“Mandatory security training every year? What a pain…” At most companies, e-learning courses for employees are thought of as something you simply “have to take.” At Mercari, however, we decided to challenge this common perception by delivering content that employees “want to take” through unique formats like manga and podcasts.

This is part of the “Awareness” initiative at Mercari for spreading knowledge about privacy and security. Why are we trying to transform mundane mandatory training into content so fun it could be considered entertainment? Let’s hear from three core members behind the project about their thoughts and how they created such unique content!

Creating courses that people want to take—because it’d be a waste not to

―Could you start by telling us about the background behind the “Awareness” initiative?

@early: It all started around 2022 when @danny and I joined the company and were put in charge of the annual compliance training. At the time, most training courses involved clicking through slides that didn’t have any audio, and I felt that it was such a wasted opportunity to be taking the valuable time of all of our employees and yet delivering the content in such a format.

―Indeed, it might be difficult to remember the content just from reading slides.

@early: Exactly. @saaya, on the other hand, was already creating security onboarding training videos that included elements to entertain its viewers when I entered the company. If I could choose between simply putting together training materials or creating a training course that really gets the message across with just a bit of added effort and creativity, I would choose the latter. That’s how we began creating video training courses by sitting in front of a camera and recording ourselves speaking directly to employees. Fortunately, the videos we created ended up being well received and worth the effort.

In the following year, we got a professional videographer from within the company on board and were able to create a privacy training course in a short drama format! It’s still being used for onboarding to this day.

Year 1: Standard training course with video narration (Format commonly used at other companies)

Year 2: Video training course in short drama format (More creative format than year one)

―And from there, you started getting even more creative.

@early: Yes. I found out that there were other companies using characters and manga in an effort to help their employees learn in a fun and engaging way, which really surprised me! E-learning courses tend to lose their effectiveness and end up as a mere formality, but I heard that at some companies, e-learnings are the most effective measure for reducing incidents. This made me rethink how important they could be. But it also made me reconsider how we deliver these courses. Rather than forcing employees to take them because they’re mandatory, we as content providers should be responsible for creating a course that 99% of people would happily be willing to take.

The goal isn’t just compliance, but the balance of “freedom and responsibility”

—That said, to meet regulatory requirements, wouldn’t the priority be to have everyone take the course? Why place such an emphasis on making it fun and memorable?

@danny: Of course tracking participation is required, but that is not the goal. The true goal is to have employees understand the content, remember it, and apply it in their daily work. Locking down the company entirely would ensure perfect security, but it would also prevent anyone from working.

To achieve an environment where employees can work freely and perform well, each individual must also take on the security responsibilities that come with it. To ensure employees fulfill that responsibility, we have a duty to properly teach the content. That is why memorable content is necessary.

@early: This also relates to Mercari’s value, “Be a Pro.” Setting strict rules is easy, but that won’t lead to innovation. Mercari believes in trusting employees’ literacy and striking a balance between freedom and responsibility. And it’s our job to clearly convey the foundational knowledge that supports this.

—So, what level of knowledge are we expecting employees to attain through these training courses?

@saaya: It’s impossible to impart everything fully through just training courses, and that’s not our goal. More than anything, we aim to create the awareness that will make employees stop and think, “Is this okay from a privacy standpoint?” during their workday, and reach out to the relevant team for help.  That is the most important goal of the training.

—I see. So that’s why it’s important to create something interesting and easy to understand. Did you have any other goals or target numbers? For instance, having employees acquire 15% of the privacy and security knowledge that members of your teams have?

@early: First, we want to ensure there is no one with zero knowledge. In “bucket theory,” the capacity of an organization is likened to a water bucket, where even one hole or weakness can limit the height of the water, leading to leaks and other problems. We don’t expect all employees to become security and privacy experts, of course. If there are 100 things they should know, even starting with just 5 is fine. Since there may be individuals who are starting below zero, our aim is first to bring everyone above zero and to create a neutral baseline.

@danny: The security and privacy teams are often seen as scary presences that enforce rules like the police. But we have no intention of shaming or blaming anyone, and we encourage people to consult us about even the smallest things! To make sure people feel comfortable doing so, we are trying to convey a welcoming atmosphere in our training courses, as well.

@early: When you think of it that way, the training courses also serve as promotion for our team. I see them as a good opportunity to let people know that there are teams like us at Mercari working on what we do!

Making the vision a reality with AI—behind the scenes of the manga and podcast production

—Talk to us specifically about the content of the course. Delivering training content via a manga format is very unique, but how did you create it?

@saaya: I didn’t draw the illustrations for the manga myself. I generated the characters and art using an AI image generator, used a software called CLIP STUDIO PAINT to create the panel layout, and arranged the characters and art within the layout. The story and dialogue were created by @early.

@early: My dream was to become a manga artist when I was in elementary school, and thanks to AI, that dream has unexpectedly come true. (laughs) Privacy is a very ambiguous field because it involves not only legal rules but also moral questions like, “Will this come as a surprise to the user?” To convey such nuances in a story format, manga was the best option.

―You also have a podcast, right?

@danny: Yes. We have a podcast about security and privacy, and we had AI create the theme song for it.

@early: We started the podcast to talk about security and privacy, but now it has evolved into a more casual platform for timely topics, including AI governance.

Podcast thumbnail and a portion of the episodes released

Human judgment is more important than ever before

―But, with such important themes, do you not worry that a casual format might bring the conversation off topic? Also, how do you decide what themes to teach each year?

@danny: The annual security training is limited to just 15 minutes, so we create a proper proposal for what to teach each year. We determine the theme that will contribute most to reducing risks considering our internal near-miss trends, risk information from external organizations, and last year’s content. We aim to create courses that are not only entertaining but maximize risk reduction.

@early: I always admire how incredible @danny’s process is. We try to remember to stay playful. In the field of privacy, it’s more important to share the big picture view and a framework of values over detailed rules, so our approach is a bit different. Things often vary case by case, so we try to structure the content in a way that has the learner consider what they think.

—To wrap up, could you tell us what your plans are going forward?

@early: With the advent of generative AI, information that used to be accessible to only some is now accessible to all. That’s why individual literacy and judgment are more important than ever. While the risks have increased, we’re also able to create high-quality content more quickly now using AI. I want to leverage AI to both raise awareness of risks and implement effective governance.

@saaya: We are prototyping a bot that will post alerts on Slack using the characters from the manga we created. I would like to develop a fun and friendly way that can help improve the literacy of all employees across the company.

Photographer: Tomohiro Takeshita / Author: Riho Nakamori