UX research - Sensitive data erediensten/mandaten

This page is about the effects of anonymising data of "organisation" and "mandaten"

Context & current state

In september '22 we were made aware that in the Persons module, showing the "eredienst" or the political mandate together with the person's first and last name, is potentially a violation against privacy & sensitive data handling.

This is research on how this will impact the user experience on the front-end.

Impacted locations;

• Persons module;

  • Overview

  • Search input

  • Search results

  • Contact details (single person view --> landing page when clicking on a search result)

  • Position details (single person view)

  • All pages are impacted!

• Organisation module

  • Mandates

Overview - Persons module

In the current overview, users easily see the person's full name, organisation and position they belong to

Single Person view - Persons module

Clicking into a person,

• on the contact details pages, the organisation is listed.

• on the position page, the organisation is listed

Search input & results - Person's module

You can input a name AND organisation The output is the same as the overview screen; full name + organisation + position

Mandates - Organisation module

In the mandates section of the organisation module you can see the name and postion + organisation of a person. This is also where you edit the mandate.

Usecases to keep into account

Looking for a person;

Not finding the person you're looking for if organisation is the main search term or discriminator because other identifiable data is lacking

Updating a person

• Not finding the right person & creating a duplicate

• To edit mandate you're sent to bestuurseenheden --> are mandates and organisations anonymised there as well?

Inconsistencies & different UX between bestuurseenheden / person module

If the experience in organisation module is different (identifiable data can be pieced thogether there) this might lead to a weird end user experience AND a difficult product to maintain

Negative side effects

• Increase in duplicates

• Increase in dissatisfaction with the product if it becomes harder for people to use/find things

• Increased product maintenance (different rules for different modules)

Open asks

• Research

  • Data;

    • How many people only have an organisation as main identifier (not national ID / email address..)

    • How many have an email address with personal information AND organisation? Are these discriminated too?

    • What search input fields do users usually use?

    • How many duplicate names do we have in the database where we'd need another identifier?

  • User research

    • How do users search for a person? Through their organisation?

• Privacy-wise

  • Can name + organisation be revealed in search results if a user is indicating knowledge of the person (for instance by searching the first/last name AND the correct organisation?)

  • What are the legal grounds? Can we pseudonymize or only anonymise data GDPR-wise?

  • Can we treat user input different from user output? If a user types in a name AND an organisation (clearly knowing the information), can we pull up results OR can in no case the information be shown together?

Potential solutions

For all fields working with the data that needs to be protected

Solution	Example: Anglicaanse Kerk Saint George Van Knokke Heist	Anonimity	Text readability
Masking out (more or less detail)	AXXXXXXXX KXXX SXXXX GXXXX VXX KXXXXX HXXX	Medium	Medium
Only masking true religious information	XXXXXXXXX XXXX Saint George Van Knokke Heist	Low	High
Blurring (blurring out the exact letters)		Low	Low
Anonimization	(current solution for other fields) 0282jjjsjsjdj 288282ejjjejeje	High	Low

Other solutions

• Make another unique identifiable field obligatory upon input (like email address, national ID, phone number)

• Expand search fields that can be used to search for a person (email / position...)

Articles

https://www.record-evolution.de/en/blog/data-anonymization-techniques-and-best-practices-a-quick-guide/