If you have participated in any kind of usablity study, the moderator is always to ensure that the recording is only for internal use only and won’t share with anybody. In addion to that, you will have to sign a Non-Disclosure Agreement (NDA). If you have not participated in the usability study, this the normal process in research study. You may guess the main reason for such steps, it has to do with privacy both the participants and the intellectural propter of the company. Let’s look into it in more details.
The importance of keeping user data private
- It is the right thing to do. It makes the participants feel safe, especially when it has to with sensitive data and personal issues.
- Privacy laws and ethics. The privacy laws might be different from one place to another and it is mandated to follow the laws.
- Risk of hacking. The internet has many benefits, but it also comes with a great disadvantage, which is hacking. In today climate, privacy is the most value things that hackers are after.
- Protecting your company’s brand. In general, it gives a good impression to the users that the company cares about their personal data and not just about making money.
Types of personal data
There are two types of personal data: Personally Identification Information (PII) and Sensitive Personally Identifiable Information (SPII).
Personally Identifiable Information (PII) – Specific details that could be used to identify a user.
- Home addresses
- Email addresses
- Phone numbers
Sensitive Personally Identifiable Information (SPII) – Data that, if lost, compromised, or stolen, could cause your users financial harm, embarrassment or discrimination
- Social security numbers
- Driver’s licenses
- Passport numbers
- Financial account numbers
- Date of birth
- Disability status
- Criminal history
- Medical information
Privacy and security practices in user research study
Be transparent about data collection – let the user knows what you are collecting at the beginning of the study session.
Only collect user data that’s absolutely essential – let the user knows that only data that is relevant to the study will be collected for the purpose of product design or improvement.
Get active consent – this can be asking the users to sign the NDA and verbal consent right at the beginning of the study session.
Detail how you’ll use participants’ info and protect privacy – this is to ensure users about how their data is being used and level of protection such using alternative name and avatar.
Allow users to withdraw – let users decide whether to proceed or withdraw from the research study.
Inform users of who will have access to their data – letting the user know that information will only share within the project team and not the whole company.
Explain how you plan to store and delete users’ data – users should know how their data is stored and deleted, which mostly like after product launch.
Undestand privacy issues
Vulnerable populations are the most impacted one when it comes to privacy issues. Vulnerable population – groups of people who have limited ability to provide their consent or have special privacy concerns. These can reflect on three areas of data concerns.
- Data recording – needs to be consistent with UX research standards.
- Data storage – held in safe and secure place from hacking and physical damage.
- Data retention – how long data is being kept.
How to maintain privacy
- De-identification – removing any identifying information from a user’s data that you collect during a study.
- Non-Disclosure Agreement (NDA) – a contract that gives one party legal protection against another party stealing their ideas.
As a UX designer, it is important to make privacy part of UX practices because it is the right thing to do as discussed above.