,

End User Trust Outlives Consent Forms

In my last post, I talked about ways that research consent can be more nuanced than “yes” or “no”. This second and final part explores scenarios in which consent can get complicated and trust may be endangered.

“I changed my mind”

Although it is rare, end-users can revoke previously given consent for your team to keep their data. The first time this happened to my team was with an end-user working in public safety, who we will call Mark. My team interviewed Mark about some of his workflows and asked about some recent use cases that involved our product. A few days after our session with Mark, he emailed our team and told us that his supervisor was not happy that he shared details about specific use cases and would like us to remove the data from our repository. Without question, we removed Mark’s session data from our repository and informed him that the video, audio, and notes had all been deleted. 

At our team debrief, we discussed two ways to improve moving forward:

  1. Clarify with research participants that they are not required to share sensitive information during our sessions.
  2. Note organizations or departments (including, but not limited to cybersecurity, intelligence, counterterrorism, and public health) that may require supervisor approval before end-users are permitted to participate in research.

“Who is this? Just give me their name”

Being knowledgeable about ways to respect consent and privacy are not just the responsibility of the user research team. Everybody who comes into contact with user data needs to understand what level of privacy was negotiated during that study. Sometimes, this can result in awkward conversations with leadership teams.

Earlier this year, a senior leader (let’s call them Dillon) asked me for user testimonials on a certain topic. I provided Dillon with data and referred to the end-users by their job title and a code name. Dillon was not familiar with this protocol and asked me to reveal the first and last name of a specific end-user (code-name: Sam).

I checked our consent agreement and saw that Sam did NOT give consent for this information to be shared outside the research team. I told Dillon that I could not reveal Sam’s real name without re-negotiating consent. Dillon was frustrated at first, but once I explained that we are strict about these protocols so that we can maintain trust with end-users and assure that they can be candid with us about their experiences, they understood our reasoning better.

I also determined that Dillon actually needed more information about the context in which Sam worked, as opposed to Sam’s real name. Saying “no” to leadership isn’t always comfortable, but may be necessary to preserve the trust established with an end-user.

Two ways I would improve this scenario in the future are:

  1. Educate teams (including leadership) on the research consent process and why it is important. This will prevent surprises or the misinterpretation that researchers are withholding information.
  2. Ask more probing questions during data calls to learn more about why leadership is requesting this data. Be up front about what can be provided and what would require consent re-negotiation.

“Wait…is this who I think it is?”

When end-users participate in multiple research sessions with our team, we see this as a sign that we have established trust and rapport with them. However, an unanticipated consequence of gathering more data from the same end-users (besides the methodological issues of oversampling data from a small number of users) is that having more data from the same people increases the risk that their identity may be revealed from their responses.

Let’s take the example of our (fictitious) end-user, Emily. During her first session, Emily spoke about working as a firefighter in Oregon. This alone does not reveal her identity, as there are many firefighters in Oregon. During Emily’s second session, she shared details about assisting with wildfires in California. Once again, this alone does not reveal her identity. But, if we combine data from both of those studies to include quotes or details about Emily being a firefighter in Oregon who assisted with California wildfires, it’s more likely that someone could narrow her identity down.

There are several ways to mitigate the risk of accidentally revealing end-user identities when presenting data from multiple studies:

  1. Check to see if you are including multiple data points from the same person. If so, is there a reason for this? If it is, consider redacting details that increase risk of identifying them (such as place, industry, events, or job title).
  2. If you’re trying to build a case study or profile around a certain user type and those details are important, consider asking the end-user to review the information to see if those details are identifying or if consent can be renegotiated.
  3. Keep it simple! Determine the key points you are trying to make with this data and condense it down to tighter insights. People are more likely to read shorter reports anyway. 

Data, particularly qualitative data, can have a more organic and dynamic lifespan that most people think. When we are trusted with details about someone’s life, job, or goals, we become stewards of the slices of life they share with us. In some cases, that may mean removing a record of their data entirely. By respecting the humans behind the data we collect, we exemplify the values of working in public service and improving outcomes for all.


Ann Aly (pronounced like Ali) is a UX and civic tech practice leader with a background in academic research, music, and education. She combines these experiences to lead teams improving federal government services, emphasizing communal leadership and transparency. Ann holds a PhD and MA (both in Linguistics) from UCLA, and an MA (Spanish and Portuguese) and BA (Music) from Florida State University. When she’s not asking too many questions, Ann enjoys woodworking, gardening, and exploring the Shenandoah Valley woodlands near her home.

Image by Artie_Navarre from Pixabay

Leave a Comment

Leave a comment

Leave a Reply