ICO: Privacy in the product design lifecycle
"Privacy in the product design lifecycle" guidance is written for technology professionals such as product and UX designers, software engineers, QA testers, and product managers.
From the Information Commissioner’s Office:
The case for privacy – Your organisation must comply with relevant laws. But there are also pressing reasons beyond legal compliance to prioritise privacy. For example, the risk of harming people and society itself, as well as the business risks to organisations.
Privacy in the kick-off stage – including kick-starting collaboration, mapping your product’s personal information needs, and ideas on weaving privacy into your business case.
Privacy in the research stage – including gathering up-front perspectives on privacy, testing of work in progress, and ways to protect the personal information of research participants.
Privacy in the design stage – including choosing the right moments, obtaining valid consent, and communicating privacy information in ways people understand.
Privacy in the development stage – including defining the appropriate amount of personal information required, exploring technical solutions that enhance privacy, and protecting personal information in development environments.
Privacy in the launch phase – including conducting pre-release checks, factoring privacy into rollout plans, and deciding how best to communicate changes.
Privacy in the post-launch phase – including monitoring and triaging fixes, reappraising expectations and norms, and celebrating privacy successes.
Further reading