Privacy Best Practices Guide

Name of Organization: Mozilla

Domain: Free Software Community

Talk by Nneka Soyinka

Summary

There are three pillars of lean data practices that help organizations in staying lean and smart about collecting data. These are:

• Audience engagement
• Stay lean
• Built-in security

Here are some tips for improved audience engagement. First, one should provide timely and contextual in product communications through the use of things like permission panels, overlays, onboarding tours, and other features that are user friendly and take advantage of UI in a meaningful way for customers. Giving customers a choice within the product through things like unchecked boxes, optional fields, or accessible controls so that they really are empowered to make data-sharing decisions that they want to make. If one has specialized audiences, they should communicate to them through places like forums, blogs, or bug bounties. And lastly, it is important to remember to re-evaluate one’s engagement over time.

Staying lean means to minimize the data that one requires and collects. If one doesn’t need some data, they shouldn’t collect it in the first place. If they don’t need it any more, then they should get rid of it. Customers who are no longer engaged and haven’t used one’s product for a long period of time could be removed. Lastly, one should identify these specific areas for periodic review, also known as an audit, to ensure that one’s established policies are being followed.

To build security in one’s system, first they must determine how their data will be protected throughout the data lifecycle. This is from the moment the data is first collected, up until the end of the lifecycle with data deletion. Secondly, they should choose partners and service providers who will handle the data securely and in alignment with one’s business expectations. Lastly, when issues do arise, security mitigations should be communicated clearly to the public. This builds trust through that transparency, and ultimately can help the brand.

For access to resources on LDP frameworks, one can visit leandatapractices.com. There is also a downloadable LDP toolkit on this website, using which one can apply different LDP tips and principles in their organization.

Detailed study

Lean data practices, or LDP is a flexible framework that anyone can use to stay lean and be smart about how they collect data in their organization. Through LDP, one’s able to build trust with their customers. There are three pillars to lean data practices:

• Engaging one’s audiences- This is about transparency and being open with customers so that they understand how their data is being used and who it’s sharing with, and are empowered to make the decisions that are best for them.
• Stay lean- This pillar is all about data minimization, and only collecting data that delivers value.
• Built-in security- This enables one to protect the data that they have.

There are many benefits to lean data practices. Through LDP, one is able to build and develop trust with their customers. The trust that one builds with their customers comes from easy to understand explanations, and a well designed user interface that the customers can use to exercise their choices in an easy and non-confusing manner. It also comes from explanations that are not only clear, but also well timed in the location that customers would expect to see those explanations. The trust comes from transparency and being open with users around how their data is being used, minimizing the users’ data that’s collected, and also about the business partners that also use the users’ data. Trust also comes from helping customers to understand that their data is protected within one’s organization. And lastly, since issues inevitably do happen, trust comes when one resolves those issues swiftly and handles them honestly.

LDP also helps one to avoid untrustworthiness. This comes from collecting user data without explaining to them what is being collected, getting their permission, or helping them to understand how their data is going to be used, especially if it’s in a way that they otherwise would not be expecting. Confusing UI which makes it difficult for customers to really take control over their data also contributes to untrustworthiness. Another situation is when human errors inevitably arise and customers’ data is exposed. When the product is designed without privacy in mind, it is engineered from the beginning in a manner that results in the leakage of data. This causes customers to be wary. How one handles situations that arise when breaches happen also determines a customers’ trustworthiness.

Engaging one’s audiences is all about transparency. The following are some tips to help one achieve this:

1. Identify the audiences so that one knows of all of the different stakeholders at play. This could be in the business to customer setting, or the business to business setting.
2. When it comes to sensitive issues, or things that people would find surprising, one should remember to engage early and be very clear. This reduces the chance for them to be surprised by what they’re hearing, especially if it’s related to something that they were not otherwise expecting. By being transparent with the data that the service is relying on and helping the customer to understand the full breadth of that data helps avoid surprises. It also gives them the ultimate choice in making the determination of whether or not they want to interact and engage with the service based on this information.
3. One shouldn’t solely rely on privacy notices to provide people with information. The audience should be engaged where they would expect to receive particular types of information. For instance, Mozilla has specialized communities that they engage with and one of the locations where they engage is via forums. So, depending on the type of information one wants to convey, they should find the best location to share that, such as a marketing email or somewhere within the product.
4. One should engage when it matters. What this means is that one should let people know of specific updates in their product via notifications, emails, blog posts, etc. For example, when the Firefox Nightly browser was updated so that it routed DNS requests through a partner service whenever possible, users were notified when they opened the Nightly browser for the first time after the change was made via notifications.
5. Say what really matters and give details elsewhere. To retain the users interest in one’s product, it is important to remember that people do not want to read a lot. There is only so much space to give them the information that they need to know to get them to continue to use a service. Asking users whether they want to share their location is an example of this. The question usually pops up as a notification, and the users that want to understand why their location may be required can simply click on the Learn More option. On the other hand, users that aren’t that bothered can continue browsing.
6. Give people options on whether they want to provide data that is not necessarily required. A better option for customers or prospective customers is to let them know which fields are optional, or conversely, have mandatory fields and leave the rest to give them the choice of whether or not they want to provide that information. This reduces the amount of data that is collected from customers and also gives them the choice of providing additional information which is not essential to running a particular service.
7. As expectations and behavior patterns change, it is important to re-evaluate engagement over time. This is a continuous process and technology is constantly being updated. Without re-evaluating engagement, one misses out on opportunities to improve their product and how they interact with their audience.

The next pillar in the LDP framework is to stay lean, which calls for data minimisation. These are steps that can help one stay lean:

• The first step is to stop collecting data that is not needed. One should always look at the data that they are accessing and collecting, and ensure that all that data is necessary to use the service. When one has a lot of data, it can scare customers because they may feel like they’re giving a lot of information away.
• The second step is to understand what data one actually needs versus data that they want. For example, with cookie banners, there are both essential and non essential cookies. Essential cookies or necessary cookies are ones that are required for the website to operate, i.e. they are mandatory. Hence one doesn’t typically see an opt in to those because it’s needed for the site to run. In contrast, non-essential cookies help to personalize the content that customers see, or help one to collect statistics and other types of analytics. While such cookies could have benefits to the customer or to the business, they’re not essential. Hence, it is not mandatory for customers to provide that type of data. This is the choice that should be given to customers while collecting data.
• The third step is to find old data and evaluate if it is still needed. A few questions to think about while doing this is:
  1. When was the last time the data was looked at?
  2. How old is the oldest data that one currently keeps?
  3. What was the last time that one determined how long certain pieces of data were actually needed?
  4. When was the last time that one confirmed that all of the collected data was being used?
     These are just a few of the questions that one should ask themselves as they’re evaluating the data that they have and whether or not they still need it. This also helps to think about how to improve data collection and retention going forward.
• The fourth step is to evaluate unverified accounts, for which one needs to determine how long they need that data. An unverified account happens when a customer or prospective customer completes the form to sign up for a service but doesn’t finish the email verification process. So, they sit in the systems as unverified. There’s not much value in holding on to that type of data, because since they didn’t complete the process, one can’t fully engage or interact with them.
• The fifth step is to evaluate inactive and unengaged accounts. Here too one should determine how long they need that data. These are accounts and customers that sign up for a service but are no longer engaging. This means that they’re not opening emails pertaining to the service and they’re not logging into their account to use the product. One should consider getting rid of that data once it is no longer required so that they can reduce the amount of data they’re holding on to.
• The sixth step is to auto schedule periodic audits to confirm one’s policies and make sure that they’re being enforced. This includes retention periods, but it can be any policy that one has. The important thing is to continue to reevaluate and check in to make sure that the policies are actually being implemented.

The third and final LDP principle is building security. This is about protecting the data that one has. The following are some tips to build in security:

• The first tip is to plan for security in advance by considering it from a strategic level and having specific tools that will help strengthen one’s company and system. This includes working with subject matter experts to build in things like ethical hacking and penetration testing into processes, so that security can be tested before any data breaches occur. There also needs to be an incident response plan so that one is prepared in the event a data breach does happen. Having data governance policies are really helpful for employees to understand what’s expected of them and what the guidelines and guardrails are for them, so that everyone is comfortable that they’re in compliance with expectations.
• The second tip is to secure data at every stage throughout the data lifecycle. This includes using physical, administrative, and technical security measures. The data lifecycle runs from the point that data is collected to how it’s being used, who has access to it, how long it is retained, and ultimately, to the point it is deleted. Third parties such as vendors or business partners should also be following the same security throughout the data lifecycle. Hence, it’s important to choose vendors and business partners that align with one’s expectations on security and privacy so that everyone stays on the same page. For physical security, one should use ID cards and badging to ensure that strangers can’t access physical property, and potentially the data that resides there. For administrative controls, one can control the employees’ access to data and implement it in the system design. Different people should have access based on what their specific role is. For technical security, one can implement encryption, penetration testing, vulnerability reporting, etc.
• The third tip is to require strong authentication and authorization. It’s a known fact that humans are often the weakest link when it comes to data incidents. There should be strong security, especially for the administrative level privileges and access that one’s systems have. From the customers’ perspective, one must make sure that the authentication that they’re providing to the service is strong as well. Nowadays, more and more companies are also requiring their customers to use multi factor authentication to use their service.
• The fourth tip is to have a bug bounty program, and to manage and report product security issues and fixes. Being transparent about vulnerabilities to the community is also very important. One might think they are exposing their weaknesses by sharing the vulnerabilities that were found and fixed. But, what it really shows is transparency and continuous improvement, since everyone has to repeatedly update their operating systems and apps to resolve specific vulnerabilities. By being transparent, one builds trust in their brand and helps their customers and community to understand that they are constantly working on improving.

The leandatapractices.com website has a variety of resources on the LDP framework and how it can be applied at different organizations. There is also a downloadable LDP toolkit available that is full of artifacts that can be used to apply tips and principles while working with other stakeholders to start to build out what the application of LDP looks like in one’s specific context.