Confirm
50
edits
Changes
Clarifying our review process for sensitive data collection as per Sept 14 email discussion.
Most assets involved in data review can be found [https://github.com/mozilla/data-review in this repository]. References to who fills out a form when are covered in the documentation below.
= Scope =
These guidelines are '''required''' for data collection in products with an active user base and established privacy policies under the Firefox organization, but may be applied to any Mozilla product as needed. Changes to policies themselves or the creation of a policy for a new product is out of scope of what is described here.
= Key Roles for Data Collection =
* Complex requests that pose broader policy and legal implications may be escalated to the Trust and Legal teams. (See Step 3)
== Step 3: (Optional) Escalated Response Sensitive Data Collection Review Process == === Determine if you need to follow this process ===More complex requests, like those that call for a new For any data collection mechanism that is classified as category 3 or 4 (described below) – including in pre-release channels and experiments – we require changes additional review to be performed and an announcement to a mailing list. The reason for this is that while our privacy policies describe what we can do without additional user notice, this is an upper bound; even for collection which fits within the policy, we need to determine whether that collection is appropriate and conforms to our overall commitment to privacy noticeand minimization. === Create documentation and request review=== As a first step, often require one or more it is important that the details of the following additional reviewsimplementation, intended use, and value to users be clearly documented for future reference and efficient review. As soon as this is ready (we recommend as early as possible, before you move forward with the implementation), send an email to the [https: * Privacy analysis: Feedback from the //groups.google.com/a/mozilla.devcom/g/data-review data-review@mozilla.privacy com] mailing list . The initial documentation from engineering/data stewardship andprivacy/or privacy experts within technical review should be completed as a prerequisite ahead of legal and outside security. {| class="wikitable"|-! Risk Assessment !! Owner !! Facilitator|-| Privacy/Technical Review || Office of Mozilla the Firefox CTO || Kate Hudson|-| Legal/Trust Review || Legal || Nneka Soyinka|-| Security Review || Office of the CSO || Marc Perrault|} Facilitators (named above) are expected to discuss express judgement about how much risk is involved and will involve the appropriate reviewers. If the feature level of risk is determined to be low enough and its privacy impact/or there is clear precedent, further discussion may not be necessary and each reviewer may give a sign-off immediately; otherwise, mitigations should be incorporated and documentation updated once they have been addressed. Live discussion is often very helpful – and should be planned for – when there is significant risk involved. Data collection may not be shipped to users until final sign-offs have been obtained.* Policy compliance review: An assessment from === Escalation ===In the Mozilla case of a dispute about sensitive data compliance team collection and/or which mitigations are appropriate, the proposer or any reviewer should work with one of the facilitators to determine if escalate the decision to the VP/XLT member in charge of the request matches product (e.g., Head of Firefox, Head of Pocket). Depending on the Mozilla data compliance policies scope and documentsnature of the risk, there may also be cases where escalation goes beyond the immediate product owner (i.* Legal reviewe., to the CPO or CEO). When this happens, the facilitator and escalating party: An assessment from Mozilla’s legal team.
= Data Collection Categories =
