Data Safety/Data Safety Consultation Meeting Notes/2012-02-14/Open Badges Data Safety Questionnaire
From MozillaWiki
Data Safety Consultation Questionnaire
Project: Open Badges
Contact: Brian Brennan (brian@mozillafoundation.org)
Date request received: 15 Dec 2011
Contents
About Your Project
- Please provide a brief description about your project.
- The Open Badges project intends to provide a specification, sharing framework and storage system for achievements online.
- Please provide the links to your project documentation (both internal and external).
- What is the current state of Open Badges? Also, please provide your key release / launch dates.
- We are currently in a limited (read: unpublicized) beta. It should really be called alpha, though. We're still making lots of changes and adding features. We intend to have a wider beta in January, aiming for a stable release end of Q1.
- What are the core technical components and features?
- Built on node.js using the express framework, backed by MongoDB and mysql.
- Who are the stakeholders involved with your project (internal and external)?
- Not quite sure.
- What is the anticipated growth and usage of your service / product / site?
- Dependent on issuer uptake. Response has been positive so far; my very rough estimate is 1,000 to 10,000 users (recipients of badges) in Q2?
User Data
- What types of user data will you be collecting, maintaining and/or using through your service / product / site? Please provide list of data elements (e.g., email, name, location, log data, URLs, browser history, etc.).
- We will be collecting email addresses and URLs related to user achievement.
- How is this data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.)
- Currently it is provided directly by the third party issuer who has this information about the user through a backchannel POST. I'll be changing this before the wider beta so all data sharing is user-initiated (iframe + postMessage)
- Why do you need to collect user data?
- The focus of the project is about user achievement – providing a platform for the user to manage & share the achievements they get from various issuers in a simple and secure way.
- Do you have a privacy policy for your project / site? If so, please provide the link.
- We do not yet.
User Data Storage and Jurisdictional Considerations
- Will the user data be collected from global locations and stored in those locations? Or, will all user data be stored in the U.S.?
- All data will be stored in the U.S. This is not a requirement of the project, it just happens to be that our server is in the U.S.
- Will the user data be flowing / transferred or shared across borders (i.e., moving from one country to another)?
- Potentially. We are not limiting our service to the United States, so any issuer from any country can participate, and a user can choose to share their data from our system to any other party.
Third Party Data Sharing
- Will any user data be shared or accessed by third party partners, customers or providers? (If Yes, please respond to questions below.)
- Yes.
- What is the data being shared or accessed?
- All information in the badge (user email, URLs related to achievement)
- How would the data be communicated / transferred to the third parties?
- All data comes in as private, the user must explicity choose what information to share and whom to share it with.
- Who are the third party vendors and in what countries are they based?
- Completely dependent on the user.
IT and Data Infrastructure Considerations
- What is your data retention plan for the collected data?
- We store it until the user chooses to delete it.
- What is your data backup process for the collected data?
- We have no backup process currently.
- What are your access controls to the user data?
- User data is stored on a mongodb instance that is inaccessible to the outside world. I am the only one with access to the server.