Data Safety/Data Safety Consultation Meeting Notes/2011-09-28

From MozillaWiki
Jump to navigation Jump to search

Data Safety Consultation Meeting Details

  • Tuesday, 28 September 2011,
  • Location: <place>

Project(s) for Review: Metrics Ping

Agenda

  • Review prior Metrics Ping to-do items. Determine Action Items.

Action Items

Start-Dt Owner Action Item Due-Dt Status Comment
28-Sep Metrics Team Produce a more legible version of this information (see #3 below), for side-by-side comparison in a spreadsheet.
28-Sep Metrics Team Add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period.
28-Sep DS Team Look at sample data/JSON and map to 11 requested items.
28-Sep Metrics Team Document access and logging policy and security, with Coates.
28-Sep DS & Metrics Teams Plan a future policy.
28-Sep Metrics Team Add enhancement: about:metrics to show ping data, and retention period
28-Sep Sid Stamm Requirement: Sign off on the UX implementation in a bug.

Discussion Details

Data Safety Review - Metrics Ping

We believe that, contingent on the recommendations below, the proposed Opt-Out Metrics Ping feature fits Mozilla Values and Privacy Principles. Active development of this feature should proceed, with regular checkins with the Data Safety Team (fka User Data Committee (UDC)).

Prior Metrics To-dos:

  1. Provide a layman's rationale for opt-out vs. opt-in.
    • This should specify a user benefit rather than a Mozilla benefit
  2. Immediately determine and document identifier strategy (e.g., installation UUID).
    • We chose to go with installation UUID, no sync, changes when opt-out/opt-in.
  3. Catalog all data elements across all Telemetry/Metrics pings. Determine data paths, retention policies, and data destruction strategies for all of these. Highlight overlaps in data collection.
    • Ping description is at: <https://metrics.etherpad.mozilla.org/8>.
    • Action: Metrics to produce a more legible version of this information, for side-by-side comparison in a spreadsheet.
    • Aside from DE: Want Metrics/Telemetry to be the canonical place for data collection. Other pings should eventually be deprecated.
    • Action: Metrics to add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period.
    • Action: UDC Data Safety to look at sample data/JSON and map to 11 requested items.
  4. Determine a policy and potentially access-control mechanisms for use of the collected data: who gets access to what?
    • Action: Metrics to document access and logging policy and security, with Coates.
    • Action: UDC Data Safety & Metrics to plan a future policy.
    • Short term, metrics team promise not to be evil.
    • Note: retention period is up to 6 months.
  5. Begin to determine a plan for giving users access to the data that we collect.
    • Enhancement: about:metrics to show ping data, and retention period.
  6. Explore and document use cases for the collected data beyond the immediate ones described.
    • Users perhaps to be able to compare themselves to the group
    • Privacy has questions regarding some of the fields to finish the privacy review, plus the opt-out experience. Privacy will follow up with specific questions that the Metrics team should address.
  7. A Security review of the architecture should be performed and kept up-to-date. Infrasec will follow up with specifics that the Metrics team should address.
  8. Propose UX implementation
    • Requirement: UDC Data Safety (Sid) to sign off on the UX implementation in a bug.

Follow-up Discussions

Attendees

Sid Stamm, Ben Adida, Tom Lowenthal, Alex Fowler, Gilbert FitzGerald (Metrics Ping)

Declined

Retrieved from "https://wiki.allizom.org/index.php?title=Data_Safety/Data_Safety_Consultation_Meeting_Notes/2011-09-28&oldid=403459"