You are the PM for privacy and security at Facebook. What goal would you set and how would you measure success?

Step 1 - Understand the privacy and Security Product 

• Set of features which prevent oversharing of personal information of user 

  • Sharing when user does not want it to be shared

  • Sharing when the cost of information share is less than the business benefit it entails

• Partner with the user to keep them abreast of when and where the data is being shared 

Do we have a list of features included? If not, I would presume it would include 

• Disclaimer / notices 

• User preferences 

• Communication outside the platform 

Step 2- How does it fit into the facebook mission ?

Facebook’s mission is to connect people, enable them to create communities and express themselves.

How Privacy and security helps 

• Increasing user trust and confidence that the information is secured and under the control of the user themselves.

• Indirect impact on users' motivation and openness to participate in making new connections and sharing information. 

Vision for the product and focus area

Vision: Improve user trust and confidence in the platform so that they can participate in making of new connections and share information

Focus Area - Three potential areas of focus
 

Metrics to measure the impact in focus area

How would people interact / Use the privacy & security feature 

User Journey

• Discovery 

• Initiation 

  • Update themselves with controls and checks which Facebook has implemented

  • Interact and provide proactive inputs where possible (say setting up the preferences)

• Completion

  • Are aware of all the latest initiatives / policies 

  • Save / complete the proactive inputs 

• Feedback 

  • Feel one way or the other about the controls provided and convey the same 

Metrics 
 

Let us think about the impact it will have on the usage of facebook and its product. Ideally, a robust privacy and security solution will increase user trust and increase engagement with the product 

- Too much focus may not be the best thing

- Think of it as insurance, you got it but wish you will never use it 

Hence the feedback metrics may be good one to focus on 

North star metric

Given the nature of product, I would like to focus on the following metrics

Risks and contra metrics 

Platform engagement could be impacted by multitude of factors other than privacy 

Contra metric 

• Benchmark against the competition - # of complaints received by facebook vs # of complaints received by a competition (Google) on public forums

That's an interesting question because most people don't know that there is a product around privacy and safety. I also think that this product is encompasing FB wholistically across mutiple of externally facing FB products. Is my assumption correct here? (yes). Ok, let me ask if this comes into play for cosnumers and businesses since FB is a 2 sided market place. (correct). And also, this comes into play right from signing up to be a member of FB to buying EVent or an item being sold, etc. (correct). And I also assume that privacy and security /safety isn't just one big gaint product? (you can assume so but for the intention of this case you may consider it to be 1 product). Yes, I was about to ask that so thank you. 

Ok, so isnce I understnad the consumer side more becuase I have experienced the consumer side of user journey, can we take that route as I think about this? (sure). Shall I also assume that our goal is to increase safety / security / privacy of users? (yes that's fair). 

Alright, so I think what I will do is first think of areas where safety / security come into play because that may help me. I am not sure yet but if you are ok can I do that? (sure).

1) Registration

2) Making payments (for an event, buying something from Marketplace or maybe even Games, etc.)

3) Identity theft

These are the only areas I am able to think off hand. Are there any others you may want me to consider? (no for now 3 is fine). 

Ok, so I am thinking measuring this and seeing if it meets our threshold is important for user experience and if we provide a bad user experience or get bad press due to failures in this area, that could literally lead to loss of market value and worse case huge litigations and even dilution of FB. (correct). Understnading the importance of this, let me see what we may want to evalute. 

1) % of users reporting privacy / security concerns per day (such as didn't receive products paid for, charged double the amount, etc.)

2) # of privacy breaches reported / day

3) # of non-human created accounts (registrations) / day

4) # of transactions from a non-human account / day

5) # of melicious / fradualant activities stopped / day

I am measuring these over a period of a day since while FB is quite advanced in it's cyber security practices it's also one of the most widely used site and the most active social media and hence prob is the most vulenerable. Also, mesuring frequently is important since even a day of security breach could result in huge detrimental impact to our trusting customers. While all the above measures are critical I believe #3 is the primary one we should really keep an eye on. #3 is the core resultant of the rest (transactions, safety impacts to users and hence # of reported concerns, etc.). In terms of goal, ideal would be 0 but that's too unrealistic, I pressume, so I wuol work with Data Scientist to see what the norm is and look at what's the lowest we have obtained in a year maybe or some other time period that makes sense based on data. I would keep that number to be my min goal or maybe stretch that goal by 5% (again that specific % is soemthing that may require some thinkinng). 

Overall, we wanted to measure success and set a goal for