I have a confession.
Early in my career many years ago, I was conducting some internal stakeholder interviews at a large company. As usual, I assured the interviewee that her remarks would be kept anonymous. Feeling at ease, she let loose with a very open critique about the product direction, using some um…. colorful language.
I kept my promise to her and presented the results without revealing her identity. I never told anyone about what she said or where those comments came from. However, the document that held my interview notes was called Jane_Doe_Interview and it was stored on an internal shared directory.
What I didn’t realize was that the company had an internal knowledge base search, which looked through all the shared directories. When you searched for her name, that document was one of the first results, which revealed her comments in all their colorful glory to anyone who cared to look for it.
People found it. They weren’t happy. Jane Doe wasn’t happy. I was mortified.
File that one under “hall of shame”.
To be fair, I’m in prestigious company.
These days it seems like a new data breach is in the news every other week. JP Morgan Chase suffered a data breach at an estimated cost of $250 million. The Ashley Madison leak destroyed a few lives. The US government, which uses biometric fingerprint data to authenticate employees, had 5.6 million fingerprints stolen. Now all federal employees need to change their fingerprints. Or maybe that’s just a rumour.
Every single one of those companies assured their customers (and employees) “We promise to keep your data safe”, and I’m sure that they had every intention of keeping their promise. Ah, if only good intentions were enough to protect your data!
When dealing with customer research data, you need to take concrete steps to protect the identity of your research participants. It might not seem like the stakes are high, but they can be, and data breaches happen all the time.
Your guiding principle to protecting your customer data is: keep the data and any identifying information separate.
Here’s what it means in practice:
- The customer’s name, employer, contact information, location is not kept in the interview notes. If it appears in the notes, remove it through redaction (cover it with a black box), or just plain remove it. That information is usually not important in the analysis.
- Instead, refer to your participants by number in your notes. John Smith becomes “Participant 1”.
- If you DO redact information from a document, make sure that you use a proper redaction tool. That means you have to convert the document to PDF format, and use Adobe Acrobat, Nuance Power PDF or another PDF tool to perform the redaction. If you just draw a black box over the text, a text search will still find it. Seriously, the US Department of Defense got egg on their face for making that mistake. Put that in their hall of shame.
- There are certain situations when you DO need to know the names of participants. For example, when I’m doing my analysis, I like to have the names visible because it’s easier for me to remember each interview “oh yeah, Kim was the one with problem X”. If that’s the case, print out the document and hand write their names on the hard copy (sorry trees).
- Alternatively, if you absolutely need to have names of people recorded, have it in one document and create a table with a column for the participant name, and a column for participant ID number, so that you create a mapping of name to participant ID. Then password protect that sucker and give that password only to people who really need it.
- If you share the password, don’t email the document with the password in the same email. Send the password by text, or call the person with the password.
- If the information you are dealing with is in any way sensitive, as soon as you no longer need the identifying information, delete it! Don’t leave it hanging around, waiting to be discovered. At the very least, delete the document that contains the mapping.
Notice there is no fancy technology at play here. No cryptography, no certificates, no super secure spy devices. Just some simple, practical techniques that won’t cost you a dime.
So now you have no excuse for not delivering on your good intentions.
Photo Credit: Nick Carter (Creative Commons Commercial License)