UX research - Sensitive data erediensten/mandaten
This page is about the effects of anonymising data of "organisation" and "mandaten"
Context & current state
In september '22 we were made aware that in the Persons module, showing the "eredienst" or the political mandate together with the person's first and last name, is potentially a violation against privacy & sensitive data handling.
This is research on how this will impact the user experience on the front-end.
Impacted locations;
Persons module;
Overview
Search input
Search results
Contact details (single person view --> landing page when clicking on a search result)
Position details (single person view)
All pages are impacted!
Organisation module
Mandates
Overview - Persons module
In the current overview, users easily see the person's full name, organisation and position they belong to
Single Person view - Persons module
Clicking into a person,
on the contact details pages, the organisation is listed.
on the position page, the organisation is listed
Search input & results - Person's module
You can input a name AND organisation The output is the same as the overview screen; full name + organisation + position
Mandates - Organisation module
In the mandates section of the organisation module you can see the name and postion + organisation of a person. This is also where you edit the mandate.
Usecases to keep into account
Looking for a person;
Not finding the person you're looking for if organisation is the main search term or discriminator because other identifiable data is lacking
Updating a person
Not finding the right person & creating a duplicate
To edit mandate you're sent to bestuurseenheden --> are mandates and organisations anonymised there as well?
Inconsistencies & different UX between bestuurseenheden / person module
If the experience in organisation module is different (identifiable data can be pieced thogether there) this might lead to a weird end user experience AND a difficult product to maintain
Negative side effects
Increase in duplicates
Increase in dissatisfaction with the product if it becomes harder for people to use/find things
Increased product maintenance (different rules for different modules)
Open asks
Research
Data;
How many people only have an organisation as main identifier (not national ID / email address..)
How many have an email address with personal information AND organisation? Are these discriminated too?
What search input fields do users usually use?
How many duplicate names do we have in the database where we'd need another identifier?
User research
How do users search for a person? Through their organisation?
Privacy-wise
Can name + organisation be revealed in search results if a user is indicating knowledge of the person (for instance by searching the first/last name AND the correct organisation?)
What are the legal grounds? Can we pseudonymize or only anonymise data GDPR-wise?
Can we treat user input different from user output? If a user types in a name AND an organisation (clearly knowing the information), can we pull up results OR can in no case the information be shown together?
Potential solutions
For all fields working with the data that needs to be protected
Other solutions
Make another unique identifiable field obligatory upon input (like email address, national ID, phone number)
Expand search fields that can be used to search for a person (email / position...)
Articles
Last updated