Privacy at Capital One





Privacy Design


With the California Consumer Privacy Act going into effect in 2020, Capital One needed a way to meet legal requirements while doing right by consumers




Designing and implementing Capital One's first consumer-facing data management tool, allowing consumers to request to download or delete their Capital One data


In July 2019, I started my first role at Capital One as part of the Design Development Program in the Customer Platforms and Data Ethics Design (now Privacy Design) team. During my rotation, I focused on designing the company's response to the California Consumer Privacy Act (CCPA). The CCPA allows consumers in California to request companies to see or delete the personal data they've collected about them, marking one of the most prevalent digital privacy laws to be passed in the United States. As a company, we responded by creating Capital One's first consumer-facing data management tool and opening it to all consumers, not just California residents. We offered consumers choice and control, aspiring to change privacy for good. In doing so, we meet the government mandate, ensure customer trust, and create confidence in our data practices.


Prior to starting this work, Capital One's privacy landing page didn't offer much to our customers in providing control over their privacy. It was oft-visited and used legacy design standards that were long gone elsewhere on the site. We sought to refresh this page and provide more emphasis on data practices and managing privacy options.

Early design and research

Generative and evaluative research were integral to designing this experience. After joining the Privacy team and learning about Capital One's design systems, I took part in a design sprint with my team to begin thinking about the ideal customer journey and identify the screens that would get us there. 


With an extremely rapid timeline approaching (by this point, our tech teams were scheduled  to begin development in a month), we began rapidly developing prototypes and A/B testing them with live users. This gave us the opportunity to make changes quickly and conduct further user testing to gauge performance. 


In our first high-fidelity wireframe, we used cards to carry over information in the redesign. We hoped to use the page descriptions to provide insight into what the tools provided. However, in user testing we learned that users weren't reading most of the descriptions and were skeptical about the privacy policies being pushed to the bottom. 


For the final design, we mapped out the hierarchy of elements with our product partners and worked on highlighting the types of information that users were most interested in. In subsequent user testing, this new page garnered customer trust and catered to users' expectations more effectively. 

When designing the entry page for our data request experience, user testing also helped us determine what we could do at this stage to set expectations for the experience and quell concerns. 


Our initial "front door" to the experience provided more information on what we use customer data to do and provide a means of entry for users. Users weren't sure what to do on this page and had trouble understanding where they should click.


Later, we arrived at a single call-to-action to clarify what users could do here. We also broke down the experience to clarify what users need and what they'd get in return. In our competitive analysis testing post-launch, users responded favorably to this page, and felt equipped to use the experience. 

Designing the portal

With the portal, we worked to balance regulatory compliance with a user experience driven by control and trust. To do this, we worked closely with our product and legal teams to embed the customer experience in conversations. We were able to break the mold that other companies chose to adhere to, developing a sense of choice when requesting, downloading, and deleting data. 


Instead of using data as a blanket term to describe anything we might have about a person, as most companies did, we sought to put clear labels on the data we could provide. For customers requesting their data from Capital One, they're able to request account-specific data for any of their accounts, including credit cards, bank accounts, and auto loans. They could also request to see the non-account data we collected about them, such as marketing inferences and data acquired from third-parties.


When we return someone's request for their data, we provide them with insight into what was in the request, what the data might look like, and what next steps they could take. This sets the stage for a future-state where we can provide users with a variety of privacy options and choices. 


Under the Gramm Leach Bliley Act, there are many types of data that Capital One must retain by law. Because of this, we worked to set the expectation to users requesting to delete their data that we could only delete data that isn't essential to maintaining their account functions or data that isn't federally protected under GLBA.

Final designs

Towards the end of 2019, we worked closely with senior and executive-level product and legal partners to deliver the final CCPA experience ahead of the January 1, 2020 effective date. In addition to fully-authored design specs for over 80 screens, I worked on a user guide for downloads, call center procedures, and design strategies post-launch. 

CCPA Flow - Overview.png

A new problem to tackle

Following the launch of the portal, I identified a new problem. Teams across the Privacy organization had developed systems and processes to completing data requests but had never come together to identify what the entire process looks like. There was limited documentation about what these processes looked like. The documentation that was created wasn't accessible or legible outside of the teams they were created for. We needed to understand the ecosystem we created. After realizing that this disconnect would negatively impact the team if they ever changed their processes, I partnered with product managers, team leads, and project coordinators across the Privacy organization to fix it. 

To gather information, I recruited fellow designers on my team and started conducting workshops with different teams to understand their processes. This included data processors, call center operations, data registers, and other tangential teams. We began each workshop by identifying all of the actors and actions that were involved in the team's work. We then worked with the team to identify common scenarios they experience in their work, their triggers, and the steps in their process. 


Having gathered information about the processes, I paired each designer on the team with a partner to map out how these processes play out. We identified the action involved, the actors & performers, tools, and software. Finally, we worked with partners to gather their sentiments and thoughts throughout the process.

After gathering a basic understanding of the processes our teams kept, I met individually with stakeholders to walk through their processes in their own terms and patch holes in my understanding. This gave me enough information to begin documenting and creating a way to map the entire data journey at Capital One.  

Formalizing a system map

Following our workshops, our partner teams expressed their desire to have an artifact that could fill an entire wall in the office, to serve as a single source of truth. I decided to create a service-blueprint-meets-system-map (think, the infrastructure of a service map, with the density of information allotted on a system map). 

Screen Shot 2021-06-03 at 9.55.10 PM.png

I began carrying over different steps of the process into a mapping typology that consisted of the actions, actors, and tools involved. I also included screenshots where necessary. 

Next, I mapped out the flows as identified by my partners. I was then able to create the final map by simply connecting these flows with one another. 

CCPA Current-State System Map v2 - June

And thus, the final map was born! Click on the image above to dive in.



In addition to the large (approximately 8 feet long) map, I understood that our partners would also likely need something more digestible for decks, handouts, and quick looks. Taking inspiration from postmodern subway maps, I applied that abstraction to the map to create a "subway map" version of ours. 

CCPA Request Journey - Slide Version.png


This mapping effort was extremely influential in building the Privacy organization's roadmap. Having identified their connections, teams were able to come together to identify opportunities to simplify their processes together. The leadership team was able to rally around the need for more focus on their backend processes, including increased headcount and funding. Finally, the "subway map" was included in a pre-read that was shared with company leadership to tell the story of privacy at Capital One.