Rather than collecting everything we could possibly collect, we can minimize privacy concerns and maintain trust by capturing only the information we need and retaining it for only as long as we need it. Ask yourself how much detail you actually need to know to accomplish what you are trying to accomplish. Do you need to sense who is in a room, or simply that someone is there? Do you need to know what someone said, or just the tone and volume of their voice? Do you need to know who said or wrote something, or simply that something was written or said? This practice forces us to act efficiently around the problems we’re trying to solve as well as reducing the vulnerability associated with holding on to sensitive data. A justification of “we might need that later, but I can’t explain why” isn’t good enough.
Activities to try
_List what data you are thinking about gathering and then clarify why you’re collecting each item and for how long it would be needed. As a team, determine if there is more generic or less specific information you could gather to get what you need and how you might be able to retain it for as little time as possible. The European Union’s GDPR regulations compel this kind of analysis.
_Gather examples of existing technologies and solutions that provide good (or bad) controls and limits on data that is collected. In particular, explore products or services that are personally used by members of the team. Consider how your system might emulate the best of these.
_Imagine that a close and skeptical relative is one of your users. How would you explain what you are collecting to them, and why? How would you explain what you are going to do with it? Rehearse these explanations out loud with one another and share them with potential users to get their feedback. Voicing these concerns aloud reveals weaknesses and gaps in your thinking that might otherwise go unnoticed.
A team designing an in-home security system was charged with making it easier to use while also offering a greater sense of protection for the people who used it. Users wanted the system to be able to monitor activity in and around the home but also to preserve family privacy. To understand the line between protection and privacy, the team conceptually mapped out all the human interactions that occurred daily in the home. This allowed them to pinpoint the times when visual recording was critical for protection and when it wasn’t necessary. Inspired by analog camera shutters, the team designed a “privacy shutter” that was triggered to open and close automatically at specific points. When users set the alarm to leave home, the privacy shutters open and enable the cameras to record. Once the users return home and deactivate the alarm, the camera shutters close physically and stop recording.
Explore the other posts in this series: