Data Collection: Difference between revisions

← Older edit

Data Collection (view source)

Revision as of 19:50, 11 June 2024

3,314 bytes added , 11 June 2024

Adding myself (Luke Crouch)

Groovecoder

Confirmed users

556

edits

@@ Line 12: / Line 12: @@
 Data Stewards:
-* [https://people.mozilla.org/p/chutten/ :chutten]
 * [https://people.mozilla.org/p/kennylong/ Kenny Long]
-* [https://people.mozilla.org/p/p--bmntfp44vjd5goalkoeyqy Megan McCorquodale]
 * [https://people.mozilla.org/p/jhirsch Jared Hirsch]
-* [https://people.mozilla.org/p/daniela Daniela Arcese]
+* [https://people.mozilla.org/p/adavis Alex Davis]
 * [https://people.mozilla.org/p/TheOne Andreas Wagner]
 * [https://people.mozilla.org/p/tlong/ Travis Long]
 * [https://people.mozilla.org/p/willkg Will Kahn-Greene]
 * [https://people.mozilla.org/p/p--n8wmyowcldls6pvp6ab1pj Roger Yang]
-* [https://people.mozilla.org/p/elise Elise Richards]
 * [https://people.mozilla.org/p/sancus :sancus]
 * [https://people.mozilla.org/p/charlie-humphreys Charlie Humphreys]
 * [https://people.mozilla.org/p/cboozarjomehri Cameron Boozarjomehri]
+* [https://people.mozilla.org/p/chutten/ :chutten]
+* [https://people.mozilla.org/p/sergiosonline Sergio Betancourt]
+* [https://people.mozilla.org/p/aminomancer Shane Hughes]
+* [https://people.mozilla.org/p/roux Roux Buciu]
+* [https://people.mozilla.org/p/groovecoder Luke Crouch]
 Data stewards come from a variety of teams within Mozilla, including data science, Firefox engineering, mobile products, Pocket, Common Voice, AMO, and Thunderbird. You are welcome to tag any steward for any collection request, without respect to the nature of your collection.
@@ Line 49: / Line 51: @@
 Mozilla always strives to make data reviews public.  However, there are sometimes limited sets of circumstances when we may conduct our reviews in a private bug; for example, a service is part of an agreement where the partnership is not yet public.  These reviews will be made public once the actual data collection begins.
-= Requesting Data Collection =
+= Adding or Modifying Data Collection =
+The process is slightly different for collections in [https://hg.mozilla.org/mozilla-central/ mozilla-central] code (Firefox Desktop, Firefox & Focus for Android, and Gecko) than it is elsewhere. Please consult the relevant section below.
+== Firefox Desktop, Firefox and Focus for Android, Gecko (from May 7, 2024) ==
+When a developer uploads a change to Phabricator that adds or modifies any data collection, Phabricator will automatically add the <tt>needs-data-classification</tt> tag, and explain what happens next.
+If you’re adding or modifying data collection in your Phabricator revision and this doesn’t happen automatically, please manually add this tag and then follow the same procedure.
+Once this tag is in place Herald will ask the patch author and reviewer to assess the [[#Data_Collection_Categories|correct category for the data collection ]]:
+* If the data being collected fits in the “technical data” or “interaction data” categories described there, use the <tt>data-classification-low</tt> tag.
+* If it’s any other category, or patch author and reviewer disagree about the right category, use the <tt>data-classification-high</tt> tag, and go through [[#Step_3:_Sensitive_Data_Collection_Review_Process|the sensitive data collection review process]].
+* If you think that the data in question fits in “technical” or “interaction” data but would benefit from additional review, you can also explicitly choose to use the <tt>data-classification-high</tt> tag and thereby opt in to the sensitive data collection review process.
+When using Glean for the data collection, the data classification of the new or expanded data collections should match the <tt>data_sensitivity</tt> property in the metric definitions. The entry in the <tt>data_reviews</tt> list should reflect the bug URL.
+If the reviewer is unsure or feels uncomfortable making this assessment themselves, they can [mailto:data-stewards@mozilla.com email the data stewards group] or [https://chat.mozilla.org/#/room/#data-stewards:mozilla.org contact them on matrix] for help.
+Whichever tag you choose, please '''leave a comment explaining your choice'''. Note that you will not be able to land this revision until the revision has one of these tags and you remove the <tt>needs-data-classification</tt> tag. For low sensitivity data collection, you will be able to land the patch once this sensitivity is marked and you remove the <tt>needs-data-classification</tt> tag. For high sensitivity data collection, the [https://phabricator.services.mozilla.com/project/view/209/ <tt>data-stewards</tt>] group will be added as a blocking reviewer on the patch. They will approve or request changes to the patch based on the [[#Step_3:_Sensitive_Data_Collection_Review_Process|sensitive data collection review process]].
+Patch authors are encouraged to add these tags themselves, but '''reviewers are responsible for making sure the right tag is used'''.
+If you do not yet have a code change but are in the planning stages of a change and want to proactively discuss data collection options, reach out to [mailto:data-stewards@mozilla.com the data stewards group].
+== Other Products ==
 == Step 1: Submit Request ==
 To request a review for new or changed Data Collection in a Mozilla product, Data Review requesters are required to provide the following:
@@ Line 95: / Line 123: @@
 ! Risk Assessment !! Owner !! Facilitator
 |-
-| Privacy/Technical Review || Office of the Firefox CTO || Kate Hudson
+| Privacy/Technical Review || Office of the Firefox CTO || Martin Thompson
 |-
 | Legal/Trust Review || Legal || Nneka Soyinka
 |-
 | Security Review || Office of the CSO || Marc Perreault
+|-
+| Data Review || Data || Mark Reid
 |}
@@ Line 118: / Line 148: @@
 = Data Collection Categories =
-There are four "categories" of data collection that apply to Firefox:
+There are four "categories" of data collection:
 ; '''Category 1 “Technical data”'''
@@ Line 125: / Line 155: @@
 :Examples include OS, crashes and errors, outcome of automated processes like updates, activation, version #s, etc.  This also includes aggregated compatibility information about features and API usage by websites, addons, and other 3rd-party software that interact with the application during usage.
-:  It also includes information about the user's settings that is necessary to provide functionality. For example, what applications users have connected to a service or what services users have logged into using a Firefox Account.
+:  It also includes information about the user's settings that is necessary to provide functionality. For example, what applications users have connected to a service or what services users have logged into using a Mozilla account.
 ; '''Category 2 “Interaction data”'''