The web-site is now in readonly mode. Login and registration are disabled. (28 June 2019)

Will's activity 1b cloud

Cloud created by:

will bladon
8 April 2015

Title: Making information governance interesting

Narrator: I was required to work with our information governance team to create an eLearning package that informed staff of their responsibilities around information governance, and reduce/stop errors around data protection.

Situation: Within our hospital there is a requirement for staff to have training on information governance, but also there are often simple errors that staff make that result in sensitive data being misplaced or used in incorrect ways. This affects nearly all staff groups, even though these groups are comprised of very different and varied roles.

Task: There were two main drivers for this- 1- that we 'had' to do it, and 2- to reduce the number of data protection problems that occurred

Actions

  • Initially I worked with the information governance team to establish some clear objectives that needed to be met
  • I then asked them to provide me with some information which they felt had to be covered
  • My main piece of work was taking this raw information and changing it into 'story' form to take information and make it real and relevant. For example rather than a list of what staff should do with a piece of data I presented a case study story that reflected a real situation and gave those completing the module options as to what they potentially could do, which then led to the relevant consequences.

Results: From feedback of those completing the module it is quite popular in terms of the way it presents information, and in raw data terms it is one of the most completed modules we have.

With regards to objectives I think it falls down slightly- we have good compliance, so the getting people to do it, bit is working, but the actual learning and transfer into practice has been less tangibly measured or seen. This could be down to objectives not being clear enough, or even the goals of the project not being clearly defined. We never had a target set, if we had for example said 'we want to reduce data protection incidents by 50% by this time next year' that would have been a target  which could have been reviewed a year later. As this wasn’t set or measured results in terms of what the module actually changed are not clear. People did it, but what happened after that is not clear. (I think that is a wider problem with all types of learning though).

Reflections: With this project (and others) I have found a disconnect between what people say in terms of why a piece of learning is needed initially and then what happens with it longer term. With this course for example the initial driver was to reduce data protection issues (or so I was told), but on reflection I believe it was more that the information governance team had been told we had to provide the training. Therefore the measure of what impact this training actually had was never followed up on. There will have been some learning, and some changes in behaviour that occurred through staff completing this, but this was never really followed up on. 

Extra content

Embedded Content

Contribute

Martin Kerr
1:19pm 3 April 2017


Hey Will. I was trying not to pick examples to comment on which reflected my experiences but I couldn't resist reading yours as it is very similar to my quoted example. I often think data security gets the same reaction from users as the words 'health and safety' so you are on challenge from the start.

I like the idea of your case study prompting users to then identify errors and alternative ways of approach very much as it gets them to think about a situation. You did not mention how you deployed this, was it using on line media in some form?

You are right about the objectives here. In my case the objective was  'to make people aware' which is very vague and subjective. I did have the additional element of reducing calls to the service desk. You identify the need for a target to focus on and I feel the reduction in the number incidents would be a good measure and would ultimately save time and money too as well as a change in behaviour. It seems though you had a gap in clear sponsorship within the organisation in the same way I did.

Do you think with some more time and support you may have developed your initial assumptions on what you needed to provide? You mentioned a behavioural change for example, is this in terms of people's attitude toward security or the perceived process they needed to follow? Is this perhaps something you might have been able to identify with more time and resources in an initial analysis?

Thanks for sharing your experience.

Contribute to the discussion

Please log in to post a comment. Register here if you haven't signed up yet.