The new decade promises to connect people to the digital world—and each other—more than ever. If 2019 was any indication, those connections will also be more fraught with risk.
Halfway through July 2019, last year was on track to be the worst for data breaches. The numbers for the rest of the year aren’t in yet, but even based on six months of incidents, the reality is daunting: Data privacy is under siege. Compared to the same time period in 2018, the amount of reported breaches had already increased by 54 percent.
Although cybercriminals are more sophisticated with their attacks, the average employee often represents the greatest risk to the privacy of customer data, as well as their coworkers’ sensitive personal information. Data privacy must be a priority for organizations—and that responsibility must be emphasized with front-line employees.
What Our Data Says
Over the years, millions of employees from a wide range of industries have experienced True Office Learning modules. They learned from us, but we also learned from them—we’ve collected data from the answers users gave to real-world scenarios, and then identified real trends in a number of compliance areas, including data privacy.
Overall, employees are relatively knowledgeable about data privacy, with 86 percent of scenario questions answered correctly. Yet that score is low enough to show that not everybody is understanding the concepts they need to if they are going to properly protect sensitive information.
Our data breaks down performance into categories, with regulation and handling data registering percentages of 80 and 81, respectively. The category “Sharing Concerns” scores an impressive 95 percent, thus suggesting that employees are great at reporting data privacy incidents and concerns after the fact, but are not as proactively wise about what actions are risky or not best practices.
Organizations at Risk
Data privacy has always been important, but various government efforts to protect people’s private information and assets have ramped up so much over recent years that organizations are under new pressure to adhere to various standards and regulations. The recent California Consumer Privacy Act (CCPA) adds another legal consideration for organizations to consider, on top of national laws such as HIPAA and the far-reaching GDPR from Europe—which is already producing some big fines. These regulations and others put the responsibility on companies to protect data or otherwise face serious, and official, consequences.
Of course, the reputational fallout of a data breach can be just as damaging as the legal and financial ramifications. Large companies often can withstand high-visibility incidents—the infamous Target data breach from several years ago that affected 41 million customers was expensive but generally didn’t scare people from shopping at the retailer. SMBs are not as well-equipped as corporate giants to absorb a major data breach, which makes employee compliance all the more critical.
Empowering Employees to Protect Data
On its surface, data privacy seems like an IT issue: The computer experts configure systems to get important information contained and keep the bad guys out. However, the techs can only do so much—every employee must take responsibility for following best practices and prioritizing data security. All the firewalls in the world won’t mean a thing if a rank-and-file employee leaves an unencrypted, unprotected personal smartphone on the train, thus giving the device’s finder unlimited, easy access to company systems and customer information.
Customer-facing employees also bear a tremendous responsibility for engaging in compliant conversations and handling data in a safe, respectful way. The risk potential is obvious, but liabilities can be turned into strengths given the right support and training. The statistics cited earlier in this article are just a launching point—employees can emerge from great training smarter about data privacy and more prepared to make the right decisions in their everyday work.
For online compliance training to deliver this impact, it must be:
- Interactive: Training that too much resembles a college lecture will go over just as well—which means employees may come away not remembering a thing. Interactive courses offer a one-on-one experience, even if one side is just the program.
- Engaging: Information overload—exposing users to everything all at once—puts too much pressure on employees to learn. As a result, they disengage, perhaps rushing to finish the course just to get it over with. Engaging content delivers precisely what the user needs to learn without being boring or overwhelming.
- Relevant: The finer technical points of data security are important to the IT experts, but not so much for the customer service rep. Relevant training content presents familiar, realistic scenarios tailored to the employees who must learn and benefit from them.
- Adaptive: The best online training automatically adjusts to employees, interpreting every interaction and adapting the course accordingly so that users are presented the learning path best suited for them.
Data, Data Everywhere
Data privacy affects everybody, not only because employees are responsible for protecting others’ information, but also because those employees have their own information they want others to protect. Employees who accept that responsibility coupled with organizations that make data privacy and training a priority create trust—consumers feel safer knowing they can do business with a company that works tirelessly to keep their information safe. In this connected and perilous age, that competitive edge is impossible to ignore.