Redesigning the VMware AirWatch Privacy Policy

Image for post

The Premise

VMware AirWatch can be installed on corporate and personal devices to access company resources such as email, documents and productivity apps. When a company tells employees to install AirWatch on their phones to access company email, they might ask, ?What can my manager see? Will my company know which apps I have on my phone? Can my company see my pictures or my browsing history??

Our user experience (UX) team set out to address the issue of how end users perceive tools like AirWatch being installed on their devices, particularly personal devices.

We realized much of the stigma associated with installing AirWatch came from a lack of knowledge about what AirWatch actually does.

Our goals were simple.

The first one was to maintain transparency at all levels, since AirWatch forms a conduit between employers and employees.

Our second goal was to educate both employers and employees on best practices to maintain employee privacy.

Considerations

Privacy policies are usually text-based, full of legal jargon. They are difficult to quickly scan through and parse for information most relevant to you. However, we did not want to replace the existing privacy policy. We were designing for the enterprise, where legal documents are necessary and irreplaceable.

What we wanted to do is design a new, visual AirWatch privacy policy that would:

  • Be easy to read and understand.
  • Be interactive and engaging for end users.
  • Answer common questions before they were asked.
  • Be customizable to the user reading it, since every company and every device type could have different data collected or monitored based on their configurations.

Here?s what we asked end users and what we found out about privacy.

We started by asking how people felt about installing AirWatch on their phone. We received answers such as ?To get what? Email and data and content? I would love that!? The high benefit of installing AirWatch to access company resources was never questioned.

However, we also heard things such as, ?I would be anxious. I would also be paranoid about what data is being collected.? We also heard, ?How does it affect my device?confidential and personal things sent to me being put out there. Who gets to see it? I think AirWatch is geared to look out for the company, not me.?

Based on these conversations, we sketched our initial concepts. We wanted to start with a positive message and visuals inviting the users to interact with the privacy policy.

We decided to focus on two main things:

  1. What data AirWatch could collect (including Work Apps, Device Details, etc.)

2. What AirWatch could do with the device (such as sending notifications and resetting passwords).

Image for postBased on initial conversations with customers, we conceptualized a new, visual AirWatch privacy policy that would be easier to read and more engaging.

Next, we conducted design reviews with AirWatch employees.

We found that it was better to chunk information together. What AirWatch collects depends on a company?s policies and admininstrator, so some companies may collect information such as GPS but others may not. We found that if a company does not collect this information, it was better not to show it at all.

We also found that most users are only interested in the ?Big Four?: browsing history, text messages, pictures and personal email. It was very important to inform users that AirWatch could not monitor any of these.

Keeping these considerations in mind, we created some high-fidelity prototypes. During this phase we also worked on the visual language to keep the tone and feel as friendly, open and approachable as possible.

Image for postThese prototypes show the new, visual AirWatch privacy policy in action.

Once we completed our prototype, we conducted some A/B tests with AirWatch employees to evaluate two variations.

The major finding from this test was that notifying users that AirWatch does not collect the Big Four was imperative.

Although we explicitly showed users what data is collected, doubts about whether pictures or personal messages are collected were not assuaged. We decided to go with version B where we included a ?What we cannot see? section.

Image for postTo the right, users can see what data AirWatch does collect. To the left, users are reminded what data AirWatch never collects.

We then went out in the field to conduct tests with our end users.

The aim was determining when users would like to see this information in the overall enrollment process. Participants went through the entire process with us, from being informed that they need to install AirWatch on their phones through an email from their company to installing the AirWatch agent. We noted their questions and concerns at each stage, and we found that concerns usually arose right at the beginning of the process.

So in our final implementation, employees can see their customized privacy policy online when they receive that first email from their companies. Questions need to be addressed once they enroll, too, so a web clip with the privacy policy is installed on the device.

Image for postThe privacy policy web clip appears on all devices and form factors

Designing the AirWatch privacy policy has been challenging, but it?s fun and rewarding to address the end users of an enterprise service.

I look forward to improving the product over the next few months to make AirWatch simple for the consumer!

Image for postCatch up on the VMware UX Series here.

Read more:

  • NEW! User Experience Series: Your Guide to Delighting End Users
  • Inside the Mind of a UX Designer
  • 2017: The Year of the Digital Workspace & User Experience Technology
15