• United States




Start up your privacy awareness program: posters

Jul 18, 20164 mins
ComplianceData and Information SecurityPrivacy

To keep privacy top-of-mind between annual training, an awareness program should be created. Awareness programs use informal, unscheduled mechanisms to remind your staff about protecting personal information. Over the next several blog entries I’ll discuss some of my approaches. This article focuses on effective posters.

Credit: Thinkstock

Every comprehensive privacy program includes a formal training component. In-person classes, computer-based training and webinars are some of the ways to fill this need. Formal privacy training most often occurs once a year. However, other initiatives be promoted by your organization probably has annual training as well.

To keep privacy top-of-mind between annual training, an awareness program should be created. Awareness programs use informal, unscheduled mechanisms to remind your staff about protecting personal information. Over the next several blog entries I’ll discuss some of my favorite approaches.

Privacy posters

One of the simplest and most common ways to keep privacy top-of-mind is through posters. You probably have this mental picture of a wall poster with a simple to remember, brief privacy message. This traditional approach generally allows the message to be read while people are walking past the poster. I think of them as office billboards. You know they are there, but is anyone really paying attention?

You need to get a bit creative to have your messages noticed.

First, get the experts involved

I always advocate leveraging the expertise you have in your organization. When you are ready to begin planning your poster campaign, reach out to the department that is responsible for publicity, marketing or internal communications within your organization.

I know of one privacy team that, on their own, developed awareness posters based on a ’50s science fiction movie theme. Prior to posting them the feedback was very positive, everyone loved them. They were great!

The day the posters went up an executive requested they be immediately removed; the posters did not meet corporate communication standards.

Reaching out to the marketing department first would have avoided the time, expense and embarrassment for the privacy team. In addition to getting their creativity and knowledge of corporate standards, reaching out to the experts allows you to expand the support for your privacy program.

Next, expand the messaging

Typically, a poster has a short, positive message that can be read as someone is passing by. “Protect our customer’s information as if it was your own” or “Lock your computer before you leave your desk” might be typical messages. After following this approach for a few iterations of posters at one company, we asked some of the staff what they thought. One person surprised us in their response.

“I know what I am supposed to do, but what happens if I don’t do it?” This simple comment gave us a new direction. We began a series of posters describing privacy incidents to alternate with the positive posters. These new posters described privacy mistakes and their impact.

To make this approach successful, the posters broke a rule. Instead of making the posters readable as someone walked by, there was detailed information about the privacy event on each one. How did we know this approach was successful? There were small crowds around the posters reading the details.

Finally, change the delivery

Throughout this discussion we’ve assumed traditional posters, a 2-foot by 3-foot sheet that hangs on a wall. There are, however, many other delivery methods you can use.

One of my favorites delivery methods is a screen saver. I first saw this method used in a hospital where each of the staff’s workstations, when locked, would show a HIPAA privacy message. It not only served the purpose of reminding the staff of their obligations, but also reminded visitors to respect the privacy of the patients.

An additional benefit of using the screen saver method is the ease of distribution. When it is time to change the poster, simply change the screen saver image. You also have the possibility of having multiple posters being used concurrently.

There are many other ways to deliver privacy messages. Consider where people in your organization spend their time and how to appropriate present your messages in those environments. Maybe create a small poster for offices and cubicles. What might be a good approach for a conference room?

Finally, consider the spaces in your office where customers may visit. These locations provide an opportunity to share appropriate privacy messages through posters that assure your customers that you are protecting their personal information. Properly done, this is an easy step to making your privacy program a differentiator for the products and services your organization provides.


Bob Siegel has extensive professional experience in the development of privacy policies and procedures, the definition of performance metrics to evaluate privacy maturity, and the evaluation of compliance. He has extensive experience with PCI DSS and Safe Harbor and has deep subject matter knowledge surrounding key laws and regulations regarding consumer privacy and information security.

Throughout his career Bob has worked with computer applications and business practices that guard personal information. In addition to developing these systems, he trained employees to use them properly and efficiently. As the collection of personal information has increased, he has developed new approaches to help his organizations protect their sensitive data (both electronic and paper-based).

Bob is a Certified Information Privacy Professional, awarded from the International Association of Privacy Professionals, with concentrations in US Law (CIPP/US), European Law (CIPP/E), and Canadian Law (CIPP/C). He is also a Certified Information Privacy Manager (CIPM) and a Certified Information Privacy Technologist (CIPT). He is a member of the IAPP faculty and has served on the Certification Advisory Board for its Certified Information Privacy Manager (CIPM) program as well as the Publications Advisory Board. He was also recently awarded as a “Fellow of Information Privacy” by the IAPP.

Most recently, Bob served as senior manager of Worldwide Privacy and Compliance for Staples, Inc., where his responsibilities included development, awareness, and compliance of global privacy-related policies and procedures for more than 60 business units in 26 countries.

A seasoned program management expert, Bob has a long record of accomplishments in business planning, information privacy, sales support, customer support, application development, and product management. He has helped executive teams convert strategic plans into programs with well defined, measurable outcomes. He also has created realistic program schedules and budgets, resolved critical path issues, managed risks and delivered results consistently on time and within budget.

Bob can be reached at

The opinions expressed in this blog are those of Bob Siegel and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.