Data Collection: Difference between revisions

← Older edit

Data Collection (view source)

Revision as of 02:01, 29 January 2026

740 bytes added , 29 January

Removed mention of Pocket

Marniepw

30

edits

@@ Line 12: / Line 12: @@
 Data Stewards:
-* [https://people.mozilla.org/p/kennylong/ Kenny Long]
 * [https://people.mozilla.org/p/jhirsch Jared Hirsch]
-* [https://people.mozilla.org/p/adavis Alex Davis]
 * [https://people.mozilla.org/p/TheOne Andreas Wagner]
 * [https://people.mozilla.org/p/tlong/ Travis Long]
-* [https://people.mozilla.org/p/willkg Will Kahn-Greene]
 * [https://people.mozilla.org/p/p--n8wmyowcldls6pvp6ab1pj Roger Yang]
 * [https://people.mozilla.org/p/sancus :sancus]
@@ Line 26: / Line 23: @@
 * [https://people.mozilla.org/p/aminomancer Shane Hughes]
 * [https://people.mozilla.org/p/roux Roux Buciu]
+* [https://people.mozilla.org/p/groovecoder Luke Crouch]
-Data stewards come from a variety of teams within Mozilla, including data science, Firefox engineering, mobile products, Pocket, Common Voice, AMO, and Thunderbird. You are welcome to tag any steward for any collection request, without respect to the nature of your collection.
+Data stewards come from a variety of teams within Mozilla, including data science, Firefox engineering, mobile products, AMO, and Thunderbird. You are welcome to tag any steward for any collection request, without respect to the nature of your collection.
 Contact Us on Matrix https://chat.mozilla.org/#/room/#data-stewards:mozilla.org
@@ Line 46: / Line 44: @@
 * Data steward - the person who ensures the data collection process is followed and that requested data complies with Mozilla policies
-In some cases a data steward may escalate concerns to the Trust and Legal teams. They are the teams responsible for defining Firefox data collection policies and can field questions about internal policy and laws governing user privacy
+In some cases a data steward may escalate concerns to the Trust and Legal teams. They are the teams responsible for defining data collection policies and can field questions about internal policy and laws governing user privacy.
 Mozilla always strives to make data reviews public.  However, there are sometimes limited sets of circumstances when we may conduct our reviews in a private bug; for example, a service is part of an agreement where the partnership is not yet public.  These reviews will be made public once the actual data collection begins.
@@ Line 110: / Line 108: @@
 === Determine if you need to follow this process ===
-For any data collection that is classified as category 3 or 4 (described below) – including in pre-release channels and experiments – we require additional review to be performed and an announcement to a mailing list. The reason for this is that while our privacy policies describe what we can do without additional user notice, this is an upper bound; even for collection which fits within the policy, we need to determine whether that collection is appropriate and conforms to our overall commitment to privacy and minimization.
+For any data collection that is classified as category 3 or 4 (described below) – including in pre-release channels and experiments – we require additional review to be performed and an announcement to a mailing list. The reason for this is that while our privacy policies describe what we can do without additional user notice, this is an upper bound; even for collection which fits within the policy, we need to determine whether that collection is appropriate and conforms to our overall commitment to privacy and minimization. While a Data Steward may provide assistance with escalating a request or submitting it through the sensitive data review process, they are not part of the actual review of escalations. That is handled by a separate cross-functional team.
 === Create documentation and request review===
-As a first step, it is important that the details of the implementation, intended use, and value to users be clearly documented for future reference and efficient review. As soon as this is ready (we recommend as early as possible, before you move forward with the implementation), send an email to the [https://groups.google.com/a/mozilla.com/g/data-review data-review@mozilla.com] mailing list.
+As a first step, it is important that the details of the implementation, intended use, privacy analysis and value to users be clearly documented for future reference and efficient review. As soon as this is ready (we recommend as early as possible, before you move forward with the implementation), send an email to the [https://groups.google.com/a/mozilla.com/g/data-review data-review@mozilla.com] mailing list.
-The initial documentation from engineering/data stewardship and privacy/technical review should be completed as a prerequisite ahead of legal and security.
+The initial documentation from engineering/data stewardship and privacy/technical review should be completed as a prerequisite ahead of legal and security. Please ensure that your documentation includes privacy analysis that explains what privacy mitigations there are and how it reduces any potential risk from the additional data collection (e.g. data minimization, OHTTP, etc.). The Sensitive Data Review team can assist with further elaborating or clarifying parts of the privacy analysis, but your review will go quicker if you first provide the team with an explanation on how the data and privacy preserving methods chosen fit into the specific context.
 {| class="wikitable"
@@ Line 122: / Line 120: @@
 ! Risk Assessment !! Owner !! Facilitator
 |-
-| Privacy/Technical Review || Office of the Firefox CTO || Martin Thompson
+| Privacy/Technical Review || Office of the Firefox CTO || Martin Thomson
 |-
 | Legal/Trust Review || Legal || Nneka Soyinka
 |-
-| Security Review || Office of the CSO || Marc Perreault
+| Security Review || Office of the CSO || Alex Heartsfield
 |-
-| Data Review || Data || Mark Reid
+| Data Review || Data || Arkadiusz Komarzewski
 |}
 Facilitators (named above) are expected to express judgement about how much risk is involved and will involve the appropriate reviewers.
-If the level of risk is determined to be low enough and/or there is clear precedent, further discussion may not be necessary and each reviewer may give a sign-off immediately; otherwise, mitigations should be incorporated and documentation updated once they have been addressed. Live discussion is often very helpful – and should be planned for – when there is significant risk involved.
+If the level of risk is determined to be low enough and/or there is clear precedent, further discussion may not be necessary and each reviewer may give a sign-off immediately; otherwise, mitigations should be incorporated and documentation updated once they have been addressed. Live discussion is often very helpful – and should be planned for – when there is significant risk involved. One reviewer (after consulting with the full group), is permitted to approve on the group's behalf.
 Data collection may not be shipped to users until final sign-offs have been obtained.