OneTrust is a privacy program management platform that support organizations to adhere compliance with the data privacy, governance and security regulations across sectors and jurisdictions.
As a UX designer who worked on both privacy-focused module (Data Mapping) and OneTrust's automation workflow solution (Integration), I worked with product managers and developers from these two products to design an automated data discovery & classification solution that aims to bridge privacy program management with automation workflows.
Businesses store large volume of customer data in various types of data sources. Understanding what data is being stored and where are they stored is critical to ensure compliance with global privacy regulations and preventing data breaches, policy violations. Important and sensitive data often get lost in various data sources, manually searching for sensitive data is challenging and time consuming.
An application that uses automation and intelligence (AI) to help businesses discover and classify data to automate privacy rights fulfillment and demonstrate compliance with global privacy regulations.
Users & Goals
After talking to subject matter experts and potential clients, we've identified that our users' roles are mainly data engineers, solution architects and data stewards. They are typically very technologically savvy, need to be able to setup connections to their companies' data sources, run scheduled scans to discover and classify data with high accuracy, and review & approve scan results to populate privacy product like data mapping and data catalog while collaborating with people like data privacy officers whom would utilize the data to demonstrate compliance.
Define Problems & Scope
In order to tackle the most important problem for our users. We narrowed down the problems we want to solve and scoped them into phases.
How might we guide users through the process of connecting to various data sources?
How might we help users to take actions on the scan results?
How might we help users to monitor the status of their scans and troubleshoot as needed?
How might we enable users to customize building blocks of data source connections such as classifiers and scan profiles?
How might we provide a flexible review process that's more efficient and fits different users' needs?
How might we use data visualization to provide insights to our users?
After going through brainstorming session and competitive research, we iterated on the critical user flows and wireframes.
Connect to Data Source
Leverage pre-built templates to create connection to on-premise and cloud data sources with a guided flow. Configure scans to run on a schedule or execute scans manually. Monitor event logs for scan's status.
Review Discovery & Classification Results
Take actions on classification results efficiently by utilizing aggregated views and flexible filters and taking bulk actions on "low-hanging fruits". Make informed decision based on the confidence score and sample data for each recommendation.
Build Customized Connections
Advanced users can build their own classifiers that detect unique data (e.g. "traveler ID" for an airline company) using pattern matching and regular expression. Additionally, users can customize specific data to detect for different data sources by creating classification profiles.
Lightweight Data Discovery Solution
We designed "vision" prototypes for a lightweight data discovery solution which is tailored towards smaller businesses and their privacy teams while maintaining the core data discovery functionalities.
Data Discovery is a relatively new market. Designing for a technical solution is an eye-opening experience to me. I was exposed to technologies including regular expression, machine learning, structured & unstructured data bases, etc. I got to work with a fantastic team of product managers, data engineers, and data scientists. The challenging part of this project was the amount of ambiguity we dealt with - researching ideas for such a technical product takes time so it requires us to stay agile - design, learn, and iterate.
Though we received some great feedback from both external clients and internal support teams, we also heard some feedback around how the product is very complex to learn and use for someone with limited technical savviness. We have identified a few areas in the application where the UX can be simplified to meet more users' needs. We are planning on doing more UX research projects to find out what's the most critical area to tackle first.