Welcome to Sysanova Management Consulting Ltd.

Measuring Privacy Training Success

By Scott Crosby, President, Sysanova Ltd.

This is the last in a four-part series on developing training courses for workforces on privacy. The first three articles dealt with Privacy Training Strategy, Privacy Training Needs Assessment and Tailored Privacy Training Curriculum.

Now that the training has been designed and delivered, the most important component comes in to play. Since it has generally cost a lot of money and down-time to get to this point, it is essential that the value of the training be determined, and it’s effectiveness.

There are several ways of measuring the value of training. One way is through straightforward evaluations, and another is through various validations.

When training is provided, it is critical that well prepared evaluations are completed by the participants. I know as a trainer that I rely heavily on participants providing honest feedback on the course content, delivery, reference material, the depth of the presentation, the applicability to their work and the overall value they see in the training. This is fairly straightforward and the only real challenge is getting the participants to take this stage seriously, usually when they are tired from a day of training.

The second method involves several strategies. Since the training was originally intended to change behavior, there may be a need to measure and determine if the behavior changed and if so, to an acceptable degree. On-site testing can be used, and does not have to be overly challenging or intimidating for participants. I often give a slide of the main points I want them to remember, and get participants in group format to recite them back to me throughout the day. This is fun, easy and very effective as a trainer to know what is getting through and what is not. More formal testing can be done, in the form of a written test or checklist document, which does not have to be on an individual basis (no names!) but will give an objective measure of what is being understood. Role playing and case studies offer the opportunity for participants to put into action what they have learned, in a very effective manner. This helps the instructor validate that the participants are not only picking up new knowledge and awareness, but also some skill development. For staff dealing with employees or clients, this form of validation is highly recommended.

Some groups are now trying post-training validation tests in the form of hiring consultants to try out the system. It works by having someone call the call center or walk-in and engage your staff in conversation aimed at determining if they learned what they needed to learn. We all do this to some extent all the time when we call our bank, city, telephone company or insurance company and try to find an answer to our questions. In the validation scenario, it is simply a case of made up people with made up issues who are actually doing a semi-roll-play. The consultant is role playing while the employee is working! Properly done, these exercises expose the weak areas and help tune further training initiatives, and verify the strengths. Staff should be warned in advance that such testing might take place.

Privacy requires momentum, and training helps not only get the inertia in motion, but also helps to sustain it once it is moving. Following-up on training value is also a good reminder to staff of the importance. It might be a good idea to run a combination of evaluations and validations, and do some follow-up months after the training. The follow-up could be a quick survey of random staff, or a comprehensive survey of all participants.

Most institutions spend a lot of money and time on training, and having a prepared workforce is critical for all kinds of contingencies and events. Such follow-through measure show that the organization is serious about bring change to the culture and practices it follows and will make the next round of training even more valuable, reducing overall costs and helping to ensure that your organization is prepared not only to comply with the law, but to leverage privacy as a differentiator.