Data Safety/Data Safety Consultation Meeting Notes/2012-03-15/Betafarm Data Safety Questionnaire

From MozillaWiki
Jump to: navigation, search

Data Safety Consultation Questionnaire
Project: Betafarm
Contact(s): David Ascher, Ben Sternthal
Date Questionnaire received by Data Safety Team: 10 March 2012
Data Safety Review Date: Thursday, 15 March 2012

About Your Project

  1. Brief description of your project.
    • We're redoing the labs website to let people register (using Persona) and use a through-the web interface to manage the information about a project listed on the site.
  2. Please provide the links to your project documentation (both internal and external).
  3. What is the current state of your project?
    • Redoing styling, finishing some of the coding.
  4. Please provide your key release / launch dates.
    • The original goal was an EOQ1 release. We would like that to be possible, although it's possible we'll be delayed by a week or two.
  5. What are the core technical components and features?
    • It's a standard Playdoh app.
  6. Who are the stakeholders involved with your project (internal and external)?
    • Team:
      • DavidA product owner
      • Havi: content wrangler
      • Ben Sternthal: project manager
      • Paul MacLanahan: coder
      • Lee Tom: graphics
      • Rebecca billings: QA

Security

  1. Does your project deploy new or modify web application code that runs on Mozilla infrastructure? Does your project deploy or modify client-run software (such as Firefox or Android applications)? If YES to either of the above, please file a Security Review bug (see https://wiki.mozilla.org/WebAppSec/Security_Review_Request for more information)

Privacy Engineering

  1. Does your project change how we generate, store, share or collect information from users? If YES, please file a Privacy Review bug
    • Not as far as I understand the question. People can have Persona-authed accounts and minimal profile data, none of which seems like a new thing (although this is a new instance)

Policy and Legal

  1. Do you have a privacy policy for your project / site? If YES, Please provide a link to it:
    • I don't think we have one, but we should.
  2. Will user data be collected from global locations (outside the U.S.) and stored in those locations? If YES, please provide the names of the countries where data is collected and stored.
    • Yes, globally
  3. If you're collecting data only from the US, will all user data be stored in the US?
    • N/A - See above

Data

  1. Does your project collect data from users? If YES, then someone from Data Safety will look at this bug, find out how many users' data to be involved, determine priority level (L / M / H).
    • The only user data is the information needed to auth (i.e. email address for use via Persona ID) and the following profile data:
      • avatar (or whatever picture the user wants -- optional)
      • display name
      • optional website
      • optional list of links (e.g. to blogs)
      • optional bio.
    • Each individual can manage 0 or more projects (role assigned by the site admin)
    • Each individual can be part of 0 or more project teams (role assigned by the project manager)
    • Each individual can follow 0 or more projects (self-assigned)
  2. Why do you need to collect user data?
    • The purpose of the site is to build a minimal participation platform for mozilla labs project. We could do it on github, for example, but it was deemed better to have something on mozilla-controlled systems.
    • To reach this goal, it is important that visitors to the site can find out who to talk to about a project, hence the user profiles.
    • Also, being listed on a public mozilla site as belonging to a project is a non-trivial reward for contributors (paid or volunteer).
  3. Please provide list of data elements (e.g., email, name, location, log data, URLs, browser history, etc.).
    • Below is a screenshot of the form where users can enter personal data, we are reviewing our persona implementation with Jishnu next week:

betafarm-edit.png

  1. How is this data being collected? (e.g., forms on web site, provided directly by user, observed data collection, etc.) (Consider that you may be collecting data unintentionally such as automatic logging by web servers)
    • Django forms after Persona ID auth.
  2. Will your project / team members need to retain user data? If YES, for how long?
    • The database will retain user profiles until users remove them
  3. Will any user data be shared or accessed by third party partners, customers or providers? (If YES, see additional questions below.)
    • No
    1. What is the data being shared or accessed?
      • N/A
    2. How would the data be communicated / transferred to the third parties?
      • N/A
    3. Who are the third party vendors and in what countries are they based?
      • N/A

User Benefit

  1. In particular, it's useful to list the user benefits that result from this data. A possible way of describing the benefits that flow from the data is:

User Benefits: (sample!) 

A - users find applications that have their photos are more friendly/fun'
B - users want to be able to access this project from computers where they just have web access
C - users want to be informed of updates from specific other users of the site
D - users want notices when important changes happen

Data collected (sample!) 

A - profile picture; user submitted image (doesn't have to be their face); meets benefit A; optional
B - pseudonym: users get to pick a screen name (mostly anything goes - see name policy [..] - meets benefit C.
C - browserid-based authentication means we store email identifiers - meets benefit D, B....etc...
  • The profile data we're collected is what we felt was minimal to get people to be identifiable (name, picture); we're adding optional links and bio so people can customize their public profile.

Community Visibility and Input

  1. Has your proposal been shared publicly, including requirements for Mozilla to collect and host user data?
    • (See below)
    1. If YES, what communication channels are you using and what kind of input have you received thus far?
      • Not enough. We should post on the mozilla-labs newsgroup.
Retrieved from "https://wiki.mozilla.org/index.php?title=Data_Safety/Data_Safety_Consultation_Meeting_Notes/2012-03-15/Betafarm_Data_Safety_Questionnaire&oldid=417545"