Data Loss Prevention @ RBC
Role
Design Engineer Intern
Timeline
May - August 2025
Team
4 Developers, Product Manager
Toolkit
Figma, ReactJS
This work is under NDA ˙◠˙
If you're interested in learning more, please contact me at ariciac@andrew.cmu.edu
01 CONTEXT & PROJECT OVERVIEW
Reimagining the Data Loss Prevention (DLP) Dashboard
I joined RBC as a Design Engineer Intern on the Data Loss Prevention (DLP) team where I was tasked with redesigning the DLP dashboard.
The current dashboard was created using Tableau, and the DLP team was looking to develop it from scratch internally. Along with two developers and a PM, I served as the sole designer on the team.
02 SOLUTION & IMPACT
Before & After
Previous Experience
01
Overwhelming information
Difficult for users to process all at once
02
Inefficient navigation
Convoluted user flows, confusing filtering system
Redesigned Experience
01
Clear hierarchy
Streamlined data visualization and UI redesign
02
Increased usability
Revised filtering and sorting system
Impact & Scope
Take a look at the numbers
480+
total users
140+
weekly users
74%
increased time efficiency
03 rESEARCH
Learning about DLP Procedures
Whether or not employees realize the risks behind their actions, potential DLP incidents are flagged every day. My first challenge was to understand how RBC approaches cybersecurity and data protection as a whole.
To build a solid foundation, I initially turned to my manager for a high-level overview and then connected with several members of the DLP team to dive deeper. However, I soon realized the best way to truly understand all the nuances when it comes to DLP protocols is to interview employees in the cybersecurity space.
Truly Understanding DLP Protocols
Through user interviews, I strove to:
Better understand DLP protocols
Learn how employees use the DLP dashboard
I created an affinity map to synthesize my findings and help me better make sense of the dashboard.
70+ surveys
participants ranged from auditors, managers, IT staff, VPs, developers and more
18 interviews
to truly understand paint points and iterate on potential solutions
04 aNALYSIS
Different users have different priorities
How might we help a wide variety of users ranging from technical auditors to VP managers understand the breadth and depth of data loss at RBC?
RBC is a large company, an different employees have extremely different use cases for the dashboard. Frequent users include auditors, managers, directors, analysts and many more. Additionally, users spanned many regions including Canada, the United States, Australia, Trinidad and Tobago, and Malaysia.
From my user research, I determined that there were two main kinds of users:
01
Internal Auditors
Determine which incidents they need to audit
Obtain information about their assigned incidents
02
Managers (of varying jurisdictions)
Understand the breadth and depths of data loss at RBC and within their jurisdiction
Prevent future incidents from occurring
Role: Internal Auditors
Role: Manager
We gained 4 key insights
01
Auditors don't have the necessary filters needed to identify their assigned incidents
02
Most mangers only seek information regarding incidents under their jurisdiction
03
Key points and summaries are necessary to supplement visual explanations
04
Access to raw data is a plus for managers, but a necessity for auditors
05 KEY DESIGN EXPLORATIONS
Layout
It was unanimously agreed upon that having 5 separate pages for the dashboard felt unitntuitive and did not enhance usability so my first step was experimenting with a single-page layout.
However, having all graphs on one page felt cluttered and required a lot of scrolling. Thus, I added a search bar, revised filtering system, and considered a log in system so that users can save their filtering prefernces..
I asked users which graphs they look at the most, and had them tell me why they used those graphs. From their responses, I was able to categorize the data into three main pages: incident volumes, incident types and outcomes, and automated blocked events.
Keep only the necessary pages
The existing dashboard had 5 pages. 4/5 pages were reported by users to have seemingly arbitrary graphs that were not sorted or clearly defined.
Additional filters for Auditors
A key pain point for auditors is that the dashboard did not have built-in filters for auditors to sift through the cases they need to asses. As a result, most auditors were manually exporting data from the dashboard as a CSV file.
I spoke with first, second, and third line auditors to identify the additional filters that should be added, sorting requirements between "must-have", "nice-to-have", and "bonus".
UI Redesign to fit RBC's Design System
RBC has a comprehensive design system called RIG. I spent hours parsing through the documentation to familiarize myself with the design system and to make sure my dashboard aligns.
Data visualization & Microinteractions
Many managers, especially ones that oversee data loss at a higher level, first focus on trends before examining numbers. The existing dashboard often had graphs that weren't cohesive with one another. I standardized all graph styles and displayed them based on most interacted with after looking at a heatmap of the existing dashboard.
06 rEFLECTION & NEXT STEPS
Reflecting back on the process, I learned to…
Make the most of interviews & surveys.
I learned that asking open-ended questions and creating space for participants to share stories often revealed deeper motivations than surface-level responses. Pairing quantitative survey data with qualitative interview feedback allowed me to validate patterns while also uncovering nuances that shaped design decisions.
Designing for a wide range of users with specific goals.
The dashboard had many different users with different (and often contradicting goals) so it wa sa challenge to find ways to display information for the users who need it while maintaining a good high level overview of the metrics.
I found that the following were particularly useful
Microinteractions
More filters
Exporting data for auditors
