Privacy Champions in Software Teams: Understanding Their Motivations, Strategies, and Challenges

Mohammad Tahaei, Alisa Frik, Kami Vaniea
2021 Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems  
Software development teams are responsible for making and implementing software design decisions that directly impact end-user privacy, a challenging task to do well. Privacy Champions-people who strongly care about advocating privacy-play a useful role in supporting privacy-respecting development cultures. To understand their motivations, challenges, and strategies for protecting end-user privacy, we conducted 12 interviews with Privacy Champions in software development teams. We find that
more » ... on barriers to implementing privacy in software design include: negative privacy culture, internal prioritisation tensions, limited tool support, unclear evaluation metrics, and technical complexity. To promote privacy, Privacy Champions regularly use informal discussions, management support, communication among stakeholders, and documentation and guidelines. They perceive code reviews and practical training as more instructive than general privacy awareness and on-boarding training. Our study is a first step towards understanding how Privacy Champions work to improve their organisation's privacy approaches and improve the privacy of enduser products. CCS CONCEPTS • Human-centered computing → Empirical studies in collaborative and social computing; • Security and privacy → Usability in security and privacy; • Social and professional topics → Software management. KEYWORDS software development, privacy champions, user privacy ACM Reference Format:
doi:10.1145/3411764.3445768 fatcat:l5bulug5p5hpzhbiugphikocbu