How Lyft Scaled Privacy Reviews from Hundreds to Thousands with TerraTrue

Since its start in 2012, Lyft has revolutionized urban transportation. But as the company grew, so did its privacy challenges. With only two team members conducting around 200 privacy reviews annually, Lyft needed a solution to scale its privacy operations without compromising on quality or speed.

Enter TerraTrue.

The Challenge: Scaling Privacy Reviews Amid Rapid Company Expansion

When Brittany Rhyne joined Lyft as a Privacy Analyst four years ago, she faced a daunting task. The privacy team was vastly outnumbered by the rest of the business, conducting hundreds of reviews each year using manual processes and Google Docs.

"We didn't really have the opportunity to build that deep knowledge on a particular product or feature because we were rotating reviews, and we were still working on building those relationships across the teams," Rhyne said to TerraTrue.

With Lyft preparing to go public, the pressure was on to launch new products and features quickly. The privacy team needed to find a way to keep up without becoming a bottleneck.

The Solution: TerraTrue's Automated Workflow and Jira Integration

Lyft identified three key areas where they needed help: visibility, scaling, and metrics.

After evaluating several vendors, they chose TerraTrue for its out-of-the-box functionality and seamless integration with their existing tools, particularly Jira.

"We are all very familiar with how frequently new privacy laws and regulations come out," Rhyne added. "To keep pace with that and make sure that you're capturing all that relevant information in your reviews is really difficult for a small team if you have a tool that constantly needs manual updating, versus something that works out of the box. So that was a key factor for us."

The Implementation: Integrating Privacy into Lyft's Engineering Workflow

Lyft's privacy team took a strategic approach to implementing TerraTrue. They integrated the new process into Jira, mirroring the workflow of their engineering teams. They even set up an on-call rotation for the privacy team, similar to the engineering teams they support.

"This meant integrating our process in Jira and mirroring the way these partner teams worked," Rhyne added. "We even adopted the same SLA metrics that other help desks use, like time-to-acknowledge new tickets and time-to-closure."

The Results: Significant Increase in Reviews, Faster Turnaround, and Enhanced Cross-Team Collaboration

The impact of implementing TerraTrue was immediate and far-reaching:

• Increased visibility: The privacy team gained early insight into product development, allowing them to provide timely guidance.
• Improved relationships: The new system fostered better collaboration between privacy, product, and engineering teams.
• Economies of scale: By merging privacy and security reviews, Lyft eliminated redundancies and improved overall efficiency.
• Meaningful metrics: The team can now easily track and report on risk levels and SLAs, providing valuable insights to leadership.

"There is a really positive relationship between our teams," Rhyne notes. "Privacy has worked on showing how we enable the business through this proven commitment to reducing the review burden on the product and [engineer] teams, and improving our transparency throughout the process by providing upfront SLAs."

By leveraging TerraTrue, Lyft's privacy team transformed from a potential bottleneck into a strategic enabler of the business. They've proven that with the right tools and approach, even a small team can effectively manage privacy at scale in a fast-paced, innovative environment.

Interested in learning more on how Lyft transformed and enhanced their privacy operations? Read the full case study here.