A graduate that once was a student of mine, has hired me as an advisor for her new digital health product startup. Her product, like most digital health products, will be gathering and analyzing potentially sensitive information about its owner's health and she's determined to do whatever is necessary to create a trustworthy product that keeps all data stored within it anonymous.
In her previous consultations with people that are more experienced in the design of digital products she was told that the data analysis could be done in a smartphone app. If the analysis determines that the best course of action is for the user to go to the doctor, they can always take their phone with them and help the doctor better understand what the patient's complaint is in their first visit thanks to the data collected.
Then I asked her about why would I ever want my medical data alongside my google account or any photos that I might have taken with my smartphone, or my freelance timesheets, or any other information that might be available in my phone. What makes people think that adding a layer of encryption on that data, even in those cases in which companies are actually careful enough to add that layer of encryption, does anything at all to keep that data anonymous when at some point during its processing it actually pases through your smartphone?
It seems to me that many designers today still do not have a solid grasp on the digital media that they work with, as they often fall prey to familiar patterns in design, trends or simply assume that a specific way of doing something is the most reasonable because that's what all the other companies designing these kinds of products are doing. If privacy is a value for you as a designer you will have to think a little harder about the implications of the information flows that your digital product needs to operate. Just because your smartwatch is connected to a health app in your phone, doesn't mean that that's the way digital health products ought to be designed. This convenience is perhaps of interest to the Apple's and the Google's of the world, that make profit by using that data or by selling well-integrated products.
Privacy is a value that forces us to design with a different set of priorities, this is perhaps the reason why privacy is often neglected in the design of digital products. It's too hard, it introduces unusual workflows that might sacrifice the convenience of the product's users and keeping data private is subject to technical complications that designers are sometimes ill-equipped to understand.
If privacy is not part of the brief, there is absolutely no chance that the resulting product will safeguard the privacy of its users. Privacy is not the kind of "happy accident" that somehow happens in the design process. Either companies start bringing the issue up in their briefings or designers must start this cultural shift and bring the issue to bear on the way that they frame the client's brief. Privacy, as perceived by people, has more to do with trust than it has to do with any specific technical challenge, no amount of encryption, deletion, or any form of data-shredding can ever replace trust. Erasing data in any digital system is rather an article of faith, in most cases the data is simply de-indexed becaming unretrievable to the average user, but the data is still there and it could be made available again with some data-forensics tools. Deletion is a contentious issue in digital devices. Digital machines are exceedingly good at making copies of information, in fact one could say that the Internet is a planetary-scale copy machine of sorts, but all digital media have few provisions for absolute information erasure. What applies to deleting/erasing applies as well to other operations on data performed by machines, such as encryption. When the expert is confronted with questions involving the "deletion" or "encryption" of data, more questions should follow, and while the onus to understand the technical nuance of these actions is not on the designer, the designer must be equipped to design for scenarios that challenge these notions.