Lean Data Practices

Applying LDP in the product management context

April 2021

Nneka Soyinka

Trust & Privacy Program Manager

Mozilla

LDP Resources

Sharing LDP website and downloadable toolkit

LDP for PMs

Deeper dive into how to apply each of the principles

LDP Refresher

Quick overview of LDP and its benefits

2

mozilla / Public

Agenda

Lean Data Practices Refresher

3

mozilla / Public

Lean Data Practices (LDP)

Staying lean and being smart about how you collect data builds trust with your customers.

4

Engage your audiences

Keep your audience informed and empowered

Stay Lean

Determine if all your data collection delivers value

Build in Security

Learn how to protect personal data

mozilla / Public

Through LDP you can build and develop trust...

Trust comes from:

• Easy to understand explanations
• Well timed explanations
• Easy to use controls
• Conveying the use of limited data
• Explaining why people should "trust" business partners
• Showing that data is protected
• Honesty and speed when there are problems

5

mozilla / Public

...while avoiding untrustworthiness.

Untrustworthiness comes from:

• Failure to explain or get permission
• Well intentioned but confusing UI
• Lack of choice
• Human error exposing credentials or data
• Engineering design leaking data
• Data breach headlines implicating you or your business partners

6

mozilla / Public

Lean Data Practices

for Product Managers

7

mozilla / Public

8

Principle 1 of 3

Engage your Audiences

mozilla / Public

Tip 1: Identify your audiences.

9

mozilla / Public

Who are your audiences?

1. Your customers (B2C, B2B)
2. Your colleagues (e.g. engineers, PMs, marketers, etc.)
3. Your leadership and investors
4. Communities that contribute to your success
5. Your partners and clients
6. General public brand perception

10

mozilla / Public

Tip 2: When it comes to sensitive issues or things that people would find surprising, engage early and be very clear.

11

mozilla / Public

12

mozilla / Public

13

mozilla / Public

Tip 3: Don’t rely solely on your privacy notice. Engage where your audience expects to receive information.

14

mozilla / Public

15

mozilla.governance

mozilla.dev.planning

mozilla.dev.platform

​

List of all forums

mozilla / Public

16

mozilla / Public

Tip 4: Engage when it matters.

17

mozilla / Public

18

mozilla / Public

Tip 5: Say what really matters. Give details elsewhere.

19

mozilla / Public

20

mozilla / Public

21

mozilla / Public

Tip 6: Give people options if you don’t actually need the data.

22

mozilla / Public

23

mozilla / Public

Tip 7: Expectations and behavior patterns change. Re-evaluate engagement over time.

24

mozilla / Public

25

Privacy Notice link vs. Tab

mozilla / Public

26

mozilla / Public

27

Tips for Improved Audience Engagement

• Provide timely and contextual in-product communications through use of things like icons, permission panels, onboarding tour, overlays, etc.
• Give choice in-product through things like unchecked boxes, optional fields, accessible controls, etc.
• Communicate to specialized audiences through places like forums, blogs, bugs, etc.
• Re-evaluate engagement over time.

mozilla / Public

Recap!

28

Principle 2 of 3

Stay Lean

mozilla / Public

Tip 1: Stop collecting what you don’t need.

29

mozilla / Public

30

mozilla / Public

31

mozilla / Public

Tip 2: Understand what you need vs. what you want.

32

mozilla / Public

33

mozilla / Public

Tip 3: Find old data. Evaluate if you still need it.

34

mozilla / Public

When was the last time you...

• Reviewed how old your data was?
• Determined how long you actually need certain pieces of data?
• Looked at the data you were collecting to confirm you actually use all of it?

​

These are just a few questions you should ask yourself!

35

mozilla / Public

Tip 4: Evaluate your unverified accounts. Determine how long you need that data.

36

mozilla / Public

37

mozilla / Public

Tip 5: Evaluate inactive accounts and unengaged accounts. Determine how long you need that data.

38

mozilla / Public

39

mozilla / Public

40

mozilla / Public

Tip 6: Auto-schedule periodic audits to confirm your policies (including established retention periods) are being enforced.

41

mozilla / Public

42

Tips for Staying Lean

• If you don’t need it, don’t collect it.
• If you don’t need it anymore, dispose of it.
• If your customers haven’t used your product for a long period of time, consider removing them.
• Identify areas for periodic review (audit) to ensure your established policies are being followed.

mozilla / Public

Recap!

43

Principle 3 of 3

Build Security

mozilla / Public

44

mozilla / Public

Tip 1: Plan for security in advance.

45

mozilla / Public

46

mozilla / Public

Tip 2: Secure data at every stage.

47

mozilla / Public

Use physical, administrative, and technical security measures to secure throughout the data lifecycle

48

Data usage

Data collection (or creation)

Data sharing

Data retention

Data destruction (or deletion)

mozilla / Public

Tip 3: Require strong authentication and authorization.

49

mozilla / Public

50

mozilla / Public

Tip 4: Have a bug bounty program. Manage and report product security issues and fixes.

51

mozilla / Public

52

mozilla / Public

53

mozilla / Public

54

Tips for Building Security

• Determine how data will be protected through the data lifecycle.
• Choose partners and service providers who will handle the data securely and in alignment with your business expectations.
• When issues do arise, communicate your security mitigations clearly to the public.

mozilla / Public

Recap!

55

Downloadable LDP toolkit available!

56

Thank You