The global mobile learning market is forecast to hit $8.7 billion by the end of 2015 and looks set to reach $12.2 billion by 2017. Bring Your Own Device (BYOD) initiatives are becoming standard practice for many organisations and learners who are used to accessing corporate systems and data from their own mobile devices are driving demand for mobile learning. Meanwhile, EUdigitisation initiatives, such as the Opening up Education programme funded with tens of millions of Euros, are also driving the adoption of mobile learning.
The growth in corporate mobile learning raises questions about how to secure personal data. This data is not only travelling between personal smartphones, tablets and corporate Learning Management Systems, but also across borders. It is therefore vital that the C-level asks and answers these questions to limit their organisation’s exposure to the risk of the loss or theft of personal data.
A combined effect and responsibility
If your organisation is looking to introduce mobile learning or improve the management of mobile learning across borders, you will most likely face a multiplicity of local data and privacy laws and widely divergent attitudes to the requirement for securing personal data.
Here are five ways organisations can help HR departments to manage staff data when workforce learning goes mobile
- Audit the usage of mobile workforce learning on a global level. HR and learning development staff in regions with lower data protection standards may not understand the rules in countries with more rigid regulations, putting the whole organisation at risk of a regulatory breach. European citizens have the right to be forgotten, something companies from other continents may not appreciate. Most western European countries are only allowed to store user data for six months and then they have to delete it. In other parts of the world, organisations are encouraged to hold data for as long as they can in case of regulatory challenges. Many countries have regulations governing the transmission of personal data across borders and these may well apply to corporate learner data.
- Appoint a data protection controller. A data protection controller can satisfy the board that the correct level of risk is assigned to data protection. In fact, the law in some parts of the world requires the appointment of a data protection controller.
- Engage all stakeholders in data protection issues. Get all the stakeholders on board – not just HR, but also legal and IT people. Everyone who might contribute to what happens to data within an organisation needs to be at the table. Consent is an important concept relating to data privacy, and organisations need to know how to go about obtaining employee consent to store and process learner data.
- Get informed about the regulations that govern the storage, use and transmission of personal data. Ignorance is no defence. An established supplier will have a solid understanding of how your mobile learning solution complies with regulations and should be able to advise you. Cloud-based learning systems enable easy mobile access for learners across large organisations. HR can disseminate consistent mobile training throughout the entire organisation and monitor and gauge results from it centrally. Students can learn anytime, anywhere and on any device. Yet some organisations implement cloud-based learning systems in most parts of the world but exclude some regions from their cloud workforce learning because they cannot cope with the regulations they are faced with in those regions. It is also important to consider the data protection implications if employees are travelling from one jurisdiction to another while learning on their mobile devices.
- Make sure corporate measures and policies allow for a BYOD environment, where employees use their own devices for work purposes and mobile learning. Conversely, if employees use corporate-issued mobile devices, there must be controls and policies to ring-fence data so that it is not accessible to other apps that employees may install on the device. The measures in place to secure the BYOD environment will go a long way towards securing against threats such as malware and criminal hacks but this must be supplemented by educating the workforce about the importance of protecting their own personal data and how the organisation is ensuring that data is safe.
Organisations need to encompass all these factors as they plan their global approach to data protection in a technology-enabled learning scenario. Mobile learning solutions contain personal data and given that all personal data is private, organisations have a duty to protect it. Depending on whether the organisation is in Europe, America or China, regulations might differ, but all global organisations need to be aware of data regulations and act on the risk of falling foul of them when workforce learning goes mobile.