.png)
I was chatting with a customer recently who was hitting a wall—and not for the first time. She was dealing with two specific, frustrating problems:
⚠️Employees unintentionally sharing confidential info with people who didn't need to know it
⚠️ Departing employees walking out the door with proprietary information
She'd done what a lot of us do when something isn't working: doubled down. She was building another course, tightening up the rules, adding more reminders. But the message felt more like a threat than a partnership. It wasn't working, it was exhausting, and she knew she'd become "white noise."
Source: Walt Disney Pictures’ The Incredibles via Giphy.com
Don’t be Bob. Be Incredible!
We took a step back and sketched out something different: a campaign that doesn't feel like a lecture. And I thought our fans might benefit from seeing what we built.
First off: we spend so much energy worrying about the "Major Breach" that we miss the quiet, everyday ways confidential info is leaked. It’s a slow drip that adds up over time: A departing employee grabs a few files "for reference." A well-meaning teammate shares system access to be "helpful." Nobody thinks they're doing anything wrong… and that's exactly the problem.
The fix isn't more rules or simply repeating them. It's a shift in approach from rule-following to stewardship. Here's the "Our Data, Your Responsibility" campaign I created for the customer.
Our Data. Your Responsibility.
Setting the Tone
The goal at the top of this campaign is simple: establish a stewardship mindset from day one. That means framing data protection not as a legal checkbox (blah!), but as something employees actually care about—like their own job security and the company's competitive edge.
🚀 Kick off with leadership. Start with a video like We protect our data or a live session from your C-suite. It lands very differently when an executive says "this is a competitive advantage" versus when Compliance says "this is a requirement."
📱 Make it clear this is permanent. Use Slack, Teams, Yammer, or digital displays to push a message like You're responsible for what you know. Protecting information isn't a "while you're here" obligation; it follows people even after they leave.
Just-in-Time Intervention
This is your secret weapon. Employees aren’t going to recall the data protection training from January, so reach out at the exact moment the risk spikes: the moment you’re notified that they’re leaving.
👋 The professional exit guide. Send something like Parting ways: Your guide to a professional exit immediately upon resignation or layoff. It walks them through how to leave gracefully—without accidentally (or intentionally) taking confidential work products with them. It's so much more effective than a finger-wagging email two weeks after they've cleared their desk and mentally checked out.
Source: Walt Disney Pictures’ Mary Poppins via Giphy.com
Clearing the Fog
Most data leaks don't happen because employees are malicious. They happen because employees genuinely don't know what counts as confidential or they don’t see it as a big deal. Is this a trade secret? Is it just a draft? Is it even sensitive? What if I only use it as a template?
🔥 Connect small lapses to big consequences. Use something like Only you can prevent dumpster fires to show how a casual mistake becomes a full-blown crisis. The Smokey Bear energy is very much intentional.
💻 Tackle Shadow IT head-on. We all love a shiny new productivity app, but unauthorized tools are a cybersecurity and IP nightmare. A short video like Is this app OK to use for work? frames the message directly as "here's why approved systems protect everyone."
🌳 Give them a decision tool. Resources like Is this confidential?, What not to discuss during a merger, and Would you trade on it? help employees make real-time judgment calls. (The latter two materials can be retitled and customized to list additional types of confidential information for your audience, like recipes, formulas, code, etc.)
Normalizing Speaking Up
None of this works if employees are too scared to raise their hand when something looks sus. If someone accidentally sends a spreadsheet to the wrong "John Smith," you want them to tell you now, not when the auditors find it six months later.
🤷 Let leaders tell their stories. A leader-led session using Mistakes happen is incredibly powerful. When a manager says, "Here's a mistake I made and here's how I fixed it," it gives everyone else permission to be human too.
🙅 Teach them to flag access they shouldn't have. TMI? Let us know! turns the act of reporting over-permissioned access from awkward to expected. You're not snitching; you're stewarding.
Why this works better than a module
By weaving these messages into the moments where the risk lives (e.g., resignations, app downloads, permission requests) the message sticks in a way that a one-and-done course never will. Every single piece includes a clear call to action around raising concerns, so speaking up becomes the natural thing to do.
That's how you move your compliance rep from "don't break the rules" to "we're all in this together."
And that's the best place to work from. 🙌