Understanding privacy and encryption

July 19, 2022

Privacy essentials for product managers


Who is the most important privacy stakeholder in your company? Is it the CEO who sets strategic priorities and makes decisions for the whole company? The privacy counsel who interprets the law and designs your compliance strategy? The security chief who handles day-to-day privacy and security issues?

Of course, the answer will vary from company to company and industry to industry. But in many development-focused companies, the most important privacy stakeholder is someone who doesn’t even have the word “privacy” in their job description: the product manager.

Sure, product managers don’t set company privacy policy, handle privacy reviews, or respond to security incidents or legal changes. But they can do something just as important: They can build privacy into products from the beginning.

That’s because, if your products are built and operated with privacy in mind, your CEO won’t have to dedicate massive resources to remediating privacy issues. Your legal counsel won’t need to fight an uphill battle to whip your company into shape in time for each new compliance ruling. And your security chief won’t need to perform heroics to remedy privacy gaps or, God forbid, mitigate a major breach. A privacy-focused product manager has the power to make privacy compliance easier, more manageable, and more successful for everyone.

Here’s how to be that kind of PM.

Privacy by design: Where it all begins

Privacy by design is a simple idea. Companies should build privacy and security into the design of their products from the beginning, not add it later as an afterthought. If you build your products to protect and empower users from day one, it’s much easier to meet privacy and compliance goals and address security threats. 

This is particularly true in today’s regulatory climate. With a constant stream of new consumer privacy laws, rulings, and regulatory priorities, companies are struggling to keep up. It’s much easier to meet those new rules when your software, business practices, and policies are already designed around user privacy.

Privacy and security by design: data handling basics

Personal data is inherently risky. The more data you have and the more people who have access, the greater the risk of it being compromised.

Privacy by design limits your data footprint and the risks it entails through a combination of policies, practices and technological controls.

Collect the right data for the right reasons

Good data practices start with a sound rationale. You should always have a good reason to collect personal data, based on the needs and expectations of your users. And you should only collect the minimum amount of data to satisfy that use case.

Minimize data access and retention

Your company should only retain data for as long as necessary to accomplish a particular use case. As soon as that use case has been accomplished and the data is no longer necessary, you should delete it.

Product managers should also protect personal data privacy by requiring strict access limits. Each administrator, vendor, or stakeholder should only have access to the personal data they need to do their job. These access restrictions shouldn’t just be policy — they should be built into your products and operations so that your controls can’t be inadvertently (or maliciously) circumvented. Design strong onboarding and off-boarding controls to grant and remove access as employees and partners come and go.

Build in end-to-end data encryption

Your product should be designed to encrypt data throughout the data lifecycle, from acquisition to deletion. Access to cryptographic keys should be strictly limited, with strong security and administrative oversight to ensure that no one has improper access.

Understand your data infrastructure

Map out your data infrastructure in detail. For each product and feature, you should know:

  • What data you’re collecting
  • How you’re using the data
  • Where the data is stored
  • How the data is being protected
  • Who has access to the data
  • How and when the data will be deleted

This should include data flows across departments, as well as between your company and outside stakeholders.

Ensure your product can meet data subject access requests

There are a growing number of data rights laws you need to comply with. These include:

These laws give citizens extensive control over their personal data. For example, data subjects can request a copy of their personal data or order you to delete it. However, the particular consumer rights and business obligations vary from law to law. To achieve privacy compliance, you need to be able to verify each data subject’s identity and meet their rights under the relevant consumer protection law.

Always obtain user consent

User consent is central to privacy by design. Any time you want to do anything with a user or their data, you need to obtain their consent. This doesn’t just apply to product features — it also applies to marketing, customer support, and any other stakeholder who interacts with users or their data. But privacy compliant product managers play a key role by building user consent into each product.

Focusing on consent isn’t just a way to empower users and make your company look good — it also makes compliance simpler. Giventhe rapidly growing number of consumer privacy laws, it can be very difficult to sort out what rights each consumer has and apply those rights consistently. Taking a maximalist approach to consumer privacy makes it easier to standardize your compliance policy, building a single approach that meets all your privacy obligations.

How to apply PbD at the design stage

Make privacy a priority

Privacy by design depends on institutional support. Your organization needs to treat privacy as a strategic priority in your product development lifecycle, on par with any other major product feature or specification. Product security, default privacy, and other PbD factors should be included into the design process from the very beginning.

Make sure you have buy-in from management and privacy stakeholders before product development. As a product manager, you need to know your organization will stay focused on privacy throughout the development lifecycle.

Make data privacy the default option

It’s not enough to have privacy options available. Your product must be designed so that a naive user will be protected without having to dive into the fine print or fiddle with privacy controls. That means minimizing data collection, removing unnecessary permissions like access to contacts, and enabling privacy features by default.

Standardize data collection

Design a robust, scalable data collection process from the beginning. This will help ensure your data footprint remains clean and secure as you bring in new users, features, and partners.

Build in controls to vet and supervise partners

Your partner and third-party contracts must ensure outside stakeholders are treating data with the same care as you are. Make sure your contracts require internal privacy policies and controls that are at least as strict as the ones your own organization uses.

Carefully vet your partners, and consider using audits or monitoring to ensure they stay compliant. Remember, your privacy protections are only as strong as your weakest link — make sure your vendors aren’t that link.

Maintaining privacy throughout the product lifecycle

Rigorously review data practices

As you add new features and new partners, your data controls can drift. Data collection can expand, and gaps can appear in your access control, data deletion, and security.

To protect against this, each new release, redesign, or patch must go through a rigorous privacy review. Any time you add a new feature, make sure you’re using good data minimization practices and that you’re controlling data access and retention.

You also need to monitor your data footprint. Review your data flows, and make sure automatic data deletion, encryption, and other controls are functioning as designed.

Anonymize data to highlight trends

To be responsive to your users, you need to understand how they’re using your product. However, giving your team direct access to user data can violate user data rights and put you at risk of compliance violations.

Data anonymization and aggregation give you the best of both worlds, helping you understand your users without compromising their privacy. By removing personally identifiable information, you can shrink your data footprint and limit privacy and security risks without removing the strategic insights your data provides. . 

Keep user onboarding and disclosure practices current

Every time your product development team adds a new use case or changes your data practices, you need to let users know. Reviewing and updating your user policies should be a standard part of the development cycle. This will ensure new users understand how you’re using their dataand that existing users don’t have their data used in ways they didn’t agree to.

You also need to keep your onboarding and user consent practices current with changing compliance requirements. For example, the Colorado Privacy Act requires businesses to provide a universal opt-out starting July 1, 2024. You’ll need to provide users a one-click option to opt out of targeted ads, data sales, and profiling by that date. 

Enhancing user engagement around privacy

Treat privacy as a usability issue

Privacy by design shouldn’t just protect users — it should also empower them to make their own choices about their data privacy. Build privacy controls that make it easy for users to access, download, or delete their data at will. This will help you satisfy consumer privacy rights like the right to know and the right to delete and save your company the expense of having to manually retrieve user data every time you receive a request.

You should also frequently revisit your privacy policies from a usability perspective. Make sure every opt-in or opt-out notice is accompanied by a granular disclosure, clearly explaining what you want to do with each particular piece of data. Users should be able to understand your data policies at a glance, without wading through complex legalese.

Separate essential and non-essential consent

Some types of user data are essential for an app to function. For example, asking users to provide a backup email account or phone number helps you confirm user identity and enables you to restore account access if necessary. It’s reasonable for you to require that information, because your product won’t work without it.

Other types of data provide non-essential functionality. Sometimes, non-essential data still serves the users — for example, collecting usage data to make your app more user friendly. In other cases, the data primarily serves your company, partners, or advertisers.

Whatever the use case, it’s important to separate essential and non-essential consent. This enables users to opt in to basic account functionality, while opting out of targeted ads and other non-essential features.

Preserving privacy at the end of engagement

When a user closes or abandons their account, you should delete their data. Getting rid of old data reduces hosting costs and prevents private information from being lost, leaked, or misused.

You should also delete old data If your app is retired. If you’re replacing the app or rolling its functionality into another app, let the users choose whether they want to make the move. Give them the option to either migrate their data to the new app or have it deleted, along with the opportunity to download their data if desired.

However, make sure to treat this opportunity as opt-in, not opt-out. Even if the new app is very similar to the old one, you still need consent to repurpose user data.

Strong privacy starts in development

Privacy is easier when you get it right from the start. TerraTrue empowers you to identify and fix privacy risks before deployment, so you don’t have to scramble to fix it later. As the world’s first pre-deployment privacy platform, it brings product managers, developers, security and legal stakeholders together to get privacy right from day one.
Contact us for a free demo,