Integrating Legal Safeguards to Sustain Users’ Trust

Dr. Ann Cavoukian, Executive Director, Privacy and Big Data Institute, Ryerson University, outlines the advantages of embedding privacy in technologies, at a February 28, IABC event in Kitchener, Ontario.

Relevant Legislation & Best Practices

As my senior project is to develop a niche social media network for Canadian caregivers, it must address three key areas of Canadian/Ontario legislation:

• Privacy: Personal Information Protection and Electronics Document Act (PIPEDA) and Canada’s Anti Spam Legislation (CASL)
• Copyright: Canadian Copyright Act
• Accessibility: Accessibility for Ontarians with Disabilities Act (AODA)

In addition, I need to provide ‘Community Guidelines’  to ensure users act appropriately. Along with behaviour guidelines, I must embed references to privacy and copyright law in these guidelines. In addition, I must make it clear that this social network isn’t liable for undesirable outcomes, due to community members’ advice.

The third area, accessibility and AODA, outlines escalating legislated requirements that must be incorporated into all web properties to accommodate people with visual, audio, motor and cognitive disabilities by 2021. This presentation by Ad Web Com provides a clear explanation of this legislation and will be a good reference for developing this niche network. Similarly, CASL will control my solution’s need to take a ‘permissions-based’ approach to recruit members but will not impact online documentation.

I also need to adhere to copyright law, ensuring I am legally allowed to post specific content and providing credit, as required.

Given the sensitivity of personal healthcare information, which caregivers or my community members may share about their loved ones, PIPEDA is my highest legislative priority.

Safeguarding Trust Versus Legislation

Steps to address these areas falls under mandated legislation or legal recommendations/best practices. However, Dr. Ann Cavoukian, Executive Director, Privacy and Big Data Institute and Ontario’s former privacy officer, is advancing a global Privacy by Design standard to embed privacy as a default in all technology. For my niche network, this means ensuring that De-identification Protocols are incorporated in the code from the onset.

Furthermore, Dr. Cavoukian positions privacy as a competitive advantage, not debilitating compliance. In many ways, I think all these legal requirements/recommendations or ‘safeguards’ can be considered a competitive advantage because they all help to win and sustain the community’s trust.  I want to keep this in mind, when I address prospective members and describe this niche social network.

Legal Documentation Models 

As examples, I reviewed privacy and community guidelines for:

• LinkedIn: User Agreement, Privacy Policy, Copyright Policy
• Tyze: Terms of Use
• Carezone: Security, Privacy Policy
• The Caregiving Space: Terms of Use, Legal Stuff

One of the key tenants of transparency is making things clearer. LinkedIn, Tyze and Carezone have tried to do this in their policies/guidelines.

For example, Carezone, uses a second person voice, a reassuring tone, user-centric headings (e.g. how we protect your data) and plain language to specifically explain how it uses technology (e.g. encryption), physical safety measures (e.g. private network residing in a data centre monitored 24/7), policies and procedures to keep data private. This includes providing specific examples, such as: “We transmit your email address to UserVoice so we can interact with you through email, but we give them no further information about you.” In contrast, the Caregiving Space uses exhaustive legal terminology to explain its privacy and other guidelines, writes some sections using almost illegible all capitals, and offers vague assurances, such as: “… use industry best practices approaches about security measures to prevent the loss, misuse and alteration of the information.”  Where possible, I think it’s most effective to adopt Carezone’s voice, editorial style and more specific approach.

Both Tyze and LinkedIn go further to enhance the user experience when conveying policies and community guidelines. Tyze provides the required legal documentation, as well as a short synopsis in a conversational voice. And LinkedIn, provides friendly user-centric explanations, much like Dr. Cavoukian’s ‘privacy as an advantage’ position, and offers short (1.45 minutes or less) videos to explain user agreements and privacy. I think it will be particularly beneficial to use videos, as LinkedIn does, to explain policies and community guidelines to the caregivers network members to help ensure clarity.

Reviewing these guidelines, particularly those from Carezone and LinkedIn, gives me a framework of key topics for my network’s privacy and copyright sections. I’d like to apply Carezone’s same second person voice and plain language tone for the Community Guidelines.

For example, the Privacy and Security Guidelines should include:

• How we collect your information
• How we use your information
• How we protect your data
• Information sharing and disclosure
• Third-party services
• If there’s a problem
• Reporting a problem

There are likely more topics to address in my legal documentation but this is a ‘safe’ start.

Bracing for the Thorny Challenges of a Healthcare Network

My senior interactive media project is to develop a niche social media network for informal ‘caregivers’ (i.e., people responsible for a senior to elderly family member or other loved one). Its working name is: Social Caregivers Network (SCN).

My vision is to develop: a one-stop resource to help Canadian caregivers share and quickly access trustworthy recommendations that give their loved ones the best care. Unlike the plethora of recommendations from senior care companies with a profit-driven agenda, the SCN will give caregivers access to objective recommendations, tested by other caregivers who share their challenges. It will also save time by giving caregivers access to others’ discoveries/learnings.

Having never produced a social media network, I don’t know all the challenges but here are those that come to mind:

1. Defining Scope that Meets My Audience’s Top Priorities – Caregivers face a broad range of challenges — from finding a reliable hearing aid to making an end of life decision. While tempting, the SCN can’t cover every scenario. The challenge is to narrow the scope to a feasible mandate that delivers distinct value to the end-users. As with any interactive media project, I need to start with the audience (including key personas) and its priority needs or use case scenarios. To achieve this, I plan to survey a sampling of this audience to collect qualitative data on where the needs are greatest and criteria for success. Only then, can I select the functions/features to address these needs and define the scope.
2. Making the Interface Accessible, Compelling and Intuitive – There is no point in producing the SCN unless I strive to follow UX best practices and ensure AODA compliance. Beyond this, I plan to incorporate testing, such as a card sort, to keep the solution aligned with the audience’s habits/perceptions as it progresses.
3. Avoiding Scope Creep – Throughout this project, I’ll be challenged to keep tasks within this scope and ensure that iterations don’t include new mandates. This will be tough as I’m sure I’ll discover many ‘great’ ideas but believe by adhering to proven project management methodologies with effective tools, I can avoid this pitfall.
4. Proposing a Technically Viable Solution and Finding the Resources to Bring it to Fruition – Although I have some technical understanding, it’s a challenge to not ask for something that’s impossible to build.  More importantly, I need to find the human and financial resources to complete the SCN. For this, I’ll rely on mentors within and outside the college for technical and entrepreneurial guidance
5. Adhering to Privacy Legislation and Avoiding Liability Issues – Since the SCN deals with personal health details, it must adhere to all applicable privacy legislation in Canada, as well as possibly the US.  Similarly, I need to ensure the SCN is not liable for undesirable outcomes due to community members’ advice.  To avoid both of these issues, I’ll check applicable guidelines and invest in a legal review/opinion before it goes live.
6. Building, Nurturing and Protecting an Engaged Community – Although a social network’s long-term value is in its community and their interactions, it must be built first and nurtured. I need to develop tactics to attract members and initiate conversations/engagement, particularly in its early days.  I also need to incorporate features to mitigate/block trolls/detractors, who can tarnish the user experience.

This is my initial challenge list but I need to proactively identify and stay ahead of others as I move forward.