Embracing different educational techniques is important for teaching diverse audiences about complex topics such as data privacy and security. One of these techniques is gamification, which applies gaming principles to teaching methods, particularly those relating to user experience and engagement. Gamification, or gameful thinking, operates on the assumption that users’ engagement with games can translate to educational contexts to facilitate learning and influence students’ behavior.
On August 22, FPF spoke with Melissa Peterson, Data Privacy and Security Trainer at the Colorado Department of Education, about her use of gamification to impart privacy essentials, including disclosure avoidance, personally identifiable information (PII), school safety, and more, in a fun and engaging way.
FPF: Please tell us more about gamification as a technique and how you came to apply this in your privacy trainings?
Melissa: Gamification in education is about using different games to impart various lessons or ideas. In my role at the Colorado Department of Education, I am responsible for training different audiences on privacy and security. I first came to gamification because I felt uncomfortable as a public speaker and felt that more traditional methods for presentations, like slide decks, were not effective or engaging for my audiences. I also found a tendency to become overly dependent on slide decks when making presentations, and speakers may end up simply reading them to their audience. For these reasons, I was looking for alternative methods to enhance the training, to reach my audience in a way that made the privacy materials more engaging and fun. So, I began to develop games.
FPF: Can you give us an example of the games you use?
Melissa: Sure. One of my first games was based on characters from a comic book and superhero movie. It was developed to impart the concept of personally identifiable information, by piecing together several elements of the characters that do not, themselves, constitute PII, such as date of birth, place of birth, and employment information, to ultimately reveal their identity. The game uses playing cards, which are actually headshots of the characters, on the back of which I noted different pieces of information. The point of the game is for participants to put those pieces of information together to guess the character’s identity, based upon the information written on the back. This really drives home the point that even though certain pieces of information by themselves may not be PII, when combined together with other data, they can reveal a person’s identity.
My experience with this PII game was overwhelmingly positive. From then on, I began developing additional games and interactive activities, for example about school safety perceptions and beliefs versus reality. In my experience, using these games makes it a bit easier for folks to understand concepts that may not be straightforward and to internalize these on a deeper, more intuitive level.
FPF: What are some high-level insights you have gleaned from using this technique that you could recommend to others?
As mentioned, I came to this because of my personal reservations about using traditional presentations, in that I did not find them to be effective and they excluded the audience. I would definitely recommend gamification and brainstorming about different elements that could make it more appealing for the specific audience, depending on the specific topics covered.
Prizes for Disclosure Avoidance and Data Suppression Exercises/Games: Large Erasers and Sudoku Puzzle Books
For example, prizes or awards, even simple items from the Dollar Store, can be used to encourage participation. Props, like a silly fake mustache or flashlights, can be used, for example, for a school safety presentation. These elements make things literal and bring the audience physically into the situations dealt with in the privacy materials. This helps the audience start engaging and thinking from an internal perspective. Then, when we reach group exercises, for example brainstorming on pros and cons of school safety versus privacy, participants are not just repeating what they may have heard from the media but begin thinking from their own perspectives. This allows the group to better weigh the different viewpoints and have a balanced conversation. I also incorporate different resources, for example those offered by the Future of Privacy Forum or the list of principles on school security and equity. Finally, I think it’s important to always be geared towards solutions. The exercise helps flesh out the problem but should always be within a framework that wraps up with actionable, practical solutions.
FPF: It’s great that your approach considers specific audiences and how to adapt materials to them. Have you considered using gamification techniques to teach children and students how to make better decisions and control their own data?
Melissa: Yeah, absolutely. I think gamification in privacy training could be introduced to schools and customized for different age groups and levels. More generally, customizing the materials should involve thinking about how to make the training personal. By making it personal, you help make it meaningful and relevant. This perception of relevance especially helps audiences engage with privacy and security, not as a mere formal compliance issue they are forced into as part of their job but, rather, as something with real, daily impact on them and on students. Once you understand the importance of the policies and requirements in real-life terms, it is much easier to incorporate.
Melissa gave participants a “Data Privacy Training Critique” to measure the effectiveness of presentations and solicit feedback
FPF: How can other stakeholders think about incorporating gamification into their own privacy programs?
Melissa: As I continue to develop new materials for different groups and different audiences, I’m more than happy both to share what I’ve developed so far and brainstorm with others on how best to impart a particular concept. I’m always available for that kind of discussion or collaboration. Data privacy and security can be an intimidating topic for many audiences, and I’ve found that gamification is really effective in making people more comfortable.
Gamification is also crucial for efforts to create the perception that the Department of Education, or other stakeholders seen as enforcers, are actually more like partners. We are not here to audit schools or spot where they are failing and tell them what they are doing wrong. We are here to help educational stakeholders understand the importance of privacy and security and to offer resources to help them understand and incorporate the correct policies and practices.
In particular, sharing and collaboration are hugely important. I encourage anyone interested in receiving copies of my games or considering developing games of their own, to reach out to me at Peterson_m@cde.state.co.us. I would be delighted to respond to questions or participate in brainstorming sessions to collectively generate ideas for imparting privacy essentials in an engaging way.
This interview was conducted by Ahuva Goldstand on August 22, 2019. It has been edited and condensed for clarity.
