The privacy culture at Foursquare has long been part of the company's DNA. Starting from its inception as a consumer app, the company has always aimed to do the right thing and leaned in on privacy to do so. But in 2021, the demand for privacy guidance was high, there were limited self-service resources, and limited bandwidth for the privacy team.
Cross-functional collaboration with the privacy team had been informal, manual, and ad hoc. Because the small privacy team was heavily outnumbered by product and engineering, the process relied on individual stakeholders to know in advance that there could be a privacy issue, and hunt down the right privacy team members to help.
Given the company's growth goals, the privacy team decided it was time to uplevel its program. They needed a better way to foster cross-functional partnerships, create trust with their product and engineering teammates, and expand visibility into product initiatives much earlier to spot privacy issues from the get-go.
"TerraTrue seamlessly fits into our existing product and engineering team processes, versus us having to disrupt our development workflows to make it work. We're now in a place where everyone understands the big picture — the privacy team is not simply a passive function that waits for issues to bubble up. Rather, we proactively partner with teams and provide ideas to move innovation and our products forward, faster."
— Elizabeth Hein / Associate General Counsel, Privacy, Product & Compliance
THE CHALLENGE
Ad hoc processes, limited visibility, and a team outnumbered by engineering
No systematic intake process Cross-functional collaboration with the privacy team was informal and manual. There was no system that offered visibility to the privacy team into what was being built.
Limited bandwidth to keep up with demand The small privacy team needed to manage more assessments while staying compliant with privacy regulations, but lacked the tools to do more with less.
Privacy was disconnected from product development The process relied on individual stakeholders to flag potential privacy issues themselves. There was no way for privacy to proactively catch issues early. The team knew that embedding privacy earlier in the process wasn't going to be something they could force onto their teams — the only way to succeed was to use a process that built off existing ones.
THE SOLUTION
Privacy by design, powered by TerraTrue and Jira
Foursquare evaluated a number of vendors in the privacy ecosystem and selected TerraTrue to power its privacy by design program.
Transform intake process
Foursquare wanted to roll out a process that would not create additional work for their product and engineering teams. This was important to Foursquare; if a new process wasn't connected to an existing one, it would not be adopted. That potential friction meant that people would resist it and the program would risk reverting back to manual processes.
TerraTrue's out-of-the-box Jira integration gave the privacy team their needed visibility without creating a burden to those who filed a privacy review request. It was easy for the team to tailor the tool to reflect Foursquare privacy policies and practices with just a few clicks.
Increase team productivity
With greater visibility into every new idea and feature coming down the pike, the privacy team had to conduct more privacy reviews than ever before. This meant they needed to create efficiencies in other areas to continue to operate in compliance with the law.
TerraTrue made it easy for Foursquare to do more with less. They were able to get ahead of state law requirements with the dynamic Privacy Worksheet, which maps the product team's new features to the relevant privacy laws and returns real-time guidance recommendations. TerraTrue also helped future-proof Foursquare's privacy program. As new laws came down, TerraTrue allowed Foursquare to run an immediate gap analysis, identifying which older features needed to be re-evaluated and why based on new rules. TerraTrue eliminated the need to re-do DPIAs with each change in the law.
Foster collaboration
Because Foursquare's innovation and product development is largely driven by product and engineering teams, the privacy team aligned their practices with the existing software development lifecycle. They spent a lot of time understanding their products, people, technology systems, and roadmaps. They wanted to develop trust with these teams and their ultimate goal was to keep to planned schedules, moving things forward with a safety net.
By using the Jira integration to automatically create Launches in TerraTrue, the onus was no longer on the team to flag all privacy reviews. Privacy was present to catch issues and had their backs, regardless of what they were working on.
THE RESULTS
Reduced blind spots, faster launches, and a shared understanding of privacy
Over the past six months, the privacy culture at Foursquare matured significantly by reducing blind spots and bottlenecks, creating better visibility, increasing automation, and providing more value to the business.
Increased visibility
The privacy team works hand in hand with the product and engineering team. They are considered part of the team and even operate on the same sprint schedules. Privacy is invited to critical planning meetings at the early stages of roadmapping.
Products ship faster
When planning further down the road, product managers are used to having privacy in the room and they want them there. The new process has brought privacy to a place of trust. Everyone now knows that privacy is working with them to ensure their products go to market on time.
Greater understanding of privacy
Since implementing TerraTrue, there is now a solution that breaks down barriers of communication. Everyone is reading from the same sheet of music and people are starting to apply a heightened level of awareness to their day-to-day functions, understanding the laws the same way privacy does.
KEY TAKEAWAYS
What privacy teams can learn from Foursquare
→ Don't force a new process onto engineering. Build off existing workflows. If it's not connected to how teams already work, it won't be adopted.
→ Use Jira integration to create automatic visibility. When launches are triggered automatically, the onus is no longer on stakeholders to flag every review.
→ Align privacy to engineering sprint schedules. Operating on the same cadence builds trust and makes privacy feel like part of the team, not an obstacle.
→ Future-proof your program with dynamic assessments. As new laws emerge, running a gap analysis against existing reviews is faster than starting from scratch.
→ Invest in relationships, not just tools. Foursquare's privacy team spent time understanding