Learning & Compliance: Friends or Foes?

A few weeks ago, I wrote an article for the Inside Learning Technologies magazine on the role of learning systems in compliance training (“Is your LMS compliance friendly?”) Compliance is one of those topics that rarely get enough attention as one of the key drivers in our industry.

Survey-chart
Source: Compliance Survey 2012, Brandon Hall Group.

However, a recent survey by the Brandon Hall Group found out that regulatory and company compliance combined constitute the most important learning program for organizations’ business strategy today. In addition:

– Over 65% of organizations find it critically important or very important to demonstrate learning compliance to some external regulatory agency.

– At the same time companies understand that compliance is now impacting more on their workforces with over 60% of organizations claiming that compliance requirements involve more than three quarters of employees.

Just yesterday, it was reported that the Federal Aviation Administration announced a fine of $3.5mn to the Port Authority of New York and New Jersey for failing to train its police officers to perform rescues and fight fires. In addition to the fine, the Port Authority will need to take further measures to better oversee rescue and fire-fighting training compliance. According to the settlement, at JFK airport, the Port Authority allowed 77 police officers who were untrained for their duties to work 357 shifts from early May to early June 2012.

Compliance requirements for employees and organizations place new demands on learning systems that more traditional, developmental requirements do not. Our industry nowadays seems flooded with learning and talent management systems. But for such systems to succeed in a compliance-related role, they must be able to readily adapt to changing needs, operate at enterprise software level, and offer the requisite functionality around auditing, reporting, and security.

It is important that L&D and HR departments are up-to-date with the compliance requirements specific to their business. Here are a few suggestions to make this easier:

  1. Talk to your legal team and to your compliance officer to better understand who in the organization is responsible for what.
  2. Define clear requirements and objectives for training and the technology implementation.
  3. Question your vendor and demand a software validation for the learning or talent management system. For the technical parts, don’t be afraid to ask your IT team to participate.
  4. Make compliance an ongoing part of your business via well-defined workflows, checks & balances, and actionable reporting.
  5. When it comes to training, reinforce formal compliance learning with recurring programs. These initiatives may include informal collaborations (such as forums to discuss ongoing compliance issues), on-the-job assessments (to better evaluate the effectiveness of the compliance training), and performance support (to provide easy access to compliance-related materials at the point of need).

For more information, you can read the blog post from David Wentworth of The Brandon Hall Group on “The Problem with Canned Compliance” or, even better, join the webinar “Mission Critical: Managing Compliance Training in Europe” on April 16th.

If your SaaS provider is just as good as LinkedIn, you’re in trouble

I have to say, recently I feel like anything but the life of the party. Security, data privacy, due care and related legal requirements — these are not fun issues. HR executives sometimes go to extraordinary lengths to avoid even talking about these things. Eyes glaze over. Subjects change. Comments like, “Let IT handle it,” or “The risk management folks will sort it out,” get bandied about.

People in the HR world generally don’t want to get up to speed on security competencies. But with LinkedIn getting hacked, things have changed. We all need to be paying attention.

Can you be sued for where your HR data lives?

Patrick Baillie, CloudSigma CEO, recently wrote a primer in Forbes magazine on EU vs. US data privacy and disclosure requirements. You can read his article, Can European Firms Legally Use U.S. Clouds To Store Data, here.

His main point is that the two systems’ divergent claims on SaaS providers cannot be mediated — in short, Baillie says that if you work with a US provider or even a US data center physically located in the EU, you may have put yourself and your company at considerable risk under EU regulations.

He may or may not be right, at least about the data center part. I would think (I would hope) that EU physical presence means that local jurisdiction trumps foreign government claims via US-based group companies.

The jury’s still out on this issue. Right or wrong however, the article is worth reading.

The value of your personal networks

Networks of PeopleGreat quote today from Stephen Downes via his email alert and website Stephen’s Web:

“Your network gives you ideas, not answers, and people who follow only the gurus tend to be . . . followers.”

Love him or not (and I do love him — unapologetic straight shooter that he is), Stephen is worth listening to. He always has something to say.

In this post Stephen takes issue with Seth Godin’s latest bloggy channeling of (I think) Richard Florida, who is in turn promulgating somewhat academic theories around the idea of urban elitist perfectibility in real time and in real places whereas Godin thinks it’s at least partly an exercise that can be carried out individually and online.

Downes thinks Godin is drinking Kool-aid, several flavors in fact.

Whatever you think of the positions, the conversation is key and provides a much needed context for all of the talk in the performance support world about social media and learning.

No answers from me — just questions . . . like:

    Do we really need or want employer-mediated social networks at all? Do they really add enough value to justify the effort?

    If the answer to the questions above is yes, who owns the network — HR, IT, Corporate Communications, Sales? And why?

    Should we be trying to make employer-mediated social networks persistent or should we allow them to come to life and die off as needed and used?