In technology, change is constant. Professionals working in tech are called on to integrate new processes and ways of thinking to stay abreast of their field. A case in point is data privacy.
If you entered the workforce a decade ago in any number of tech-related tracks, privacy, and processes to protect users was a topic of passing interest. Today, the emergence of GDPR, CCPA, and other landmark pieces of legislation has increased privacy concerns and has become a pivotal part of the development space and beyond.
This article provides a quick-hit synopsis of how the renewed focus on user data privacy impacts different roles in technology organizations in jurisdictions around the world.
Teams that stay compliant incorporate privacy considerations into the development process while simultaneously balancing ongoing pressures for speed and agility.
The SANS institute suggests several best practices that DevOps teams can do to continue working efficiently. Here are the most crucial.
- Streamline Access Control. Ensure that only authorized users can access sensitive information. Session management tools like tokens and timeouts should be used to protect against unwanted access.
- Handle errors and logging. Store data logs securely and track all administrative activity, plus all inbound and outbound data processing activities.
- Practice continuous integration. Build authentication, password management, and other security features into code, and incorporate automated security scanning into the delivery process.
The fundamental principle that has emerged in the UX space is “privacy by design.”
In the 1990s, Dr. Ann Cavoukian developed these seven principles and embedded data privacy features in the very fabric of a software product. GDPR framers regarded Dr. Cavoukian’s so much that they made “privacy by design” a fundamental tenet of their legislation.
Listed below are the seven principles of privacy by design, and UX professionals must now incorporate them into their work.
- Proactive, not reactive: preventative, not remedial
- Privacy as the default setting
- Privacy embedded in the design
- Full functionality: positive-sum, not zero-sum
- End-to-end security: full lifecycle protection
- Visibility and transparency: keep it open
- Respect for user privacy: keep it user-centric
Product managers are more responsible than most for ensuring their organization heeds new privacy regulation. Above all, they are responsible for product quality. If that product is running in a non-compliant way, it’s a defective product.
Fortunately, product managers have resources across the organization to ensure they are staying up-to-date with data privacy reform. In her guide to GDPR Mastery for Product Managers, Karen Cohen runs through a set of organizational processes that should be employed to protect from privacy violations:
- Work closely with legal teams. It’s their responsibility to understand the regulations and how they might impact your product. It’s the product manager’s job to translate their opinions into actionable steps for different stakeholders in the business.
- Researching and comparing domain knowledge is essential. Also, so is competitor research. How are other businesses in your sector handling information access requests? What do their opt-in and opt-outs look like on-site? These are breadcrumbs your company can follow on a path to privacy success.
- Establish clear ownership. If you have a big complicated product, a single person can’t have granular privacy oversight throughout the system. That’s why product managers need to establish clear roles and areas of ownership, including a structure of command to help support the activities of the GDPR-mandated Data Protection Officer. Building this company infrastructure from scratch is undoubtedly a challenge, but in the long-term, this purposeful delegation will beat the ad-hoc process every time. Above all, it makes your business less vulnerable to breaches and violations.