“Communicate your policies to your employees.” “Put policies in writing, preferably in a handbook, and have employees sign that they have read them.” “Periodically review and update policies and distribute again to employees for their perusal and signature.” “Train your employees on your policies; test their understanding.” Good grief, Charlie Brown–enough!
Or is it? The importance of above was brought home by my employer’s required online testing covering our electronic security policies. In years past, I dashed off my signature on forms “agreeing to observe” yadda, yadda, yadda. This year, I actually had to read what I signed. I know my communications are available to the public under the Open Records Act, but I need the regular reminders. Guess ex-Detroit Mayor Kwame Kilpatrick, wished he was reminded before embarrassing emails detailing his love live went public. Mr. Kilpatrick ended up in jail due to problems caused, in great part, by his emails.
Most employees want to be good employees. We don’t mix our personal lives with work. Remember the VA employee who had an unencrypted laptop with the personal data of 26.5 million vets? The laptop was stolen from his car. He may have thought he was a good employee with his willingness to work from home. Sadly, he was also overlooking the risk of taking work home with all that personal data. Another example was found at a financial aid event where the Tennessee State University had so many students show up, they changed venues. A good employee helped out by transferring the hard drive data to her flash drive so she could power up and help all those people. Personal information for 9,000 students from Tennessee State University ,2002-2008, was on that unencrypted drive, which somehow got lost in the craziness. Oh, yeah, the flash drive was returned – someone used it for a homework assignment and apparently didn’t steal anyone’s identity. Of course, the University still paid to cover the eventuality of theft, as did the VA.
Good examples of why we need policy training and review, right? We get careless; we forget. My employer’s training was online, done when I had time, and with a test built in. I couldn’t progress until I correctly answered the question I was on. I could scroll back through the material and get an answer if needed. The Security Administrator was notified when I completed. I couldn’t just skip the training and pretend I’d done it. Despite my grumbling, it was painless and quick. And I have to say, “I needed to be reminded.” Policies should be living, breathing things, important enough to spend time communicating to your employees. If not, why should I spend time following them?
When you feel like Atlas carrying the world on your shoulders, we’ll carry some weight with you. Want to discuss, moan or query regarding personnel issues? Participate in this blog, cuz I’d love to hear from you.
Cally Graves is an Industry Liaison between business, workforce, and education. She has 35 years of experience in workforce development, primarily working with employers in Houston, Texas and the Gulf Coast region.