This is a series of four articles examining how to assess a program’s value, take inventory of what matters, use program metrics to show effectiveness and develop a strong communication plan. The first installment looked at understanding the privacy compliance program’s value. The second looked at how to create a regulatory and control inventory. The third looked at meaningful metrics. Find them here at the IAPP Resource Center. This is the fourth installment, which focuses on meaningful communication.
An effective privacy program cannot hide in the corporate office. Constant, innovated communications must be developed outside the annual privacy training. Consider these methods for engaging your staff and business units.
- Identify existing methods of communication. Working with your communications team, strategize on key messages and audiences. This should begin with assessing your internal privacy policy. Your communications team will be your strategic partner to determine the appropriate distribution method. Don’t forget to leverage internal blogs or webpages but keep your message short!
- Leverage existing or planned communications from key business partners. Most privacy programs rely on a network of business units to get work done. Your best friends may be physical or IT security as they have the same goal – protect “things”. If appropriate, work together to implement unified messaging.
- Use your metrics to understand key issues. As discussed in the last article, socializing key metrics are important to show the value of your privacy program. Why not leverage program metrics in an ongoing campaign.
- Coordinate messaging around calendar or company events. January 28 is Data Privacy Day. Consider leveraging this day to bring in an external speaker, or use your internal stakeholder network to discuss emerging trends. Your IT department may be involved in Cybersecurity Month (October). Ask them to join you in January and request they involve you in their October events.
- Make it personal! Inviting employees to attend a brown bag regarding how to protect company information may not result in an overflow crowd. However, making it “personal” will draw a large crowd. Many employees enjoy spending their lunch hour to learn how to protect their social media account, strengthening WiFi connection protections, or the benefits/risks of a health app. Once they understand the personal implications of privacy, they will care more about their data protection role within the company.
- Hold privacy fairs. Similar to making it personal, identify locations where key business units are located and set up a booth. The more diversified the booths are, the more attractive the event will be. Ask key stakeholders, such as physical and IT security to join and introduce fun games. Remember, keep it personal and have fun. Small prizes (e.g. small rubber duckies) for winning a game are sought out by others. There are many free privacy brochures available on the Federal Trade Commission’s website.
- Brand your program. Prudence the Privacy Pro, and her side-kick Opt-Out, are free to IAPP members to use. Consider creating a Prudence cut-out and use her image to brand your communications or internal privacy webpage. Also, consider bringing her cut-out to the privacy fair. People love selfies!
Most importantly, get those who are excellent communicators and passionate about privacy to help drive the communication plans. Privacy fairs are excellent ways to build relationships and can be leveraged as an invite for the privacy program to present at future business unit staff meetings.