Exercise:Privacy Training

Implementation Ideas


3. Earn Active Support of Senior Management

Decision-makers, champions, resistors

How champions help achieve privacy training goals

Management behaviors needed to support the desired

outcomes

What leadership commitment looks like



Training managers in the same privacy content

Giving managers what they need to reinforce new

behaviors



“Winning executive support? I think that’s an easy one! The investment I request from senior executives for employee privacy training is small budget ‘potatoes’ compared to putting our business at risk!”

- Michele Kemper

Safeco Corporation

“Our managers send employees ‘invitations’ to the training, and this is reinforced with ongoing communications from senior management and from me, as Chief Privacy Officer.”

- Dale Skivington

Kodak


Microsoft Privacy Training: Executive Support is Key



Creating sense of urgency

Making sure the target audience understands the business goals for the privacy training

Answering the questions: “What’s in it for me?” “What’s in it for our organization?” and “What’s in it for our customers?”

Developing an “elevator stump speech” to answer, “Why do I have to spend my time going through this privacy training?”



“We get employees ‘juiced’ before the training is rolled out! We’ve put posters up fashioned after movie promos that make the point ‘Something is coming!’ That builds curiosity and signals importance.”

- Elys Brewda

T-Mobile

“We use customer quotes when we market our privacy training. That really makes a compelling point that trust is important and that we can put ourselves at risk if we don’t do the right thing.”

- Barb Lawler

Hewlett-Packard




What’s in it for me? Sample E-mail Message

“Privacy Laws in many countries require that employees

complete annual privacy training. P&G needs to use and

share data globally and all employees must complete

Privacy Training so that P&G complies with privacy laws.

Failure to comply with the law can result in penalties and

fines to P&G. By completing this short training, you

increase your understanding of how Privacy affects the

work you do, help P&G be globally compliant and maintain

the trust of the people whose information you work with.”


Why Privacy Matters in My Job



Knowing who is responsible for privacy training

implementation

Making sure there is an Implementation Plan

Knowing what the budget is and who owns it



Document how the privacy training is provided, accessed

tracked and measured

Decisions on appropriate content

How the training will be made relevant to users



“I use what I call the ‘warm nest’ approach. I initially

implement it in a small area where I am certain it

will succeed.

It’s a win for me. I end up with positive data to share

with management on the impact of the training.

It’s a win for the organization. I’ve tested the training

and made necessary tweaks BEFORE rolling it out

more widely.”

- Michael Horodyski

Tektronix


Breakout Exercise:Privacy Training

Implementation Ideas



Privacy training seen as part of achieving business objectives (not a “program”)

Process for evaluating the impact of the training

Channeling data back to the management

Using data to make adjustments in business policies, procedures and technologies

Management recognition and reinforcement for using privacy knowledge back on the job



Communicating success stories to the organization

Follow-up and refresher privacy training

Use of privacy knowledge in performance management

goals

Senior managers finding opportunities to communicate

the importance of privacy to the organization



“A combination of anecdotal and quantitative measures communicated to management will help validate your training efforts. Going further and communicating those results throughout the organization can help privacy become part of the everyday culture.”

- Richard Purcell Former CPO, Microsoft

“I look for opportunities to have conversations with employees in amongst the cubicles, and loud enough for others to hear. Often someone else will pop up from their cubicle and bring up a privacy issue that they are concerned about… and on it goes.”

- Lynn Majors aQuantive, Inc.


Questions and Comments

Documents

©2004 MediaPro, Inc.1 Privacy Training: Strengthening the Weak Link By John Block Director, MediaPro, Inc. IAPP TRUSTe Symposium June 9, 2004