Cover Image.png
Introduction
Background

OneTrust is a privacy program management platform that support organizations to adhere compliance with the data privacy, governance and security regulations across sectors and jurisdictions. 

As a UX designer who worked on both privacy-focused module (Data Mapping) and OneTrust's automation workflow solution (Integration), I worked with product managers and developers from these two products to design an automated data discovery & classification solution that aims to bridge privacy program management with automation workflows. 

Problem

Businesses store large volume of customer data in various types of data sources. Understanding what data is being stored and where are they stored is critical to ensure compliance with global privacy regulations and preventing data breaches, policy violations. Important and sensitive data often get lost in various data sources, manually searching for sensitive data is challenging and time consuming. 

Solution

An application that uses automation and intelligence (AI) to help businesses discover and classify data to automate privacy rights fulfillment and demonstrate compliance with global privacy regulations.

Process
Users & Goals

After talking to subject matter experts and potential clients, we've identified that our users' roles are mainly data engineers, solution architects and data stewards. They are typically very technologically savvy, need to be able to setup connections to their companies' data sources, run scheduled scans to discover and classify data with high accuracy, and review & approve scan results to populate privacy product like data mapping and data catalog while collaborating with people like data privacy officers whom would utilize the data to demonstrate compliance. 

Senior Solutions Architect.png
Define Problems & Scope

In order to tackle the most important problem for our users. We narrowed down the problems we want to solve and scoped them into phases. 

Phase 1

  • How might we guide users through the process of connecting to various data sources?

  • How might we help users to take actions on the scan results?

  • How might we help users to monitor the status of their scans and troubleshoot as needed?

Phase 2

  • How might we enable users to customize building blocks of data source connections such as classifiers and scan profiles?

  • How might we provide a flexible review process that's more efficient and fits different users' needs?

  • How might we use data visualization to provide insights to our users?

Ideation

After going through brainstorming session and competitive research, we iterated on the critical user flows and wireframes.

Flow Sketch .png
Wires.png
Wire - File Tagging.png
The MVP
Connect to Data Source

Leverage pre-built templates to create connection to on-premise and cloud data sources with a guided flow. Configure scans to run on a schedule or execute scans manually. Monitor event logs for scan's status.  

Feature Image - Connect to Data Source.png
Review Discovery & Classification Results

Take actions on classification results efficiently by utilizing aggregated views and flexible filters and taking bulk actions on "low-hanging fruits". Make informed decision based on the confidence score and sample data for each recommendation.

Feature Image - Review Scan Results.png
Build Customized Connections

Advanced users can build their own classifiers that detect unique data (e.g. "traveler ID" for an airline company) using pattern matching and regular expression. Additionally, users can customize specific data to detect for different data sources by creating classification profiles.

Feature Image - Discovery Pattern.png
Feature Image - Classification Profile.png
Lightweight Data Discovery Solution

We designed "vision" prototypes for a lightweight data discovery solution which is tailored towards smaller businesses and their privacy teams while maintaining the core data discovery functionalities.

Feature Image - DDPro 1.png
Feature Image - DDPro 2.png
Conclusion
Reflection

Data Discovery is a relatively new market. Designing for a technical solution is an eye-opening experience to me. I was exposed to technologies including regular expression, machine learning, structured & unstructured data bases, etc. I got to work with a fantastic team of product managers, data engineers, and data scientists. The challenging part of this project was the amount of ambiguity we dealt with - researching ideas for such a technical product takes time so it requires us to stay agile - design, learn, and iterate. 

Next Steps

Though we received some great feedback from both external clients and internal support teams, we also heard some feedback around how the product is very complex to learn and use for someone with limited technical savviness. We have identified a few areas in the application where the UX can be simplified to meet more users' needs. We are planning on doing more UX research projects to find out what's the most critical area to tackle first.