When You Need a Review

There's nothing worse than being moments from launch and discovering you didn't know you needed a privacy, legal, security and/or UDC review. Or worse yet, you've already launched, but didn't include an opt-in on your sign up page, so now you can't send that survey you've written to help improve your page. Or Mozilla gets criticized because your vendor is using a cookie that you didn't know about. Building reviews in up-front can save time, aggravation, reputation, and more.

If your project involves any user data, whether personal or aggregate, you will need one or more of the following pre-launch reviews:

Privacy Review

When

Needed whenever your project involves any user data.

Examples of user data include: name, email address, photographic or video images, signatures, IP address, etc.

How

Submit as a bug: (Product = Legal, Component = Privacy or EULA) Include: Scope of your project, urls, timeframe, etc.

Skip this step if you've already submitted a legal bug. Privacy and legal will often work together, transferring the bug ownership back and forth to complete your review.

Vendors will need to complete the Vendor Assessment Privacy Questions.

Why

Examples of projects that need a privacy review include:

Vendor RFPs/contracts, campaigns, online data collection activities, surveys, social media activities, hosted services.

Legal Review

When

Needed whenever your project involves a contract.

How

Submit as a bug: (Product = Legal, Component = Privacy or EULA) Include: Scope of your project, urls, timeframe, etc.

Skip this step if you've already submitted a bug to privacy (see below). Legal and will often work together, transferring the bug ownership back and forth to complete your review.

Security Review

When

Needed whenever any vendors used by Mozilla will have access to user data.

How

Ask the vendor to complete the Vendor Assessment Security Questions

User Data Council (UDC) Review

New. TBD.