INSIGHTS
Good Research leads to good decisions.
We strive to foster a culture of lifelong learning in which we can discover, grow, and share our discoveries with the world.
TALK
The Missing Link in Privacy Risk Assessments
Jared Maslin
September 2023
You've heard Jared Maslin's case for investing in data privacy and his call to businesses not to wait for regulation. In this PEPR '23 talk, he introduces a persona-based approach developed to enable organizations to assess their own unique risk appetite, defining a fit-for-purpose, prioritized risk assessment that can be implemented in a sustainable manner and can successfully adapt to constant changes in global privacy regulation.
BLOG
The Three C's of Privacy Engineering
Eric Khumalo and Jessica Traynor
August 2023
Eric Khumalo continues his journey to understand the nuances and complexities of privacy engineering. Here he describes what he calls the Three Cs of Privacy Engineering: classify, contextualize, and communicate.
BLOG
Data Maps for All
Jennifer Chen
July 2023
Jennifer Chen shares how we created a completely new visual tool for visualizing the flow of personal information through an enterprise.
BLOG
Privacy Engineering in Action: Learning About Trackers
Eric Khumalo
May 2023
Eric Khumalo continues his journey to understand the nuances and complexities of privacy engineering. Here he describes learning about trackers.
BLOG
The Business Case for Privacy
Jared Maslin
April 2023
Convincing business leaders to “pay for privacy” centers around building a stable foundation for continued privacy compliance in a way that doesn’t break the bank and actually has a hope of sustained success.
BLOG
Privacy Engineering in Action
Eric Khumalo
September 2022
In early 2019, Eric Khumalo started Emzini weCode to teach computer science to kids in Zimbabwe and beyond. “Emzini” means house in Zulu. Eric hopes anyone can come in to learn to code and learn more about technology. Here, he describes applying his privacy engineering skills to the organization, specifically when working with student data.
EVENT
Getting Curious on Solano Ave
Cassia Artanegara
September 2022
Data Curious is an online resource supported by Good Research in collaboration with the Center for Digital Civil Society at University of San Diego. At the 2022 Solano Stroll, Good Research sponsored a Data Curious booth to meet our neighbors in Albany, CA and help people get curious about their data.
BLOG
Privacy Engineering in the Real World
Eric Khumalo
August 2022
Good Research Data Scientist & Privacy Engineer, Eric Khumalo, cites a recent conference as a use-case for the importance of privacy engineering.
BLOG
Finding the right privacy operating model for you
Jared Maslin
April 2022

"Write your principles in pen and your business model in pencil." Josh Kopelman, Entrepreneur and Venture Capitalist

Privacy has risen to the top of many organizations' priorities. Regulators are rolling out new regulations, customers are asking organizations to address privacy and describe their approaches. Where does privacy live at your company? Where should it live? How do you decide?

BLOG
All in the Family: Privacy is Security's Younger Sibling
Jared Maslin
February 2022

"We came into the world like brother and brother; And now let's go hand in hand, not one before another." William Shakespeare

As privacy transitions from a compliance issue to a board issue, we can learn from experienced information security professionals who have navigated many of the obstacles privacy professionals are experiencing today.

BLOG
Privacy as a Practice
Nathan Good & Maritza Johnson
February 2022
Although defining privacy remains elusive, we can all agree that organizations need to do more than write a privacy policy. There’s what you are required to do with user data, most often informed by laws and regulations. And there’s what you should do with user data. In this post, we outline how Good Research approaches privacy.
TALK
UXR Conf: UX in a number-heavy world: Strategies for better quant-and-qual collaborations
Will Monge & Jenny Lo
February 2021
In a world in which decision-makers increasingly want numbers to base or back their decisions, how can user researchers take a larger role in partnership with data-science? In this talk, Jenny and Will discuss aspects of data-science workflow, identify commonalities between the two disciplines and present a taxonomy of the constraints standing in the middle of fruitful collaboration. We hope to gear attendees with concrete strategies on how to tackle these situations and maximize the overall value of research.
BLOG
Good Research and Data Privacy Day
The Good Research Team
January 2021
Happy Data Privacy Day!
BLOG
Defending Your Data
Will Monge
December 2020
De-identification and Differential Privacy.
TUTORIAL
EPIC 2020: Beyond “Quant-vs-Qual”: Creating Collaborative Inquiry
Will Monge, Jenny Lo, & Alex Hughes
Oct 2020
This tutorial's goal is to empower ethnographers to develop more holistic, interdisciplinary programs of inquiry for their projects, teams and organizations. This tutorial focuses pn the core principles underlying research and inquiry of all kinds, establishing frameworks that unite rather than divide the current research “camps.”
BLOG
Weathering a Privacy Storm
Weathering a privacy storm
Nathan Good and Cennydd Bowles
October 2020
Two years ago, the New York Times lifted the lid on the dangers of location tracking, but the tech industry shrugged. Now authorities are fighting back.
WEBINAR
Quant & Qual on Common Ground: Collaboration among Researchers of All Stripes
Will Monge, Jenny Lo, & Alex Hughes
July 2020
This webinar focuses on the core concepts and concerns shared by all researchers and how this common ground establishes a basis for closer collaboration among researchers of all stripes. We’ll discuss the constraints we experience as qualitative and mixed methods researchers, a vocabulary for communicating the value of ethnographic work to quantitative colleagues, and strategies for more fully and effectively integrating ethnographic work into research and business cycles.
WEBINAR
Empirical Assessment of Privacy Risks in Data
Nathan Good et al.
March 2020
This webinar reflects our experiences with motivated intruder tests. Building on recently published work with clinical trial data it will describe the drivers for these types of tests from a business perspective, how to conduct them, and an overview of lessons learned across multiple studies over the last couple of years on different types of data.
paper
Evaluating the re-identification risk of a clinical study report anonymized under EMA Policy 0070 and Health Canada Regulations
Nathan Good, Jennifer Chen, & Will Monge
February 2020
Regulatory agencies, such as the European Medicines Agency and Health Canada, are requiring the public sharing of clinical trial reports that are used to make drug approval decisions. Both agencies have provided guidance for the quantitative anonymization of these clinical reports before they are shared. There is limited empirical information on the effectiveness of this approach in protecting patient privacy for clinical trial data. In this paper we empirically test the hypothesis that when these guidelines are implemented in practice, they provide adequate privacy protection to patients. An anonymized clinical study report for a trial on a non-steroidal anti-inflammatory drug that is sold as a prescription eye drop was subjected to re-identification. The target was 500 patients in the USA. Only suspected matches to real identities were reported.
Panel
2020 Vision on Privacy for Telematics Panel: Privacy Engineering, Compliance & Technical Innovation Trends
Nathan Good
January 2020
This panel held at Geotab Connect 2020, focused on privacy engineering and technology trends related to IoT, paying special attention to connected vehicles.
WEBINAR
What's Fair in A Data Mediated World?
Nathan Good, et al.
October 2018
This EPIC2018 panel addresses questions of fairness and justice in data-centric systems. While the many social problems caused by data-centric systems are well known, what options are available to us to make things better?
paper
Turtle Guard: Helping Android Users Apply Contextual Privacy Preferences
Nathan Good, Jennifer Chen, et al.
July 2017
Current mobile platforms provide privacy management interfaces to regulate how applications access sensitive data. Prior research has shown how these interfaces are insufficient from a usability standpoint: they do not account for context. In allowing for more contextual decisions, machine-learning techniques have shown great promise for designing systems that automatically make privacy decisions on behalf of the user. However, if such decisions are made automatically, then feedback mechanisms are needed to empower users to both audit those decisions and correct any errors. In this paper, we describe our user-centered approach towards designing a fully functional privacy feedback interface for the Android platform. We performed two large-scale user studies to research the usability of our design. Our second, 580-person validation study showed that users of our new interface were significantly more likely to both understand and control the selected set of circumstances under which applications could access sensitive data when compared to the default Android privacy settings interface.