When we talk about metrics, we need to talk about user safety and privacy. This is especially important for opt-out experiences. This articles outlines techniques to implement and practice when deploying metrics within your app. It’s divided into three sections:
- Data Collection
- Data Transmission
- Data Storage
- De-Identify Your Data: There are several traditional ways of linking data to an individual. The most common is by IP addresses. If IP addresses are eliminated, other unique identifiers can still be used. If those are eliminated, actions over time can be used.
- Collect Minimal Data: Only the minimum amount of usage and behavioral data should be gathered to answer a determined set of questions. The frequency, range, and level of details of measurements should be as small as possible.
- Mitigate Deanonymization: Don’t collect information that could be matched with publicly available information, or auxiliary data, to discover the person the data belongs to.
- Aggregate at the Source: Possibly identifying data should not be held in any part of the system longer than necessary, aggregated at the source at the earliest possible time.
- Generalize Details (as needed): Modify the respective scale or order of magnitude (i.e. a region rather than a city, a month rather than a week). This is accomplished by diluting the attributes of user data. For example, a region rather than a city. A month rather than a week.
- Give Users Control: You always want users to be in control. Present users with an opportunity to opt-out.
- Encryption of Data in Transit: Ensure that the data is encrypted over the wire.
- Secure Your Hosting Infrastructure: Ensure that the server that hosts your metrics data is protected from man in the middle attacks, DDOS, and escalation of privilege.
- Incoming Data Validation: Think about how the server accepts data. Validate the data coming in.
- Encryption of Data on Server: Ensure that the data is encrypted on the server.
- Authentication and Account Security: Consider trust and access. Who has access to what and where? Who can get information in and out of your metrics system? Be sure to have authentication and security protocols for getting into the system.
- Data Retention: Retain data only as long as you need. Perform routine maintenance to remove data from systems or set expiration data on data. If you don’t already have one, establish a data handling policy for the product.