Background
Our Founder, Nathan Good, met a Director of Data Privacy from a large company at a conference eight
years ago. After this person joined another company as Chief Privacy Officer, they reached out to Nathan
for help in developing a scalable solution to their privacy problem. The company builds and manages
multinational digital communications technology.
Motivation
The company regularly produced data privacy sheets, documents that describe the processing of personal
data. However, the privacy team wanted the data privacy sheets to better communicate their data
practices to a wider audience. The existing privacy data sheets were too dense, with too much
information and limited the reach. They were used by auditors and compliance teams, so included a vast
amount of details that were not as relevant for a wider audience. We worked with a small, internal team
to create a completely new visual format to communicate the same key concepts but for a wider group of
people, from potential customers to internal teams to privacy auditors. The goal was not to replace the
existing privacy data sheets but to augment them. These “data maps” would be the first layer - easy to
understand quickly - while the privacy data sheets would be sublayers containing all the fine-print
details that interested stakeholders could read if they wanted to learn more. With the Data Map Project,
the company wanted to establish themselves as a leader in data privacy while respecting users’ privacy
concerns and complying with legal regulations.
Approach
We started by reviewing a substantial number of existing privacy data sheets for various products to
tease out the critical elements that should be represented in the visual format. The sheets included
types of personal data collected (e.g. email, uploaded files, network metadata), the purpose for its
collection and use, any security measures taken to protect the data, a map with their data center
locations, and deletion/retention rates. Much of this information was for compliance and auditing
purposes, as well as to provide in-depth detail on what exactly the company collected and why. This
process allowed us to look for patterns, common data types, and important processes that we could
translate into a visual map. We distilled the elements from the sheets, which involved condensing,
combining, and cleaning the terminology to be used in the visualization. After several iterations, we
came up with a “data map” which takes the idea of a “subway map” as a metaphor for how data travels and
is processed through a company’s data ecosystem. After the initial data map project, we wanted to
automate and scale the process so we created the Data Map Tool. After testing the tool, we made
additional improvements, as well conducted training workshops to teach other employees how to use the
Data Map Tool and the entire data map creation process itself.
Outcomes
The project was a success, not only because the company created data maps for 20+ of their other
products, but also because we were able to scale and automate the process by creating the Data Map Tool.
Both the data map project and the subsequent Data Map Tool allowed the company’s internal teams to
adhere and adapt to a more uniform, consistent format of creating privacy data sheets. Building the data
maps also (inadvertently) spurred more internal conversations between teams on what data was actually
being collected, and for what purpose, which led to more scrutiny on data collection overall.
Challenges
Distillation
To our knowledge, there hasn’t been a tool for visualizing the flow of personal information through an
enterprise before, so we had to design everything from scratch. There were many iterations before we hit
the right balance of the amount and categories of data we wanted to showcase without overwhelming the
map. It took a lot of trial and error to refine the processes so we could boil down the key components
without losing anything important or risking inaccuracy.
Automation
We also had to figure out an effective way to scale and automate the map creation, since the initial
maps were done manually. This led to the eventual creation of the Data Map Tool, which was a tool we had
to build from scratch and figure out along the way. In fact, there ended up being two versions of the
Data Map Tool: an initial version that ingested the distilled data and produced a basic map and a
second, improved version that produced a visual that required less clean-up in the final stage.
Conclusion
This case started with a chance encounter at a conference that led to a new collaboration. Although the project was a new idea and our teams had never worked together before, we were able to co-design and build a brand new thing from an idea. Not only were we able to prototype the idea, we were able to replicate it across products, and build a tool to do this at scale. We’ve since worked with the company to bring this tooling to other companies.
Thanks to Jared Maslin and Jessica Traynor.