How to protect user privacy when conducting research on opening bank accounts?

by user50599   Last Updated November 16, 2017 16:16 PM

I work for a bank and we want to redesign our online account opening process. We don't track analytics and we have limited insight into the user experience. We don't have the ability for people to open fake accounts for testing purposes, so we'll have to observe people as they open real accounts.

The user needs to input personal info (SSN, credit card numbers, payments, etc), so we need to respect their privacy. How do we respect user privacy while gathering good data? How do we put people at ease and encourage them to participate? Should we instead consider alternatives to direct user observations?

The plan is to observe users while sitting over their shoulder. I want to record the screen too but I don't want to make people uncomfortable. But that data would be very valuable so I'm not sure. My thought was to go to a bank branch and try to recruit customers when they mention to tellers that they'd like to open an account. Customers often go to the same tellers every time so they trust them. I'm hoping that the tellers can be our liaisons and put people at ease when they ask them to volunteer for research.

Thanks in advance!

Answers 1

User privacy is a very delicate and important aspect of software. This question likely requires more legal advice than UX advice.

However, here are my general UX thoughts regarding your situation:

  • Users must opt-in to have their data collected
  • Only collect anonymous metadata
  • Be up front about what you're collecting
  • Tell users how you'll use their data
  • Invest in security

Users must opt-in

It's important to establish a line of communication with the user about what you're doing. Don't sneak in data-collection policies into other agreements with the user, ask to collect their data in a clear way.

Only collect anonymous metadata

It is questionable from UX, legal, and ethical standpoints to mine personal financial data from your users (that is, data not necessary to the core service). Collect metadata about the user, and ensure it cannot be traced back to them.

Be up front about what you're collecting

If you want users to opt-in, let them know what you're collecting. This will give them peace of mind, otherwise they'll likely decline immediately.

Tell users how you'll use their data

This point doesn't always happen, as typically companies mine user data to serve them more targeted ads or services to increase revenue. Give users some reasons why collecting their data will benefit them, such as improving the service.

Invest in security

None of the above matters if a hacker can access your user metadata-base. If your cyber security and data storage teams aren't prepared, bring on help who can. As an online bank I hope I'm safe to assume you have qualified security talent.


Here is a basic example for your use case:

Help us make online banking better

Improve OnlineBank by providing us with anonymous data, such as banking frequency, types of banking actions, or other data listed here. This data is stored securely in an encrypted server, and is only used to help streamline the service for you.

Apple is a leader of user privacy among large tech companies. They achieve this using the methods I've listed here, for example:

enter image description here

November 16, 2017 16:12 PM

Related Questions

Data on forcing marketing opt-in?

Updated March 20, 2016 08:06 AM

Is there a tool to collect findings?

Updated March 14, 2016 08:06 AM