Data Safety/Data Safety Consultation Meeting Notes/2011-09-28

From MozillaWiki
Jump to: navigation, search

Data Safety Consultation Meeting Details

  • Tuesday, 28 September 2011,
  • Location: <place>

Project(s) for Review: Metrics Data Ping

Agenda

  • Review prior Metrics Data Ping to-do items. Determine Action Items.

Action Items

Start-Dt Owner Action Item Due-Dt Status Comment
28-Sep Metrics Team Produce a more legible version of this information (see #3 below), for side-by-side comparison in a spreadsheet.
28-Sep Metrics Team Add a documentation link to the top of the JSON blob. That link should yield a human-readable page, including retention period.
28-Sep DS Team Look at sample data/JSON and map to 11 requested items.
28-Sep Metrics Team Document access and logging policy and security, with Coates.
28-Sep DS & Metrics Teams Plan a future policy.
28-Sep Metrics Team Add enhancement: about:metrics to show ping data, and retention period
28-Sep Sid Stamm Requirement: Sign off on the UX implementation in a bug.

Discussion Details

Data Safety Review - Metrics Data Ping

We believe that, contingent on the recommendations below, the proposed Opt-Out Metrics Data Ping feature fits Mozilla Values and Privacy Principles. Active development of this feature should proceed, with regular checkins with the Data Safety Team (fka User Data Committee (UDC)). Prior Metrics To-dos:

  1. Provide a layman's rationale for opt-out vs. opt-in.
  2. Immediately determine and document identifier strategy (e.g., installation UUID).
  3. Catalog all data elements across all Telemetry/Metrics pings. Determine data paths, retention policies, and data destruction strategies for all of these. Highlight overlaps in data collection.
  4. Determine a policy and potentially access-control mechanisms for use of the collected data: who gets access to what?
    • Action: Metrics to document access and logging policy and security, with Coates.
      [Review for Bagheera, the back end server that receives and stores user data: https://bugzilla.mozilla.org/show_bug.cgi?id=655746]
    • Action: UDC Data Safety & Metrics to plan a future policy.
    • Short term, metrics team promise not to be evil.
      [Metrics has a mission statement for privacy and data usage at https://wiki.mozilla.org/Friends/Metrics]
    • Note: retention period is up to 6 months.
  5. Begin to determine a plan for giving users access to the data that we collect.
  6. Explore and document use cases for the collected data beyond the immediate ones described.
    • Users perhaps to be able to compare themselves to the group
    • Privacy has questions regarding some of the fields to finish the privacy review, plus the opt-out experience. Privacy will follow up with specific questions that the Metrics team should address.
  7. A Security review of the architecture should be performed and kept up-to-date. Infrasec will follow up with specifics that the Metrics team should address.
    [Some discussion: https://wiki.mozilla.org/Security/Reviews/MetricsDataPing. Client code security review in progress: https://bugzilla.mozilla.org/show_bug.cgi?id=718067. For back end security review, see the Bagheera review: https://bugzilla.mozilla.org/show_bug.cgi?id=655746 .]
  8. Propose UX implementation

Follow-up Discussions

Attendees

Sid Stamm, Ben Adida, Tom Lowenthal, Alex Fowler, Gilbert FitzGerald (Metrics Data Ping)

Declined

Retrieved from "https://wiki.mozilla.org/index.php?title=Data_Safety/Data_Safety_Consultation_Meeting_Notes/2011-09-28&oldid=403541"