Connecting learning and performance with the Internet of Things and xAPI

Imagine a compliance training scenario: you’re hearing a lot about a new phishing (a type of cyber crime involving fraudulent email) threat recently, so you decide to deliver training to protect your organisation; especially since your network was hacked last year, and you can’t risk suffering another data breach.

So, you create or obtain some eLearning, enrol all of your employees, and a few weeks later, they’ve all completed the course.Legal tell you that’s adequate for compliance with data protection regulations, but does it mean you’re safe from the threat? Maybe yes. Maybe no.

The problem? Learning and performance are too far apart. It’s easy to measure what learning has been completed, with what score, when and by whom, but making the connection to the outcome on performance isn’t so straightforward.

In our scenario, while it’s nice knowing that everyone has completed your cyber security eLearning course with a score of at least 80%, the actual desired outcome is increased vigilance around emails.

In other words, we need to connect data about our learning to data about performance, in a far more specific and scientific way than relying on an end of module test, self-reporting and manager observations.

Enter xAPI, a.k.a. Tin Can or the Experience API.

Created in response to limitations with SCORM, the current standard for collecting course completion data (but not much else), xAPI makes it possible to gather performance data from multiple sources and link it to learning data.

As well as software, xAPI talks with smart devices connected to the Internet of Things, so sensors in the real world become sources of performance data, just as we see with fitbit-style activity trackers.

Once this data is collected, it can be used to fine tune each individual’s training for optimised performance. Want a real life example? Take a look at football’s unlikeliest title challengers (and our neighbours) Leicester City, who use player training data gathered using wearable technology to inform strategy – resulting in them topping the English Premier League against all odds.

Back to our example: how could xAPI help us measure whether our eLearning course has reduced the risk of phishing?

Well, rather than solely analysing course completions, with xAPI we could measure how learners interact with emails, click links or open attachments, both before and after taking our course. If they’re more careful around email links after taking training, then clearly it’s been a success; if not, then perhaps it’s back to the drawing board.

The possibilities are almost endless – and they don’t stop at software-related performance outcomes. Any data gathered by Internet-enabled devices can conceivably be linked to learning data using xAPI, so whether it’s the quality of customer service or installation of equipment by engineers, there’s not much that you won’t be able to measure and improve.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”