VMware AirWatch can be installed on corporate and personal devices to access company resources such as email, documents and productivity apps. When a company tells employees to install AirWatch on their phones to access company email, they might ask, “What can my manager see? Will my company know which apps I have on my phone? Can my company see my pictures or my browsing history?”
Our user experience (UX) team set out to address the issue of how end users perceive tools like AirWatch being installed on their devices, particularly personal devices. We realized much of the stigma associated with installing AirWatch came from a lack of knowledge about what AirWatch actually does.
Our goals were simple. The first one was to maintain transparency at all levels, since AirWatch forms a conduit between employers and employees. Our second goal was to educate both employers and employees on best practices to maintain employee privacy.
We realized much of the stigma associated with installing AirWatch came from a lack of knowledge about what AirWatch actually does.
Privacy policies are usually text-based, full of legal jargon. They are difficult to quickly scan through and parse for information most relevant to you. However, we did not want to replace the existing privacy policy. We were designing for the enterprise, where legal documents are necessary and irreplaceable.
What we wanted to do is design a new, visual AirWatch privacy policy that would:
- Be easy to read and understand.
- Be interactive and engaging for end users.
- Answer common questions before they were asked.
- Be customizable to the user reading it, since every company and every device type could have different data collected or monitored based on their configurations.
Here’s what we asked end users and what we found out about privacy.
How Do Users Feel About Device Management?
We started by asking how people felt about installing AirWatch on their phone. We received answers such as “To get what? Email and data and content? I would love that!” The high benefit of installing AirWatch to access company resources was never questioned.
However, we also heard things such as, “I would be anxious. I would also be paranoid about what data is being collected.” We also heard, “How does it affect my device…confidential and personal things sent to me being put out there. Who gets to see it? I think AirWatch is geared to look out for the company, not me.”
Based on these conversations, we sketched our initial concepts. We wanted to start with a positive message and visuals inviting the users to interact with the privacy policy. We decided to focus on two main things: 1. What data AirWatch could collect (including Work Apps, Device Details, etc.) and 2. What AirWatch could do with the device (such as sending notifications and resetting passwords).
What Do Users Care About Most in a Privacy Policy?
We also found that most users are only interested in the “Big Four”: browsing history, text messages, pictures and personal email.
Next, we conducted design reviews with AirWatch employees. We found that it was better to chunk information together. What AirWatch collects depends on a company’s policies and admininstrator, so some companies may collect information such as GPS but others may not. We found that if a company does not collect this information, it was better not to show it at all.
We also found that most users are only interested in the “Big Four”: browsing histroy, text messages, pictures and personal email. It was very important to inform users that AirWatch could not monitor any of these.
Keeping these considerations in mind, we created some high-fidelity prototypes. During this phase we also worked on the visual language to keep the tone and feel as friendly, open and approachable as possible.
Is the Privacy Policy Transparent Enough?
Once we completed our prototype, we conducted some A/B tests with AirWatch employees to evaluate two variations. The major finding from this test was that notifying users that AirWatch does not collect the Big Four was imperative.
Although we explicitly showed users what data is collected, doubts about whether pictures or personal messages are collected were not assuaged. We decided to go with version B where we included a “What we cannot see” section.
When Do Users Want to Read a Privacy Policy?
We then went out in the field to conduct tests with people in cafes with the aim of determining when users would like to see this information in the overall enrollment process. Participants went through the entire process with us, from being informed that they need to install AirWatch on their phones through an email from their company to installing the AirWatch agent. We noted their questions and concerns at each stage, and we found that concerns usually arose right at the beginning of the process.
So in our final implementation, employees can see their customized privacy policy online when they receive that first email from their companies. Questions need to be addressed once they enroll, too, so a web clip with the privacy policy is installed on the device.
Designing the AirWatch privacy policy has been challenging, but it’s fun and rewarding to address the end users of an enterprise service. I look forward to improving the product over the next few months to make AirWatch simple for the consumer!