(This scribble is a slightly more complex version of my Data Protection Roadmap, which both shows how strands of work can be conducted in parallel, and how those strands connect with each other.)
I’ve been thinking about human factors in data protection, and in my not-terribly-humble opinion; cognitive overload is one of the most significant and least-addressed reasons why individual measures and controls fail. (I wrote about that on Twitter, specifically in relation to breaches but this issue shows up in any aspect of any compliance or risk-based discipline these days)
People aren’t computers. You can’t flash them with an updated image, or apply Knowledge Patches during downtime, and move on to the next thing!
All those little lightbulbs represent information that people must acquire, internalise and apply in order to carry out the task effectively. As you can see, there’s quite a lot of that – this is one reason why the prevailing approach to data protection ‘training’ is….er….sub-optimal (polite version). Knowledge needs to be understood, retained, refreshed and continually applied, or it goes stale very quickly. Half an hour of e-learning or a workbook + quiz once a year isn’t even going to scratch the surface of what’s needed (it might be cheap, but cheap+ineffective is a waste of however much was paid!).
Is it even possible for individual workers to stay on top of all the things they are expected to know and do correctly at any one time? I think probably not; which makes knowledge management less of a nice-to-have and more critical core infrastructure for an organisation.
Can it be done?
Can data protection knowledge management be supported internally by a non-creepy-ML-based KB solution? I’ve earmarked a couple of off-the-shelf KB/self-helpdesk tools to play with when I have the time and energy, and made copious scribbles about architecture, needs analysis and content. If anyone is interested in collaborating with me on this sort of thing (or better yet, PAY me to collaborate!), hit me up.
If you like my stuff, please consider supporting my ability to make more of it by becoming a Patron!