MozillaWiki

Data Safety: Difference between revisions

Page Discussion

Data Safety (view source)

Revision as of 00:40, 17 February 2012

591 bytes added ,  17 February 2012
→‎Criteria
Line 71: Line 71:
==  Criteria  ==
==  Criteria  ==


To ensure appropriate oversight and governance over how Mozilla collects, uses and/or retains user data in the product development lifecycle and product functionality, three key conditions apply:
Not everything Mozilla does with personal data requires consultation and approval from the Data Safety Team before being developed. It's important for product and engineering teams to consider various data architectures and weigh the pros and cons associated with those models.
 
Based on existing models, expertise and input from across the Mozilla community, there are primarily three data architectures that we utilize as an organization:
 
# Client-Side
# End-to-End Encryption
# Hosted/Cloud
 
For teams utilizing either client-side or end-to-end encryption as their architecture for user data, there is no requirement to work with the Data Safety Team. Both of these approaches facilitate direct user control over their personal data and reduce Mozilla's security, privacy and legal requirements to safeguard this data. For teams that need to use hosted user data either on Mozilla servers or via a contracted hosting provider and that is accessible by Mozilla staff, contributors or developers, then prior consultation and approval is required.
 
The following table highlights the criteria and review requirements by each data architecture:


<table style="border-color: #000000; border-width: 1px; border-style: solid; width: 80%;" border="1" cellspacing="0" cellpadding="0" align="left">
<table style="border-color: #000000; border-width: 1px; border-style: solid; width: 80%;" border="1" cellspacing="0" cellpadding="0" align="left">
Line 79: Line 89:
</tr>
</tr>
<tr>
<tr>
<td style="width: 20%">&nbsp;</td>
<td style="width: 15%">&nbsp;</td>
<td style="text-align: center; width: 20%">Client Side</td>
<td style="text-align: center; width: 20%">Client-Side</td>
<td style="text-align: center; width: 20%">End-to-End Encryption</td>
<td style="text-align: center; width: 20%">End-to-End Encryption</td>
<td style="text-align: center; width: 20%">Hosted/Cloud</td>
<td style="text-align: center; width: 20%">Hosted/Cloud</td>
Line 94: Line 104:
<p>Data Safety Approval</p>
<p>Data Safety Approval</p>
</td>
</td>
<td style="text-align: center;">
<td style="text-align: center;">N</td>
<p>N</p>
</td>
<td style="text-align: center;">N</td>
<td style="text-align: center;">N</td>
<td style="text-align: center;">Y</td>
<td style="text-align: center;">Y</td>
Line 127: Line 135:
<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR><BR>


No Data Safety Review is needed if your proposed product and/or project has an architecture employing user-controlled key encryption without Mozilla access or where data stored on the user’s client or device is under the user’s control. If you need / want to use hosted data that can be accessed by Mozilla staff, contributors or developers, then a Data Safety review is required.
Note that everything Mozilla does with personal data requires Security and Privacy reviews to be conducted during the development lifecycle. You can find more information about these reviews here:
 
Everything Mozilla does with personal data requires Security and Privacy reviews, just as it does today. You can find more information about these reviews here:


* Privacy Reviews
* Privacy Reviews
Afowler
Confirmed users
152

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/398649"