For many organizations, especially enterprise teams who use Saas products, security always comes first. So having proper data recovery process and well designed access rights system is a must for a digital product to be successful.
“Have you ever accidentally deleted something you shouldn’t have?(…) Always remember that feeling whenever you’re designing the deletion flow of your product as it could make or break your user’s experience.”
I had encountered multiple problems related to deletion processes while designing a Saas application. From simple bugs to complex issue related to serious data loss. How to protect users who are on the “autopilot” mode from making mistakes? How can we make sure they know the importance of particular action, especially irreversible one? How can we help them bring data back easily but still provide high level of security? What to do when there is more than one administrator in the system and someone requests to delete an entire account? How to verify if the rest is on board with this decision? Is allowing having just one owner really an answer? How can we protect data but also respect companies culture and sometimes complex hierarchical systems in the large organizations?
I used to hear multiple complaints from users who accidentally deleted some team members or other valuable data stored in the system, despite having the double-protection processes like “high impact deletion” dialogs implemented. Sometimes people make mistakes and sometimes cats just walk on keyboards… But as a result in most cases it is really hard to retrieve this data and sometimes event to track who is responsible for its disappearance.
Introducing additional layers of protection which involve special approval system and in-app temporary data storage for recently deleted content were one of the solutions. It was a must and took us some time to figure out how to best provide the properly secured system that our enterprise customers would feel comfortable with.
Error prevention is a key
“Even better than good error messages is a careful design which prevents a problem from occurring in the first place” — we read in Nielsen’s Heuristics. Error prevention is one of the principles considered the most important for any system to function properly. It seems so simple, yet is not so easy to implement.
Error prevention in terms of deletion need some special tactics. It is one of those exceptional situations when we do not want to reduce friction and make it as effortless for users as we possibly can (especially for high impact ones and irreversible actions).
The term “user error” implies that the user is at fault for having done something wrong. Not so. The designer is at fault for making it too easy for the user to commit the error.” (Nielsen Group)
- We want to prevent users from deleting something by doing an unconscious mistake (habitual tapping), when they are on “autopilot” mode while doing repeatable actions and do not put their full attention to it (we can get them out of this state, allow to correct / undo)
- We want to users to understand what is happening by providing clear messages, which contains complete and precise information = conscious errors
- We want to make sure users have an option to undo, access archive, go through history/activity
- We want to make sure users are always aware which actions are irreversible
Make users life a little harder in a short run
Confirmation dialogs are there to make sure users understand the consequences of the destructive action and do it purposefully. In order to limit user mistakes, make sure even the most trivial actions are having a proper flow and clear copy. And do not forget about GDPR — EU regulation on data protection and privacy, which also applies to changing account deletion preferences and regulates users rights to request data removal. So basically, making sure the system you design meets these conditions is very important.
Use proper deletion confirmation dialogs
First of all its good to change alignement of the “delete” button (left), use red color with associated icon and make sure copy assists and directs users.
- red color is associated with errors…but also destructive actions, it captures attention so can be freely used for high impact deletions as well (icon can be helpful for visually impaired/color blind users)
- users are accustomed to having the confirm button on the right so making this simple switch can help to break the routine behavior (close-and-click) and avoid slip-type mistakes
Many apps ask to confirm that user understand the consequences (checkboxes) or require special authentication like manually typing in the password or a chosen word (even something like “delete” or company name will do). It is a double-protection strategy.
- user’s flow is being disrupted and we can force more intentional actions
- decision made in more mindful way since user need to put a little bit more effort to accomplish the goal
- user is properly informed about consequences, can scan information better since it is itemized
- user ALWAYS know when an action is irreversible (permanent deletion)
Separate cancelling from permanent deletion
Allow to pause as well next to the option to delete account permanently. Therefore users can keep their data intacted and come back later. Adding additional information can be helpful:
- inform users that there are other users using the account and revoking their access might be something they are looking for instead of account deletion (it might happen and works as a reminder that this action will affect others)
- inform what kind of data will be stored in the system during the pause (subscription cancellation)
- inform whether you allow to export data and backup the account data (permanent account deletion)
Mailchimp allows to choose from 2 options:
Allow to undo and recover data
It can be a toast with an “undo button”.
But also a space where a chosen type of data (depending on its importance) can be stored for specified period of time, so users can take it back.
- it can be an “Archived” space
- any kind of “Trash” (G Suite)
- or even “Recently deleted” page (Spotify)
- additionally sections like Activity/Version history (Dropbox) can help to track deletion details
Embracing “positive friction” is very important when it comes to preventing data loss. It can be achieved by forcing mindful actions and providing complete and accurate information. When users are aware of the weight of their actions they can make the best decisions and avoid mistakes. Along with some kind of recovery processes those strategies can bring users a sense of security and save a lot of frustrations, ultimately making your product much better!
Designing Friction For A Better User Experience
10 Heuristics for User Interface Design: Article by Jakob Nielsen
Preventing User Errors: Avoiding Unconscious Slips
UX Design and GDPR: Everything You Need to Know
Microcopy for destructive actions