Aug 16, 2023
Ronny Röller
After our recent blog post on the importance of data privacy in UX research, we've received feedback asking for a more in-depth look into how to implement these principles using our app, NEXT. Your concerns are absolutely valid and we're thrilled to guide you on this journey to ensure your research remains insightful, ethical, and compliant.
Document Interviewee Consent
Why: Ensuring you have the participant's consent before recording is key. Moreover, having a record of this within the platform itself makes it seamless to reference.
How with NEXT:
When uploading a video recording to NEXT, document the participant's consent details in the recording description.
For example: "Consent obtained on [Date] for [Purpose]. Participant allowed recording for UX research only."
Remove Confidential Data from Transcripts
Why: After capturing valuable insights from your interviews, it's crucial to make sure that these transcripts don't inadvertently reveal sensitive information. This upholds the "need-to-know" principle which suggests that only data which is absolutely necessary should be shared or accessed.
How with NEXT:
Once you've uploaded a video recording, NEXT's automated transcription service gets to work.
After transcription is done, we recommend you manually review the transcript.
In case the interviewee mentions any sensitive data like a Social Insurance number, replace it with "XXX" or any other placeholder.
Pro-tip: Look out for names, addresses, or any other specific details that might not be directly relevant to your research but can be considered personal data.
Name Recordings for Removal Requests
Why: Data retrieval should be as straightforward as possible, especially in cases of GDPR removal requests. Including the interviewee's name in the recording title ensures that you can promptly find and address any data-related concerns. Alternatively, you could also use a code to identify the user, thereby minimizing the personal data.
How with NEXT:
While naming your recording, ensure that the interviewee's name is part of the title.
Format example: `[Interviewee's Name] - [Product/Feature Discussion]`.
Label Recordings for Data Privacy
Why: Different conversations have varied consent levels. It’s imperative to differentiate recordings based on their privacy policy implications to avoid any breach.
How with NEXT:
Utilize NEXT's labeling feature to categorize your recordings based on the consent provided.
For instance, recordings can be labeled as "Sales calls" if only compact consent was provided or "User interview" if the participant gave more comprehensive permission.
Geographically differentiating data is also important, especially for businesses operating internationally. Use labels like "EU" and "non-EU" to determine if GDPR applies to specific recordings.
Pro-tip: Regularly review and update your label categories as data privacy regulations evolve and your research needs change.
Periodically Audit and Sanitize Recordings
Why: Holding onto data indefinitely isn't just a risk—it can also be against regulations. Regularly reviewing and sanitizing data ensures compliance and reduces unnecessary data storage.
How with NEXT:
Set reminders for your team to perform periodic audits of recordings (e.g., every 3 or 6 months).
Use NEXT filtering (using a.o. labels) to find the recordings that need to be sanitized
Use the NEXT's sanitization feature, which replaces original videos/audio recordings with a placeholder, eradicating all personal data.
Remember, once a recording is sanitized in NEXT, all highlights from that recording will also be automatically sanitized. Make sure you really don’t need the original clips e.g. to help developers to emphasize with the user.
Limit Access to Data
Why: While shared insights and discoveries are valuable, it's imperative to control who has access to raw, unprocessed data to minimize potential data breaches or misuse.
How with NEXT:
When sharing insights via NEXT stories, ensure only selected highlighted video snippets are shared, keeping raw data confined.
Utilize NEXT's sharing settings to limit who can view stories.
Regularly review the members of your NEXT teamspace. Provide access only to those who genuinely need to view the complete raw data.
Pro-tip: Use SSO/SAML to centrally enforce access control like to revoke access when an employee leaves.
Training and Awareness
Why: Having a policy is just the first step; ensuring every team member knows how to apply it using NEXT tools is where the rubber meets the road.
How with NEXT:
Organize periodic training sessions (e.g., bi-monthly or quarterly) to keep the team updated on the latest data privacy practices in NEXT.
Encourage team members to create and share "how-to" guides or quick video tutorials on NEXT to demonstrate how they implement specific data privacy measures.
Always keep an open channel (like a dedicated chat group or forum) for team members to discuss and clarify any data privacy concerns or best practices related to NEXT.
Conclusion
Incorporating data privacy into your UX research workflow might seem like a daunting task, but with NEXT's user-friendly features, you’re already one step ahead. We're committed to ensuring that your research not only leads to great product discoveries but also respects and upholds the highest standards of data privacy.
Remember, ethical research is good research. Stay compliant and happy researching with NEXT!
For any questions, our Customer Success team is here to support you. Feel free to reach out anytime.