Design principles for Privacy and Compliant software

Design principles for Privacy and Compliant software

Role
Research and insights, thought leadership
Duration
Mar 2022 - May 2022


Context

Jira Service Management (formerly service desk) started as a baby add-on to big brother Jira Software. Fast forward a few years, and JSM has matured into a standalone product. As growth continues, we’re preparing the product to be able to support enterprise customers. This means designing for scale. When we talk about scale, we talk about the infrastructure to manage large data sets. And when we talk about data, we need to talk about privacy.


Problem

Not only does Atlassian as a company need to comply with laws and regulations. So do the businesses that use our products. We had seen incoming requests to support regulatory requirements such as HIPAA, fedRAMP and GDPR. Before jumping into design, I needed to understand what it meant to be compliant and why it was important to our customers. I began some preliminary research about privacy and trust. From case studies to industry reports, I gained some valuable insights. I felt that these insights should be translated into design principles to guide any work related to privacy and compliance.


Key insights

  • Good design builds trust. Users who perceive the product as high quality and easy to use are more willing to trust the company.

  • There are different types of personal data. People want more transparency and control over what data is being collected.

  • Data privacy = human right


Design principles

I decided to expand on one of Atlassian's design principles - ‘build trust with every interaction’. The subset principles were used internally to design features related to privacy and compliance, such as ‘Safe notifications’.

  • Build trust with transparency - Information must be easy to find and understand. Always notify users about things that will impact them.

  • Build trust for the future - Sensitive data must be handled and stored with integrity. Compliance needs to scale with the organisation’s size.

  • Build trust in ownership - All users must feel in control of their personal data. Organisations must feel in control of how they want their data to be managed.

Role
Research and insights, thought leadership
Duration
Mar 2022 - May 2022


Context

Jira Service Management (formerly service desk) started as a baby add-on to big brother Jira Software. Fast forward a few years, and JSM has matured into a standalone product. As growth continues, we’re preparing the product to be able to support enterprise customers. This means designing for scale. When we talk about scale, we talk about the infrastructure to manage large data sets. And when we talk about data, we need to talk about privacy.


Problem

Not only does Atlassian as a company need to comply with laws and regulations. So do the businesses that use our products. We had seen incoming requests to support regulatory requirements such as HIPAA, fedRAMP and GDPR. Before jumping into design, I needed to understand what it meant to be compliant and why it was important to our customers. I began some preliminary research about privacy and trust. From case studies to industry reports, I gained some valuable insights. I felt that these insights should be translated into design principles to guide any work related to privacy and compliance.


Key insights

  • Good design builds trust. Users who perceive the product as high quality and easy to use are more willing to trust the company.

  • There are different types of personal data. People want more transparency and control over what data is being collected.

  • Data privacy = human right


Design principles

I decided to expand on one of Atlassian's design principles - ‘build trust with every interaction’. The subset principles were used internally to design features related to privacy and compliance, such as ‘Safe notifications’.

  • Build trust with transparency - Information must be easy to find and understand. Always notify users about things that will impact them.

  • Build trust for the future - Sensitive data must be handled and stored with integrity. Compliance needs to scale with the organisation’s size.

  • Build trust in ownership - All users must feel in control of their personal data. Organisations must feel in control of how they want their data to be managed.

Role
Research and insights, thought leadership
Duration
Mar 2022 - May 2022


Context

Jira Service Management (formerly service desk) started as a baby add-on to big brother Jira Software. Fast forward a few years, and JSM has matured into a standalone product. As growth continues, we’re preparing the product to be able to support enterprise customers. This means designing for scale. When we talk about scale, we talk about the infrastructure to manage large data sets. And when we talk about data, we need to talk about privacy.


Problem

Not only does Atlassian as a company need to comply with laws and regulations. So do the businesses that use our products. We had seen incoming requests to support regulatory requirements such as HIPAA, fedRAMP and GDPR. Before jumping into design, I needed to understand what it meant to be compliant and why it was important to our customers. I began some preliminary research about privacy and trust. From case studies to industry reports, I gained some valuable insights. I felt that these insights should be translated into design principles to guide any work related to privacy and compliance.


Key insights

  • Good design builds trust. Users who perceive the product as high quality and easy to use are more willing to trust the company.

  • There are different types of personal data. People want more transparency and control over what data is being collected.

  • Data privacy = human right


Design principles

I decided to expand on one of Atlassian's design principles - ‘build trust with every interaction’. The subset principles were used internally to design features related to privacy and compliance, such as ‘Safe notifications’.

  • Build trust with transparency - Information must be easy to find and understand. Always notify users about things that will impact them.

  • Build trust for the future - Sensitive data must be handled and stored with integrity. Compliance needs to scale with the organisation’s size.

  • Build trust in ownership - All users must feel in control of their personal data. Organisations must feel in control of how they want their data to be managed.

Want to team up or learn more about my process?

💌

hello@jenifferheng.com

© All rights reserved ·
Last updated June 2024

Want to team up or learn more about my process?

💌

hello@jenifferheng.com

© All rights reserved ·
Last updated June 2024

Want to team up or learn more about my process?

💌

hello@jenifferheng.com

© All rights reserved ·
Last updated June 2024