As Agile developers, putting our users first means taking their privacy seriously. No team wants a surprise pivot to a compliance project that throws off its momentum. And no one enjoys reading a cringeworthy email that personal information has been leaked! Let’s take a look at a few examples of how we can improve our practice.
Let’s say you get a story to add analytics to a page and it asks for a user's first and last name along with activity detail. That should set off your "personal information" alarm. Personal information can be thought of as anything relatable to an individual. Other examples would be date of birth, email address and social security number. Specific laws might also have requirements about how you handle personal information, or break it into categories like “sensitive personal information.” Storing or sharing personal information presents a variety of technical and policy challenges. Erring on the side of less (or zero) data when collecting any personal information is usually a good place to start.
The examples above are reminders of the need to pause before diving into code. Are you using data you've already collected in a different way? Is there new sharing? Even if you already have permission, explaining a new use will help build trust with your users. Maybe just a modal or popup acknowledgement is all that’s needed. However, make sure the options are meaningful. This recent thread highlighted a confusing UI that might leave you wondering whether there was any real notice or choice involved. Always try to get feedback.
While we have many responsibilities to juggle when developing complicated user interfaces, the examples above should demonstrate that integrating privacy into our process isn’t such a big step away from what we’re doing already: putting our users’ interests first. The broader concept of privacy by design isn’t just about design, it’s about adopting the right mindset throughout our workflow.