canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/Process/Technical Privacy Review: Difference between revisions
Security/Process/Technical Privacy Review (view source)
Revision as of 20:34, 20 December 2013
, 20 December 2013no edit summary
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Status: Draft | Status: Draft | ||
Date: 2013. | Date: 2013.12.20 | ||
ToDo: | ToDo: Final sign-off | ||
==Purpose== | ==Purpose== | ||
| Line 16: | Line 16: | ||
#* Keyword set to ''privacy-review-needed'' | #* Keyword set to ''privacy-review-needed'' | ||
#* Summary should start with ''Privacy Review:'' | #* Summary should start with ''Privacy Review:'' | ||
# Marking a bug with the keyword ''privacy-review-needed'' | |||
#* NOTE: ''The bug should also be marked with a need-info? to :curtisk'' | |||
==Process== | ==Process== | ||
| Line 24: | Line 26: | ||
#* Privacy Champion - the privacy contact who will preform the review | #* Privacy Champion - the privacy contact who will preform the review | ||
#* Security Contact - member of the security team who may be doing other review work | #* Security Contact - member of the security team who may be doing other review work | ||
#* Document State - set to new ({{new|}}) | #* Document State - set to new ({{new|}}) with any necessary information | ||
# Dates in the Timeline section shall be updated as necessary as the issue progresses | |||
# The link to the technical privacy review wiki will then be copied in the bug and sent to the Product Champion to add information | |||
#* The focus of this information is 2 fold | |||
#** Information inputs - where, from whom, and what type of information is being gathered | |||
#** Information outputs - where, to whom (teams, systems, 3rd parties) and what type of information is being shared | |||
# Each component that is involved in data gathering or data export should be enumerated as a seperate '''Component X''' section of the wiki | |||
# If a meeting is required to review any of the information that shall be setup between the Privacy Champion, the Product Champion and any other necessary parties | |||
# When completed the wiki will be passed back to the Pricay Champion for reivew and completion of the '''User Data Risk Minimization''' and '''Alignment with Privacy Opearating Principles''' sections. | |||
#* Any bugs that need to be filled for information or alteration will be filled and set to blockt he review bug and the feature bug | |||
#* Document State - set to Document State - set to new ({{ok|}}) and a link to the public newsgroup for comments | |||
#** a link to the discussion thread should also be added to the '''Follow-up Tasks and Tracking''' section | |||
# The wiki will then be shared to: | |||
#* dev-platform | |||
#* security-group | |||
# This shall serve as the public comment to review the work done, ask furhter questions and add information or questions for follow-up | |||
#* The public comment time shall last for 7 calendar days | |||
# If new questions or items missed during the Privacy Champion review are uncovered they shall be added to the wiki and bugs filled as neccessary | |||
#* Items should be added to the '''Follow-up Tasks and Tracking''' section of the document for tracking | |||
# If no new information or comments are garnered then the public comment period shall be closed. | |||
# if a meeting is required to review any of the information that shall be setup between the Privacy Champion, the Product Champion and any other necessary parties | |||
# Once all bugs are sufficiently resolved and all follow-up items are resolved the Document State - set to new ({{done|}}) with any necessary information and teh bug for tracking the work shall be resolved | |||