HOT UPDATE FOR 2020: Hey, friend! Greetings from the future, nearly 5 years after this blog post was first written!
Below you'll find two games that you can easily play with your employees for compliance awareness whatever. Both of these work because they require employees to perform a real-world skill to "win."
But if you're planning one of these events, be careful: there's a dark side, too, one that can end up doing more harm than good. We've got a new video that walks through all of that, including a deeper explanation of good vs. bad games and how to think about these events generally. Make sure you check that out by clicking here!
With the HCCA's Corporate Compliance and Ethics Week 2015 coming up in the first week of November, here's a few ideas for in-person games that we posted on the SCCE/HCCA's messageboards the other day—including a template you can use to execute the Willy Wonka-inspired "Golden Ticket" game in a jiffy.
Prep time: around an hour
What you need: an empty desk; a smartphone; a bunch of spare office supplies; masking tape or labels you can write on; various other items depending on your company’s risks
Instructions: Grab a spare desk and clutter it up with office supplies so it looks in use. Add elements that should be red flags for risks (see below) and take a picture with your smartphone, then distribute the picture by email/newsletter and ask employees to send in all the risks they can spot. You can reward the best answer (or answers) with a prize.
The stuff you put on the desk should correspond to the risks you’d like to highlight, but here’s some examples:
- A bag from a high-end store, gift basket or something similar with a note that reads “From your [or, To my] favorite agent/ official/ vendor” in easily-readable lettering (gifts & entertainment/anti-corruption/conflicts of interest; depends on how you phrase it)
- A document that has “confidential” or other clear marking on it (privacy/confidentiality/competitor info)
- A product with a label marked “Prototype” (confidentiality/IP)
- A machine part with a sticker marked “ITAR” or “dual-use” (trade control)
- A document marked “Competitor Price List” (competition)
- Some test tubes with “Alan Smithee” or “Jane Doe” clearly readable on them (privacy)
- A candle (EHS; if you’re moderately proficient with Powerpoint, it’s easy to add in a cartoon flame to the picture)
Make sure to put some red herring items on there too—have everyone on the team contribute a random personal item from their desk to avoid making the risks too obvious and help people build judgment. (For example, if you use the sample picture above, at least one person will think they need to report that toy turtle because it's the wrong color or something like that.)
This game works pretty well with an international workforce since it requires little-to-no text to make it work, and it transfers easily to real-world risk-spotting.
Risks: intellectual property, confidentiality
Prep time: 15 minutes
What you need: a few co-conspirators; a chocolate factory (optional)
Instructions: Create a fake confidential document that you can print out—it should look be in the general format of your most important type of documents, but be clearly marked as a training document in the header.
If you don't have a specific document type you're concerned about, you can grab an editable Powerpoint version of the below template by clicking here.
To help recruit employees into being proactive on managing confidential data, you’re going to send an email to employees letting them know that you’re leaving these documents (the "golden tickets") in strategic places throughout the office during Compliance Week, and people that find and report them—according to whatever your process is for doing that—will win a prize.
Basically, you’re going to be like Willy Wonka, except not terrifying.
Next, print out a bunch of these golden tickets and hand-number them so you can keep track of how many you have and how many get reported. You're going to drop them off at key places where you’re concerned about confidential information being left out unattended—by a printer, for example—and wait for them to be reported. If you’re in charge of multiple sites, you’ll need to recruit co-conspirators to handle this at the site level.
After they’re all reported (or enough time has passed), send a follow-up email announcing the winners and following-up with more messaging on handling data the right way.