Staff training for data protection

Data. Protection. Privacy. Regulation. Serious-sounding words, but not ones that necessarily inspire staff to hop, skip and jump into work every day.

So how can you engage large teams with their responsibilities around data privacy? After all, almost everyone engaged in work, voluntary or paid-for, is responsible for handling personal information.

The London Borough of Hackney (LBH) is a local government authority in the UK, responsible for the welfare of 300,000 residents and business owners.

It employs nearly 4,000 people and works with countless other subcontractors and volunteers, all of whom come in to contact with personal data belonging to those who live and work in this part of London.

The introduction of General Data Protection Regulation (GDPR) in the UK on 25 May 2018 was an important catalyst to ensure LBH understood its responsibilities. Note: understood, not ‘aware of’ or ‘read about’. We’ll come back to why that’s important.

Since 2018 we’ve been running a compulsory online learning programme for LBH staff.

5 critical areas for handling information responsibly

Working with LBH, we identified 5 critical areas of responsibility, which we turned into questions. Previous user testing showed that learning modules described as questions performed better than traditional chapter-style titles.

The 5 questions answered in the learning plan are:

  • What is information and what are my responsibilities?
  • How can I collect information safely?
  • How can I keep information safe?
  • How can I share information safely?
  • How long should I keep information?

Each question has a choice of tasks for participants to complete, to demonstrate they have understood the content. Answers are freeform – there are no multiple-choice questions for people to game.

Screen grab of Hackney Action Plan
LBH’s Digital Action Plan guides staff through 5 critical areas of responsibility

The results so far

So far 3,000 people have completed the programme. You can read about the project from LBH’s perspective.

We’re really excited about the results so far and delighted that LBH has made the content available on Github for any other organisation to use or repurpose.

Results from a staff survey demonstrated that the majority of respondents felt they:

  • had a better understanding of whether they’re allowed to collect data
  • felt more confident knowing when and how to share and delete data

We’re working on a further iteration for a more general audience and would love your questions and feedback.

Data. Protection. Privacy. Regulation.

This may not excite staff, but it is possible to engage them with their responsibilities.