Designing a Training Journey for Privacy and Information Security Practitioners in the Federal Public Administration

Context : The Ministry of Management and Innovation in Public Services (MGI) leads the formulation and coordination of the Digital Government Strategy (EGD). DEPSI, under the Secretariat of Digital Government (SGD), is responsible for the Privacy and Information Security Program (PPSI), which aims at data privacy, compliance, and institutional resilience. Problem: The culture of privacy and information security in the Federal Public Administration faces development challenges. Despite the PPSI, there is a lack of awareness initiatives, training, a clear strategy, best practices, and performance indicators. Proposed Solution: The proposal aims to develop a training journey for Practitioners working in roles related to privacy and information security, with the goal of identifying and promoting the best practices, skills, and competencies required for these roles. IS Theory: This study aligns with Organizational Information Processing Theory, providing mechanisms to help organizations adapt to regulatory uncertainties in privacy and security. Method: We employed a mixed approach, combining document analysis, a literature review, and a survey. Guidelines and standards were analyzed to map competencies and responsibilities, while the survey gathered practitioners' perceptions of the proposed training journey. Summary of Results: We identified the key profiles and their corresponding responsibilities, and proposed a personalized training journey. Survey results indicated that the journey meets Practitioners’ expectations, being well-evaluated in terms of criteria and assigned weights. Contributions and Impact in IS: This work contributes by presenting a proposal for a Training Journey to assess the knowledge of Federal Public Administration employees and guide them on the best paths for professional development.

Context：公共服务管理与创新部（Ministry of Management and Innovation in Public Services，简称MGI）牵头制定并统筹协调数字政府战略（Digital Government Strategy，简称EGD）。隶属于数字政府秘书处（Secretariat of Digital Government，简称SGD）的DEPSI负责隐私与信息安全计划（Privacy and Information Security Program，简称PPSI），该计划旨在保障数据隐私、合规性与机构韧性。 Problem：联邦公共行政部门的隐私与信息安全文化建设面临发展瓶颈。尽管已推行PPSI计划，但仍存在意识培育不足、系统化培训缺失、清晰战略缺位、最佳实践匮乏以及绩效指标不明等多重痛点。 Proposed Solution：本方案旨在为从事隐私与信息安全相关岗位的从业者打造一套完整的培训路径，目标是梳理并推广此类岗位所需的最佳实践、核心技能与胜任力要求。 IS Theory：本研究契合组织信息处理理论（Organizational Information Processing Theory），可为组织应对隐私与安全领域的监管不确定性提供适配机制，助力组织完成适应性调整。 Method：本研究采用混合研究范式，整合了文档分析、文献综述与问卷调查三种方法。通过分析各类指南与标准，梳理出岗位所需的胜任力与职责划分；同时通过问卷调查收集从业者对拟议培训路径的认知与反馈。 Summary of Results：研究明确了核心岗位角色及其对应的职责，并据此提出了个性化培训路径。调研结果显示，该培训路径契合从业者的预期，在各项评估标准与权重分配上均获得了较高评价。 Contributions and Impact in IS：本研究的贡献在于提出一套标准化培训路径方案，用于评估联邦公共行政部门员工的知识储备，并为其职业发展路径提供科学指引。