canmove, Confirmed users
1,537
edits
Privacy/Reviews/CaseConductor: Difference between revisions
Jump to navigation
Jump to search
→Alignment with Privacy Operating Principles
| Line 194: | Line 194: | ||
====Principle: Transparency / No Surprises==== | ====Principle: Transparency / No Surprises==== | ||
( | Users of the system must create an account and use the system specifically for testing. The system's operation must be clear to the users, both by opening the source (done) and by providing information to users at appropriate times about data collection, etc. For users who upload test cases (things they created themselves), it's obvious and unsurprising what happens. | ||
''Recommendations'': ( | ''The Risk'': is that test-performing users may be submitting data to the Web App without knowing they're submitting it. For example, I may run a test and submit my results but it may not be clear whether the results contain my browsing history, search queries, etc. It should be clear when I submit data what I'm submitting. | ||
''Recommendations'': Ensure that users submitting test data to the system are aware of the types of data being submitted (and have access to the data itself). This can be done through a prompt ("Hey, thanks for finishing the test, we're going to collect x, y, z from you now") or a dashboard where users can see the type of data they submit. | |||
{{ResolutionBox|{{new|}}}} | |||
====Principle: Real Choice==== | ====Principle: Real Choice==== | ||
Users must be able to participate in the system without being asked for unreasonably wide data sets, and they must understand how the system interacts with their data. It's pretty clear that all users of this system intend to help with creating, performing or analyzing tests. | |||
''Recommendations'': | ''Recommendations'': None. | ||
====Principle: Sensible Defaults==== | ====Principle: Sensible Defaults==== | ||
Users of our other products should not be required to use this system (they're not). | |||
''Recommendations'': | ''Recommendations'': None. | ||
====Principle: Limited Data==== | ====Principle: Limited Data==== | ||
Data collected by the system should be limited to what is required for the intended functionality. | |||
''The Risk'' is that we may end up with data that never gets used for the clear value proposed to users of the system. | |||
''Recommendations'': Work with infrasec and IT/Ops to minimize logging, minimize retention window, and deploy a secure logging infrastructure. | |||
{{ResolutionBox|{{new|}}}} | |||
= Follow-up Tasks and tracking = | = Follow-up Tasks and tracking = | ||