If you are gainfully employed (which sadly most of us HAVE TO BE to pay the bills), you probably have had to sit through at least one compliance or data security training (if not, you are a very lucky person, trust me!). And if you are a communicator, you probably have had to create one of these training yourself. So let’s be honest with ourselves for a second here: compliance trainings are at best somewhat informative and boring, and at worst completely useless and a waste of time from employees’ perspective.
Couple years back, in my first job (company name withheld to protect the innocent), I had to sit through an introductory data security training. The training lasted an hour (but it felt like 10) during which the Chief Risk Officer talked “at us”, giving us a long list of things that will get us fired, followed by even longer list of things we can do not to get fired. Now the important part, this is what my coworkers and I ended up doing differently as a result of this training: NOTHING!
The reason for our inaction wasn’t the fact that we didn’t care about data security (we do!), or that we are not ethical people (we are!) but the fact that the training gave us absolutely no guidance how we can actually go about DOING that. The thing that we really needed wasn’t increased awareness of the importance of data security (we already knew it is important), but a framework and tools that would enable us to take the desired actions and keep our data safe.
Now contrast this with the approach of one of our member companies, Avery Dennison. When the Chief Risk Officer approached the comms team asking them to help him refresh the Code of Conduct, the communications took a step back and asked themselves: “What is it that we actually want people to do as a result of having this Code of Conduct and the training associated with it?” And even more importantly, they actually went and asked the employees: “Why aren’t you already doing what we want you to be doing?”
What they found out from listening to their employees was that employees were aware that it existed and that ethics are important but they found it hard to connect and use the current Code in their day-to-day activities. Equipped with this insight, the Avery team went and completely redesigned the Code and the accompanying resources and training turning it into an empowering framework that enables employees to take informed actions and flag compliance issues that can present a high risk to the company. To see in more detail what Avery did, check out the detailed case study!