Confirmed users
152
edits
Data Safety Consultation Template: Difference between revisions
Data Safety Consultation Template (view source)
Revision as of 07:12, 16 February 2012
, 16 February 2012no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
= Data Safety Consultation = | = Data Safety Consultation Questionnaire = | ||
In preparation to present a proposal to the Data Safety Team, please use the following questionnaire. Questions are mostly Y/N to the extent that issues can be routed to the appropriate team members for consultation/guidance/resolution. | |||
* Section 1 below is the structure of the questionnaire that includes a quick administrative reference for actions to take based on the responses to the Yes/No questions. | |||
* Section 2 below is the template version to copy/paste into a new Etherpad for future teams that need to start to the Data Safety Review process. | |||
= SECTION 1 = | = SECTION 1 = | ||
== About Your Project == | == About Your Project == | ||
* Brief description of your project. (10-20 lines) | * Brief description of your project. (10-20 lines) | ||
* Please provide the links to your project documentation (both internal and external). | * Please provide the links to your project documentation (both internal and external). | ||
| Line 15: | Line 21: | ||
== Client Security == | == Client Security == | ||
* Does your project deploy or modify client-run software (such as Firefox or Android applications)? | * Does your project deploy or modify client-run software (such as Firefox or Android applications)? | ||
** YES -> File SecTeam bug | ** YES -> File SecTeam bug | ||
| Line 20: | Line 27: | ||
== Privacy Engineering == | == Privacy Engineering == | ||
* Does your project change how we generate, store, share or collect information from users? | * Does your project change how we generate, store, share or collect information from users? | ||
** YES -> file privacy review bug | ** YES -> file privacy review bug | ||
| Line 25: | Line 33: | ||
== Policy and Legal == | == Policy and Legal == | ||
* Do you have a privacy policy for your project / site? | * Do you have a privacy policy for your project / site? | ||
** YES --> Please provide the link. | ** YES --> Please provide the link. | ||
| Line 34: | Line 43: | ||
== Data Safety == | == Data Safety == | ||
* Does your project collect data from users? | * Does your project collect data from users? | ||
** YES --> Someone from Data Safety to look at bug, find out how many users' data to be involved, determine priority level (L / M / H). | ** YES --> Someone from Data Safety to look at bug, find out how many users' data to be involved, determine priority level (L / M / H). | ||
| Line 66: | Line 76: | ||
== Community Visibility and Input == | == Community Visibility and Input == | ||
*Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data? | *Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data? | ||
**YES -->If so, what communication channels are you using and what kind of input have you received thus far? | **YES -->If so, what communication channels are you using and what kind of input have you received thus far? | ||
**NO --> Stop | **NO --> Stop | ||
= SECTION 2 | = SECTION 2 = | ||
Data Safety Review Questionnaire | Data Safety Review Questionnaire | ||
| Line 76: | Line 87: | ||
Contact(s) (name(s) / email(s)): | Contact(s) (name(s) / email(s)): | ||
Date request received: | Date request received: | ||
About Your Project | == About Your Project or Activity == | ||
* Brief description of your project: | * Brief description of your project: | ||
* Links to your project documentation (both internal and external, wikis, etc.): | * Links to your project documentation (both internal and external, wikis, etc.): | ||
| Line 85: | Line 97: | ||
* Core technical components and features: | * Core technical components and features: | ||
* Stakeholders involved with your project (internal and external): | * Stakeholders involved with your project (internal and external): | ||
* Does your project deploy new or modify web application code that runs on Mozilla infrastructure? (Yes / No) | * Does your project deploy new or modify web application code that runs on Mozilla infrastructure? (Yes / No) | ||
* Does your project deploy or modify client-run software (such as Firefox or Android applications)? (Yes / No) | * Does your project deploy or modify client-run software (such as Firefox or Android applications)? (Yes / No) | ||
* Does your project change how we generate, store, share or collect information from users? (Yes / No) | * Does your project change how we generate, store, share or collect information from users? (Yes / No) | ||
* Do you have a privacy policy for your project / site? (Yes / No) | * Do you have a privacy policy for your project / site? (Yes / No) | ||
If yes, provide link: | |||
User Data | == User Data == | ||
* Does your project collect data from users? (Yes / No) | * Does your project collect data from users? (Yes / No) | ||
If yes, what type of data would you need to collect? (e.g., email, name, location, log data, URLs, browser history, etc.) | |||
(Consider that you may be collecting data unintentionally such as automatic logging by web servers) | (Consider that you may be collecting data unintentionally such as automatic logging by web servers) | ||
* Why do you need to collect user data? | * Why do you need to collect user data? | ||
| Line 107: | Line 116: | ||
D - users want notices when important changes happen | D - users want notices when important changes happen | ||
Data collected | == Data collected == | ||
A - profile picture; user submitted image (doesn't have to be their face); meets benefit A; optional | |||
B - pseudonym: users get to pick a screen name (mostly anything goes - see name policy [..] - meets benefit C. | |||
C - browserid-based authentication means we store email identifiers - meets benefit D, B. | |||
...etc... | ...etc... | ||
* How is this data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) | * How is this data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) | ||
| Line 116: | Line 125: | ||
If yes, for how long? | If yes, for how long? | ||
* Will user data be collected from global locations (outside the U.S.) and stored in those locations? (Yes / No) | * Will user data be collected from global locations (outside the U.S.) and stored in those locations? (Yes / No) | ||
If yes, provide locations (i.e., country names) for data collection and data storage: | If yes, provide locations (i.e., country names) for data collection and data storage: | ||
* Will any user data be shared or accessed by third party partners, customers or providers? (Yes / No) | * Will any user data be shared or accessed by third party partners, customers or providers? (Yes / No) | ||
If yes, please answer questions below: | If yes, please answer questions below: | ||
* What is the data being shared or accessed? | |||
* How would the data be communicated / transferred to the third parties? | |||
* Who are the third party vendors and in what countries are they based? | |||