Build services that show you care about data

IF curates this catalogue to help teams make decisions about how, when and why to collect and use data about people. Contact IF for workshops about how to use these patterns.

Expand all categories

Most recent patterns

A person's hand hovers their mobile phone over a bar code in an energy bill.
Access through a letter
An email has a link which logs you in to another service.
Authentication with a magic link
Two mobile phones side by side showing different outcomes of an automated decision. If someone parks their car in the middle of the city, the risk factor is higher than if they park their car in a monitored parking lot.
Decision testing
A dialog box asking if you if you want to give someone access to your account in an emergency.
Emergency contacts

Future pattern ๐Ÿ”ฎ

A computer monitor with the path of the cursor outlined on screen.
Ongoing authentication through behaviour
A list of data a service has permission to access.
Setting permissions up-front
Two devices being held closer together, enabling them to share data over WiFi.
Short-distance sharing
A person generates a code on their device for another person to scan.
Confirm end-to-end encryption
A prompt asking to access the location of a device to tag a photograph.
Just-in-time consent
Anonymising users using codes
Masking personal data
A service confirms a personโ€™s age without revealing their date of birth to a second device.
Minimal sharing
A security key is inserted into a computer and a checkmark is displayed on screen.
Multi-factor authentication with a physical object
A prompt on a mobile device reading Your direct debit is due in 10 days and underneath a button reading Update payment.
Notice of upcoming action
A record of events. There's an event highlighted that reads "Searched for data patterns catalogue".
Activity log
A facial recognition matrix for authentication.
Biometric authentication using facial recognition
A finger on a fingerprint scanner.
Biometric authentication using fingerprints
Group decision
Group decision
A dialog box shows a single-use code and a button which reads Use now.
One-time access
Button to query a payment.
Query an event
A mobile phone is tilted, putting it in to sleep mode.
Access based on context
A mobile screen reads "you've been inactive, signing you off in 20 seconds".
Checking if someone is still using the device
A dashboard for third-party access to an account (for example, a Google account). A third-party app called Scheduler can view, edit and remove entries in your calendar.
Delegate permissions
The words not a robot is written in wavy text, the word not is written underneath in regular text.
Detecting automation
A hand tracing an unlock pattern on the lockscreen of a mobile device.
Gesture authentication
A mobile phone detects that the user is in Manchester and offers more information about the city.
Location-based event
A code is generated on a device and entered into a computer.
Multi-factor authentication using a code generator
A code is shown in a text message on a mobile device and entered into a computer at the same time.
Multi-factor authentication using text message
An organ donor card in front a form for joining the Organ Donor's Register.
Opt-in to give consent
A block of text reads "you are giving access to health data for research purposes". Below, there's a button to opt-out.
Opt-out to remove consent
A CAPTCHA example with image recognition.
Prevent automated sign-ins with behaviour analysis
A CAPTCHA example with image recognition.
Prevent automated sign-ins with challenges
A list of randomly generated alpha-numeric codes.
Recovery codes
A form on a website asking for a 5-digit passcode to login.
Secret answer
A private link that enables people to share and view a document.
Sharing using a private link
Sign in using another account
Sign-in using another account
Sign-up with another account
Sign-up with another account
A web window showing customizable sharing settings for accessing a service.
Time-limited sharing
A message on a phone asking to confirm your password because it is a new or unfamiliar device.
Unusual activity check

Archived ๐Ÿ—„๏ธ

A website on a laptop screen with a banner which reads Welcome. This site uses cookies, read our policy here.
Implied consent

Archived ๐Ÿ—„๏ธ

A receipt showing sale of personal data.
Marketplace

Archived ๐Ÿ—„๏ธ

The same security words are displayed on two different mobile phones.
Word matching

A

A mobile phone is tilted, putting it in to sleep mode.
Access based on context
A person's hand hovers their mobile phone over a bar code in an energy bill.
Access through a letter
A record of events. There's an event highlighted that reads "Searched for data patterns catalogue".
Activity log
An email has a link which logs you in to another service.
Authentication with a magic link

B

A facial recognition matrix for authentication.
Biometric authentication using facial recognition
A finger on a fingerprint scanner.
Biometric authentication using fingerprints

C

A mobile screen reads "you've been inactive, signing you off in 20 seconds".
Checking if someone is still using the device
A person generates a code on their device for another person to scan.
Confirm end-to-end encryption

D

Two mobile phones side by side showing different outcomes of an automated decision. If someone parks their car in the middle of the city, the risk factor is higher than if they park their car in a monitored parking lot.
Decision testing
A dashboard for third-party access to an account (for example, a Google account). A third-party app called Scheduler can view, edit and remove entries in your calendar.
Delegate permissions
The words not a robot is written in wavy text, the word not is written underneath in regular text.
Detecting automation

E

A dialog box asking if you if you want to give someone access to your account in an emergency.
Emergency contacts

G

A hand tracing an unlock pattern on the lockscreen of a mobile device.
Gesture authentication
Group decision
Group decision

I

Archived ๐Ÿ—„๏ธ

A website on a laptop screen with a banner which reads Welcome. This site uses cookies, read our policy here.
Implied consent

J

A prompt asking to access the location of a device to tag a photograph.
Just-in-time consent

L

A mobile phone detects that the user is in Manchester and offers more information about the city.
Location-based event

M

Archived ๐Ÿ—„๏ธ

A receipt showing sale of personal data.
Marketplace
Anonymising users using codes
Masking personal data
A service confirms a personโ€™s age without revealing their date of birth to a second device.
Minimal sharing
A code is generated on a device and entered into a computer.
Multi-factor authentication using a code generator
A code is shown in a text message on a mobile device and entered into a computer at the same time.
Multi-factor authentication using text message
A security key is inserted into a computer and a checkmark is displayed on screen.
Multi-factor authentication with a physical object

N

A prompt on a mobile device reading Your direct debit is due in 10 days and underneath a button reading Update payment.
Notice of upcoming action

O

A dialog box shows a single-use code and a button which reads Use now.
One-time access

Future pattern ๐Ÿ”ฎ

A computer monitor with the path of the cursor outlined on screen.
Ongoing authentication through behaviour
An organ donor card in front a form for joining the Organ Donor's Register.
Opt-in to give consent
A block of text reads "you are giving access to health data for research purposes". Below, there's a button to opt-out.
Opt-out to remove consent

P

A CAPTCHA example with image recognition.
Prevent automated sign-ins with behaviour analysis
A CAPTCHA example with image recognition.
Prevent automated sign-ins with challenges

Q

Button to query a payment.
Query an event

R

A list of randomly generated alpha-numeric codes.
Recovery codes

S

A form on a website asking for a 5-digit passcode to login.
Secret answer
A list of data a service has permission to access.
Setting permissions up-front
A private link that enables people to share and view a document.
Sharing using a private link
Two devices being held closer together, enabling them to share data over WiFi.
Short-distance sharing
Sign in using another account
Sign-in using another account
Sign-up with another account
Sign-up with another account

T

A web window showing customizable sharing settings for accessing a service.
Time-limited sharing

U

A message on a phone asking to confirm your password because it is a new or unfamiliar device.
Unusual activity check

W

Archived ๐Ÿ—„๏ธ

The same security words are displayed on two different mobile phones.
Word matching