This is the deck from a 1-hour workshop I ran at UXBristol 2018. I would usually do this workshop with a single team and over 3 hours, but it proved a very effective, short conference workshop. Participants learned that data usually has a much more circuitous journey than usually assumed, and that they make and collect a lot more personal identifiable information (PII) than they'd thought. The point is not that we can and all should have perfect filing systems, I don't think we can, but rather that we should be more aware of what we do collect and what it means, be daily conscious as to how we're circulating peoples' data, and do regular data clean ups. Simple steps can make a big difference. This workshop didn't offer potential solutions, it was purely about data awareness. To offer solutions, I would have needed another 30 minutes at least.

1. Stuff you collect about users
people: what you make, where
it goes, and how to keep it safe
@katetowsey

2. I am Kate.
A super-fast exercise to see what you
collect about people, where it goes and
who sees it.
Expect fast and furious. Don’t expect
detail.
This is a punchy taster. Do more of this.

3. You’ll walk away with:
1. An easy-to-replicate process
2. The beginnings of a map of what you’re
collecting
3. A real understanding of where your data actually
goes
4. Tips on what to do next
5. Confirmation that you’re not alone

4. Chatham House Rule.
Be honest.
Ask me.

5. 1. On your own, write down all the things you
make or collect in doing user research.
Just the noun. One point per sticky note.
e.g. interview video, audio, survey data, analytics,
decks, show-and-tell videos, photos, diary study
data, transcriptions, consent forms, WhatsApp
messages, emails, recruitment sheets…
(3 mins)

6. 2. In your group: One at a time, put up a sticky notes and
document the flow of where that thing is made and where it
ends up. Note all the touch points and anything else
interesting on its journey.
There aren’t rules. Interrupt each other. Add things you
forgot. Discuss as you go.
As a group you’ll build up one flow chart showing similarities
and differences.
e.g. interview video: iPhone > personal email > work email >
laptop local file > Dropbox > local trash
(25 mins / 5 mins each)

9. 3. As a group, consolidate what you’ve
learned.
You’ll do a 1-minute summary back to
the whole group.
(5 mins)

10. 4. Let’s gather.
(1 min per group)

11. 1. Map out results e.g. a spreadsheet or realtimeboard.com
2. Add detail: what information each item includes; who sees this
information; who needs to see it.
3. Highlight PII (Personal Identifiable Information). See ico.org.uk and
search ‘what is personal data’.
“…can be identified or who are identifiable, directly from the information
in question; or who can be indirectly identified from that information in
combination with other information.”
Highlight sensitive personal data: race; ethnic origin; genetic data; sexual
orientation; health data etc.
4. Work with your information security and/or IT teams to find ways to
store PII that meets GDPR. If you’re a freelancer, your clients own the
data, not you. Work with them as best as you can to follow their
information security requirements.
5. No system is perfect, but by knowing its weaknesses we can do better.

13. Q&A.

14. Thank you.
@katetowsey