This will be the first in a short series on ways to protect end-user identities when collecting feedback or testing products. As many of us become more proficient in cybersecurity best practices, it’s crucial that we don’t forget some of the low-tech ways that we can keep identities secure and maintain trust.
Going Beyond Consent Forms
If you have ever conducted or participated in research before, you have likely encountered a consent form. Most consent forms have similar language surrounding the purpose of the study, any compensation, how the data will be used, and/or what your participation entails. The consent form will ask you to sign at the bottom and inform you that you can revoke your consent at any time. These types of forms are intended to inform participants as much as possible before the study to reduce exploitation and unintentional deception, and to comply with human research protocols that many institutions have.
Excerpt from the informed consent template provided by the National Institute on Aging
However, trust and consent go well beyond forms and binary yes/no questions. Most of us know this intuitively, but it can be difficult to put this into practice as we build lasting relationships with the people who use our products or services. A research team I led developed a multi-tiered consent protocol when working with public safety personnel, as different domains of public safety (e.g., emergency responders, intelligence analysts, or public health advocates) require different levels of discretion when sharing details about their work with others. We found that giving participants these options (with the option to change or revoke their options at any time, even after speaking to us) made them feel more secure while engaging with us.
Tiers of Consent
Tiers of consent are not new, and the set I’ll be sharing is not exhaustive. This list is meant provide examples that can be used or revised by teams who might benefit from them. With each of these consent levels, we also provide participants with the option to review the data collected before making their decision. This can help with identifying information that could possibly reveal their identify and redacting it (for example, if someone is the only Intel Analyst in Alaska, including their role in a transcript would identify them!).
Tier 1: Just Notes
For this tier of consent, we do not record the session. We only take paraphrased notes based on what the participant has shared with us. Participants who work with sensitive or classified data may prefer this tier to prevent unintentionally divulging too much information.
Tier 2: Redacted Transcript
For Tier 2, we record the session and redact all information from the transcript that could potentially identify the participant (locations, names, specific projects, etc.) We also delete the video and audio after checking the transcript for accuracy. This tier allows us to use direct quotes in the participant’s voice without identifying them.
Tier 3: Audio
Tier 3 involves recording the session, (usually) retaining the redacted transcript from Tier 2 and retaining session audio. Retaining audio samples from engagements such as interviews is helpful if there is a dialogue between two or more people that may be difficult to portray in writing or if the participant’s tone adds additional context. When we retain audio from a participant, we add two sublevels of consent:
- The audio is kept within the research team only.
- Portions of the audio (without identifying information beyond their voice) can be shared beyond the research team, typically for leadership looking to understand more about end users.
Tier 4: Video
Our final tier involves retaining the video, audio (Tier 3), and (usually) the redacted transcript from Tier 2 from a session. Tier 4 is useful when conducting interactive sessions such as usability tests, where seeing direct examples of how someone interacts with a product provides more insight than describing their interaction in writing. Many product teams don’t have the opportunity to see how people use their products “in the wild”, so having a controlled sample may be the closest they come to seeing human-product interactions. Similar to Tier 3, we also provide the sublevels of consent related to how widely the clips can be shared after the session. When sharing video, it is almost impossible to prevent the participant’s identity from being revealed, so it’s crucial that they feel comfortable with this before agreeing.
Next time, I’ll talk about what happens when consent is changed or revoked and how team can handle that while maintaining the trust of their user base.
Ann Aly (pronounced like Ali) is a UX and civic tech practice leader with a background in academic research, music, and education. She combines these experiences to lead teams improving federal government services, emphasizing communal leadership and transparency. Ann holds a PhD and MA (both in Linguistics) from UCLA, and an MA (Spanish and Portuguese) and BA (Music) from Florida State University. When she’s not asking too many questions, Ann enjoys woodworking, gardening, and exploring the Shenandoah Valley woodlands near her home.
Leave a Reply
You must be logged in to post a comment.