Starter questions on “personal data”

In light of recent controversies with personal data unknowingly being uploaded and/or shared, it’s good to take a moment to revisit some basics, which may make or break your relationship with a user, beyond the “pretty pixels” and “smooth usability”. At the end of the day, trust is the foundation for a healthy customer relationship and user experience. Once that goodwill has been earned, you don’t want to break it…

** First ask yourself if you really need such personal data in order to deliver your value prop to the user. Is it a “make or break” issue, really?

** What data are you planning to upload from the user’s device, and WHY? How will having that data lead to positive benefits for the user, thus amplifying your value prop? You want to make sure you’re building a strong customer relationship that lasts a long time!

** If you are uploading the user’s data: What types of data? How much? At what frequency? Is it encrypted? Where is it being stored? Is it being backed up? Can law enforcement agencies access it, and under what conditions? Is there a time limit? Will data be expunged sometime? What happens when the user dies (not just account deleted)? Is personal data being sold for profit? (sorry, gotta ask and just be honest with yourself…you’ll thank me in the morning!)

All of this must be captured like typical business requirements, with full unanimous agreement among product leads, and presumably reviewed by your company’s legal counsel. (I’m not a lawyer, but that’s my hunch, to protect everyone)

** Always err on the side of “Opt-in” first, not “Opt-out”. Make the user decides to opt-in; don’t assume the user is comfortable having their data silently uploaded without consent. Users don’t want an unpleasant surprise that their data was sent without their consent. A great way to break a relationship and lose trust, guaranteed!

** And most critically: Is this all explained up front, in clear language to the user so they can read it, understand it, and take action against it, easily, if they so desire?

Finally, just because you can detect and store certain personal data (due to the way iOS or Android technologies work, and their App Store policies), doesn’t mean you should. And please, don’t use “the other kids are doing it” excuse or “it’s been like this for years”. What are you, a 3 year old? No, you’re (hopefully) a legit business with an amazing vision, and a responsibility to your users and stakeholders.

Always ask yourself what’s your true motive, goal, and benefit to the user regarding data policies. Be honest with yourself. Be transparent and let users know.

Is there another way to deliver value to customers without accessing their personal data? If not, consider making those features that require personal data “premium features” at a micro-payment scale or subscription service. Again, be very clear about your intentions with the data even if the user is paying for that level of use.

Hopefully these starter questions around data-sharing policies will put your team and company on the “happy path” of positive relationships and good user experience overall with your user base!

Leave a Reply