TH!NK PRIVACY: Locally, globally and across disciplines

When Barclays Bank PLC won a 2009 HP-IAPP Privacy Innovation Award for its TH!NK PRIVACY program, that was only the beginning.

In just over a year, what began as a cross-company effort to emphasize privacy awareness, compliance and cultural change has expanded into the global, not-for-profit TH!NK PRIVACY Consortium.

From its roots at Barclays, the program has focused on training and awareness as critical components to bring the change that comes when employees understand what they should and should not be doing with personal information, explains Suzanne Rodway, director of privacy, sharestakes and operations/group compliance at Barclays.

The premise behind TH!NK PRIVACY, as included with the coalition’s toolkit, states, “Data privacy is an important issue—all organizations have a responsibility to ensure that customer and employee personal data is kept securely and confidentially. Mishandled data can have serious repercussions and can lead to damaged relations, financial penalties and loss of business—reputations are hard won and easily lost. Handling data with care is critical to running a successful business and your employees are your best form of defense.”

Simply put, Rodway says, the TH!NK PRIVACY campaign reminds employees to “press the mental pause button” before taking any action that might endanger personal information.

Barclays’ in-house awareness campaign was aimed at changing behaviors and getting people to think about the issues.

The TH!NK PRIVACY logo was created as an eye-catching, message-driven way to reinforce those messages. And, Rodway points out, another key factor was ensuring it could be easily translated into multiple languages and applied across various organizations and businesses that handle private information.

“What we really want them to do is think before they put that unencrypted disk in an envelope or take that unencrypted USB home,” she explains, practices that enable business rather than inhibit it.

Barclay’s effort also included a hazard campaign, complete with graphics to illustrate that something as seemingly innocuous as a mobile phone could be a serious danger when used improperly—or inadequately protected. The visuals were posted strategically throughout the building to get people talking about privacy issues.

Posters featuring such images as a cell phone morphing into a grenade and a half-CD, half-buzz saw graphic were used to reinforce the message and eye-catching, memorable ways that “show the double-edged sword with very little wording,” Rodway says. “It was really high-impact.”

Naturally, the next question was whether to share the lessons learned with others, and that sparked a move to get other organizations involved in creating a culture of privacy protection. The project expanded into the TH!NK PRIVACY Consortium, and the UK Information Commissioner’s Office (ICO) responded favorably to the efforts.

Working through a creative agency, Rodway explains, the consortium produced its TH!NK PRIVACY toolkit of materials that can be used by any organization but can be of particular help to those with limited resources for developing their own campaigns.

TH!NK PRIVACY is now an ICO-approved initiative, and its toolkit is available through the

.

The result is an open-source approach, Rodway says, with materials that can be tailored to different businesses and nonprofit organizations and can be used across borders and for an array of topics.

The next step? Rodway says the consortium is seeking more members from across the globe and of varied backgrounds and disciplines to continue the creative work of updating the toolkit and sharing best practices on privacy protection.

For privacy protection, she adds, “If we raise the bar, it helps us all.”