Early Microsoft Delve users worry about privacy

During a Yammer discussion this week, some users were confused and concerned about potential privacy implications in Delve.

Just a couple days after Microsoft began rolling out Delve, its new enterprise social offering, some people are worried and confused about potential privacy implications.

Delve is a new enterprise social product that Microsoft is offering to Office 365 business customers. It shows users personalized information about recent content they've been looking at and content that's trending with co-workers.

On Wednesday, Microsoft hosted a Yammer discussion where anyone could ask questions about Delve and Microsoft employees would respond. While there was definite excitement about the product from many people who participated in the conversation, some comments pointed to a privacy challenge.

Microsoft has been thoughtful about exactly what to surface in Delve but its decisions aren't always clear to users, causing some confusion.

Delve essentially displays to users what Microsoft calls the Office Graph. The Office Graph indexes content like documents and video as well as "signals," which include things like who you email and who you share documents with.

"Every single bit of content captured in the Office Graph is captured with a permission attached," said Cem Aykan, senior product manager for Office Graph and Delve at Microsoft. For instance, documents stored in OneDrive or SharePoint have permissions allowing them to be shared with certain people.

Delve "inherits" those existing permissions, so no document will ever appear to someone who doesn't already have permission to see it, he said.

In addition, Office Graph has a notion of public and private signals.  A private signal is an email or Lync conversation between two people. Delve will never include those signals, he said. Public signals, which include your involvement in a Yammer group or on a SharePoint team, are included in Delve.

"Delve is a window into the Office Graph and it helps you discover and navigate those things," he said.

The trouble is, Delve's equation isn't always clear to users.

For instance, during the Yammer discussion, one user said that he was seeing trending documents that indicated individual co-workers who were looking at the document. Some of those files were HR documents about domestic partner insurance coverage and benefits around psychological assistance. His query drew concerns from other people who noted they wouldn't want co-workers to know that they'd looked up HR policies around maternity leave, especially before disclosing a pregnancy, or about whistle blower protection.

It turns out, that user may not quite understand how Delve displays content. Delve is comprised of "cards," or boxes that contain, for instance, an image of a document plus details like how many people have viewed it and commented on it, as well as tags. It only includes a person's name if that person has edited the document, said Aykan. Editing a document is already data that's displayed in SharePoint so it shouldn't be the kind of detail that would worry a user.

Another person noted that even though the views are anonymous, it could still be interesting to see that lots of people are suddenly looking at an HR document, like one about whistle blower protection. 

There's also a "trending around" feature that's difficult to explain and understand.  As Microsoft describes it, a document might be tagged in Delve as "trending around" a colleague but that doesn't mean the colleague has actually seen the document. In fact, the colleague might not even have access to the document, which could be a private file. However, if a user has a strong relationship with someone, like a manager, and at the same time is making frequent updates to the document, Delve would show that document as "trending around" the manager, as a sort of recommendation that the document might be useful to the manager. However, Delve wouldn't display the document to the manager.

That concept is throwing some early users. "I am kind of freaking out about how to explain some of it to 10,000 people who won't read this or listen to me -- just see that their private document is trending around their manager and well -- we won't get them back," one person wrote during the YamJam.

Another wrote: "Nothing will shut down adoption quicker than perceived (or real) privacy violations."

For now, there aren't great ways to restrict documents from Delve. You can remove a document from search but then it won't be discoverable by people searching for it. Several people suggested that it would be handy to have controls that would allow businesses to restrict some content or content types from surfacing in Delve, and Microsoft workers acknowledged those comments as feature requests. Plus, Aykan said that making sure users have the controls they want is one way Microsoft will ensure usage of Delve, indicating the company is taking such feedback to heart.

Based on the experiences of pilot users, Microsoft has learned that those that were already comfortable with using enterprise social tools had an easier time getting used to Delve and understanding its value from the start than those who hadn't used enterprise social tools previously, Aykan said.

"If you look at our legacy customer base, they're comfortable working in this predefined siloed world. This is a bit of a big change for them," he said. But he thinks that initial surprise these users may find in Delve -- like discovering that another team is working on a similar project -- will lead to a great value as those users realize they don't have to create something from scratch or that they can reach out to that other team for advice.

He also said that users who have spent more time with OneDrive and SharePoint and are familiar with the governance practices around those products have found Delve easier to understand.

So how will Microsoft try to stem this kind of confusion from derailing Delve adoption? Providing transparency so that people will know what they're seeing and why will help, Aykan said. It already added a feature during the pilot phase that lets people right click on a card to see permissions related to the content. "Another angle is to provide additional choice and control so users can see who's seeing what and so they can choose to opt in and opt out. We're doing all those things," he said.

His team will also "double down" on messaging to users so that they are sure to understand that the same governance practices they're already familiar with around OneDrive and SharePoint apply to Delve. "We'll definitely provide user guidance and adoption content, both for end users as well as IT, on how to get started with Delve and some of the tips and tricks," he said.

His team has plans to add much more to Delve. In the future it will surface information from Yammer. It may also include information from email attachments -- but only in a "work view" that shows you recently viewed documents. Email attachments wouldn't appear in anyone else's view.

Microsoft is working on Windows 8, Android, and iOS apps for Delve as well.

This story, "Early Microsoft Delve users worry about privacy" was originally published by CITEworld.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon