Getting in the Right Mindset to Run a Year-Round Privacy Training Program

Running a year-round privacy program means applying planning, passion, and patience—all mental skills that you can develop.

So, you’ve decided that you’re ready to expand your privacy training and awareness program.

You want to broaden out from your past practice of simply producing a single, required annual privacy training course.

Given the tenor of our times, expanding your program makes a lot of sense. After all, the increased usage of personal information as a carrier of value in our interconnected, data-rich world, and the presence and enforcement of data protection laws and regulations makes it imperative that the employees in your organization have the skills to protect data and reduce your organizational risk.

My question for you is: do you have the right mindset to run a year-round program?


Download Your Free Data Privacy Week 2021 Toolkit!

Take Data Privacy Day on Jan. 28, 2021, to another level with a week's worth of resources in our Data Privacy Week toolkit!

Get My Toolkit

Let’s Think Year-Round

There are going to be adjustments you’ll need to make to manage the mechanics of a year-round program. For example, you’ll need to plot out a calendar year of events and communication; enlist collaborators across different business domains; learn and master the use of new tools; etc.

But all of these are secondary to the mental adjustments you’ll need to make to embrace a more systemic, long-term approach to privacy education.

To do this work well, I’m convinced you’ll need to adopt some different mental models. I’ll outline a few, but I’d love to hear from others who have managed long-term programs what mental models they’ve found helpful. Let’s look at some of what you’ll need.

A passionate belief that privacy matters

If you believe this, every other part of your work will be easier, because it’s this belief that privacy is important—to individuals and to companies—that will carry you through the trying parts of your work.

Bringing everyone in the company along on a journey to a deeper and more sincere respect for personal information will take some time, and you’ll need this passion to carry you through the times when you don’t seem to be making progress.

Acceptance of diverse approaches to privacy

You can’t let your passion for privacy turn you into a privacy crank. That is, someone who ignores the legitimacy of other people’s opinions and tries to shoehorn everyone into your view. Not everyone needs to be a privacy “expert,” and there are few people indeed who need to know chapter and verse of whatever privacy law you must follow.

Understanding that people in different roles and jobs need different levels of privacy knowledge will make you more relevant, as you’ll learn to pitch your privacy message at the depth and complexity that’s right for all types of people. Modulating your expectations requires a sort of empathy. This empathy will not only make you more successful at connecting with people, but it will also keep you from burning yourself out.


Embracing a privacy-oriented mindset can be a big change for people and for organizations. If you and your organization are just ramping up your commitment to privacy, you can’t expect everyone to reach your desired level of understanding and performance right away.

Setting reasonable goals for yourself and others will go a long way toward helping you reach your ultimate goals. If you implement a “Privacy by Design” process, for example, you’ll need to recognize that this is a complicated process that may take several iterations to deploy effectively.

Persistence (some might say stubbornness)

A year-round privacy initiative means you’ll have multiple irons in the fire: the core training to start, but also Privacy by Design workshops, privacy reviews, lunch-and-learns, privacy champions, fun posters, etc. You’ll need to give them room to work their magic before you start to see your whole company adopt a privacy protecting mindset.

You’ll need the stubbornness to overcome setbacks—like the executive who consistently discounts the importance of privacy—in order to win over your company. Persistence ultimately means that you’re willing to commit to the long-term work of recruiting key stakeholders into supporting your program and to doing the dull, repetitive work of beating the privacy drum all the time.

Put all these together and you’ll be mentally ready to start the work of running a year-round program.


Like What You Read?

Check out more content from Tom Pendergast on his blog Confessions of an Awareness Nerd.

Explore the Blog

Share this Post