Data Loss Prevention @ RBC

Role

Design Engineer Intern

Timeline

May - August 2025

Team

4 Developers, Product Manager

Toolkit

Figma, ReactJS

← Home

Context

Solution

Research

Problem

Analysis

Iteration

Reflection

This work is under NDA ˙◠˙

If you're interested in learning more, please contact me at ariciac@andrew.cmu.edu

01 CONTEXT & PROJECT OVERVIEW

Reimagining the Data Loss Prevention (DLP) Dashboard

It was the summer of 2024… when I dove into the fascinatingly complex world of cybersecurity and data loss prevention

I joined RBC as a Design Engineer Intern on the Data Loss Prevention (DLP) team. I was given the task of redesigning the Data Loss Prevention dashboard. The dashboard is used by approximately 400 employees on a daily to monthly basis, ranging from developers, to managers, to auditors.

The current dashboard was created using Tableau, and the DLP team was looking to develop it from scratch internally. Along with two developers and a PM, I served as the sole designer on the team.

02 SOLUTION & IMPACT

Before & After

Previous Experience

01. Overwhelming information

Difficult for users to process all at once

02. Inefficient navigation

Extensive scrolling required to find information

Redesigned Experience

01. Clear hierarchy

Streamlined data visualization, UI redesign

02. Increased intuitiveness

Revised filtering system

Impact & Scope

480+ total users

use the DLP dashboard on a monthly basis

140+ weekly users

the majority being auditors and managers

74% increased efficiency

through streamlined task completion & information retrieval

03 rESEARCH

Learning about DLP Procedures

My first challenge was to understand RBC's approach to cybersecurity and Data Loss. Prior to the summer, I had no idea what protocols might be in place when it came to a bank's security. I found myself surrounded by questions — "how do incidents get flagged?" "is there a set of strict rules that determine which incidents go against company policy?" "how does auditing work?" "how are incidents escalated?" "who takes care of these incidents?".

I found myself asking my manger lots of questions on the high level overview, as well as speaking to multiple people on the DLP team for more context.

Truly understanding DLP Protocols

70+ surveys

participants ranged from auditors, managers, IT staff, VPs, developers and more

18 interviews

to truly understand paint points and iterate on potential solutions

However, the best way to truly understand all the nuances when it comes to DLP protocols is to talk to a lot of people in the cybersecurity space.

Through user interviews, I strove to:

  1. Gain a better understanding of DLP protocols

  2. Learn how employees use the DLP dashboard

04 pROBLEM

The dashboard is frustrating to navigate, difficult to access, and the visuals are unintuitive

RBC is a large company, an different employees have extremely different use cases for the dashboard. Frequent users include auditors, managers, directors, analysts and many more. Additionally, users spanned many regions including Canada, the United States, Australia, Trinidad and Tobago, and Malaysia.

How might we help a wide variety of users ranging from technical auditors to VP managers to understand the breadth and depth of data loss at RBC to prevent future incidents from occuring?

05 aNALYSIS

Different users have different priorities

From my user research, I determined that there were two main kinds of users: auditors and managers. Auditors ranged from first line of defense, second line, etc, while managers ranged from regional managers, business unit managers to VPs, etc. Auditors and managers have different objectives:

01 Internal auditors

  • Determine which incidents they need to audit

  • Obtain information about their assigned incidents

02 Managers (jurisdiction varies widely)

  • Understand the breadth and depths of data loss at RBC and within their jurisdisction

  • Prevent future incidents from occuring

To better understand and brainstorm how I can cater the dashboard to these two main users, I created two separate current state journeys to identify potential opportunities for improvement.

Role: Internal Auditors

Role: Manager

We gained 4 key insights

01

Auditors don't have the necessary filters needed to identify the incidents they need to examine

02

Most mangers only seek information regarding incidents under their jurisdiction

03

Key points and summaries are necessary to supplement visual explanations

04

Access to raw data is a plus for managers, but a necessity for auditors

06 ITERATION

UI Redesign to fit RBC's Design System

RBC has a comprehensive design system called RIG. I spent hours parsing through the documentation to familiarize myself with the design system and to make sure my dashboard aligns.

Reorganized pages

As opposed to having 5 separate pages that many users reported to contain "an arbitrary assortment of graphs", I asked users which graphs they look at the most, and had them tell me why they used those graphs.

From their responses, I was able to categorize the data into three main pages: incident volumes, incident types and outcomes, and automated blocked events.

Additional filters for Auditors

A key pain point for auditors is that the dashboard did not have built-in filters for auditors to sift through the cases they need to asses. As a result, most auditors were manually exporting data from the dashboard as a CSV file.

I spoke with first, second, and third line auditors to identify the additional filters that should be added, sorting requirements between "must-have", "nice-to-have", and "bonus".

Data visualization & Microinteractions

I found data visualization to be especially important when designing for managers. Many managers, especially managers that oversee a larger scale, first grasp visuals before examining numbers. The existing dashboard often had graphs that weren't cohesive with one another. I sought to standardize all graphs in terms of style and general layout.

Oftentimes, graphs and data are difficult to read, so I focused on using micro-interactions to make the user interface more engaging, create moments of delight and enhance confidence.

07 rEFLECTION & NEXT STEPS

Reflecting back on the process, I learned to…

Make the most of interviews & surveys

I learned that asking open-ended questions and creating space for participants to share stories often revealed deeper motivations than surface-level responses. Pairing quantitative survey data with qualitative interview feedback allowed me to validate patterns while also uncovering nuances that shaped design decisions.

Design for a wide range of users

The dashboard had many different users with different (and often contradicting goals) so it wa sa challenge to find ways to display information for the users who need it while maintaining a good high level overview of the metrics.

I found that the following were particularly useful

  • Microinteractions

  • More filters

  • Exporting data for auditors

Thanks for stopping by!

ariciac@andrew.cmu.edu

LinkedIn

Twitter / X

Spotify

Have a sip of tea

Thanks for stopping by!

ariciac@andrew.cmu.edu

LinkedIn

Twitter / X

Spotify

Have a sip of tea