The ICO exists to empower you through information.

The launch is not the end of the journey. It’s now time to review how people are using your work, and to consider whether you need to make fixes to protect people and their information.

Monitor and fix as required

After launching your product or feature, you should examine whether any unexpected privacy issues have arisen, and prioritise any remedial work if so:

  • In the event of serious privacy problems, such as a suspected personal data breach, you must consult data protection or legal colleagues immediately. They may need to begin formal processes straight away.
  • You could check how people engage with your product’s privacy information and data choices. If appropriate, use analytics to quantify these interactions. Try to minimise the data you collect in this work, and note that you may need people’s consent for some of this analysis.

Example

An e-commerce company is offered third-party customer tracking software that allows them to monitor a person’s mouse movements. The team declines this on privacy grounds, and chooses instead to simply analyse aggregate data on how many people visit various parts of the purchase funnel.

  • You could also look for qualitative data, including feedback from people through social media, support forums, or customer services.
  • You could also look for feedback from non-users and communities who might still be affected by your product.

Example

A new augmented reality game involves sharing photos of local neighbourhoods. The team realises this may impact privacy expectations of their players’ neighbours. The game designers therefore consult community representatives before and after launching in a new region, to understand any concerns and to integrate this feedback into future iterations.

 

Further reading

 

 

 

 

Reappraise expectations and norms

Each new release can change how people understand and interact with your product:

  • If new features significantly affect people’s privacy expectations, or introduce new privacy risks, you must review these and take them into account in the next feature or iteration.
  • If you see significant new behaviours after launch – particularly behaviours you didn’t expect – you should assess any emerging privacy implications.

Example

A team has recently launched a new video sharing platform. Follow-up research reveals the product is particularly popular with under 18’s. The team had designed the product for adults and not considered privacy risks to children as outlined by the Children’s code. This post-launch data triggered a privacy review which found several privacy risks to children that needed to be resolved immediately. The team proposes new features to mitigate the risks, and the product design lifecycle starts again.

Reflect, celebrate, and improve

Retrospectives or project reviews can help you learn from how you handled privacy topics. You could, for example:

  • discuss any privacy challenges you faced. What went well? What could have gone better? Are there habits or processes you should start or stop, to improve things for next time?; and
  • celebrate privacy successes with your team. Did you identify and mitigate a potential problem before it went live? Get the credit you deserve by discussing your success in demos, and reports, and encourage others to make privacy consideration a repeated habit.

 

 

Previous: Launch