668
edits
Data Safety: Difference between revisions
→Data Safety Policy & Process
No edit summary |
|||
| Line 8: | Line 8: | ||
Please don't change without permission. | Please don't change without permission. | ||
= Data Safety | = Data Safety Scope & Process = | ||
We strive to define an approach user data safety that is markedly different the industry norm. We believe users should be at the center of all data exchanges, and that we should store user data only when there is a measurable benefit to the user. | We strive to define an approach to user data safety that is markedly different than the industry norm. We believe users should be at the center of all data exchanges, and that we should store user data only when there is a measurable benefit to the user. | ||
Mozilla's offerings must embody the values of the Mozilla Manifesto and our Privacy Principles. We won’t sell or give away user data. We'll always explain what data we store and why we store it. We'll always work to let people leave and take their data with them, and we'll always explain what benefit users get from this data collection. | Mozilla's offerings must embody the values of the Mozilla Manifesto and our Privacy Principles. We won’t sell or give away user data. We'll always explain what data we store and why we store it. We'll always work to let people leave and take their data with them, and we'll always explain what benefit users get from this data collection. | ||
== | == Scope == | ||
Data Safety aims to address the internal and external concerns of increased user data collection, use and storage by Mozilla through a purposeful and thoughtful approach. We require that all proposals for new offerings that entail storage of personal data | Data Safety aims to address the internal and external concerns of increased user data collection, use and storage by Mozilla through a purposeful and thoughtful approach. We require that all proposals for new offerings that entail storage of personal data on Mozilla servers undertake a Data Safety Consultation and are approved by the project. Modifications to existing offerings that would either start storing user data or would change the safety properties of currently stored user data are also required to adhere to this process. Data Safety Consultations will be coordinated with, but will not replace, privacy and security audits, which will still be required once teams move into development phases for their offerings or modifications. | ||
Mozilla has created a Data Safety Team comprised of experts in engineering, operations, privacy, security, cryptography, and legal to lead the Data Safety Consultations and make recommendations that uphold our values and help to mitigate both organizational and user risks associated with personal data. | Mozilla has created a Data Safety Team comprised of experts in engineering, operations, privacy, security, cryptography, and legal to lead the Data Safety Consultations and make recommendations that uphold our values and help to mitigate both organizational and user risks associated with personal data. | ||
| Line 28: | Line 28: | ||
# '''Approvals:''' The Data Safety Team will take the outputs from the consultation and public input into account to make a final approval for a team to move forward with development. | # '''Approvals:''' The Data Safety Team will take the outputs from the consultation and public input into account to make a final approval for a team to move forward with development. | ||
Note that in some cases, the Data Safety and proposing teams may determine that no suitable alternatives exist to handling user data and/or public | Note that in some cases, the Data Safety and proposing teams may determine that no suitable alternatives exist to handling user data and/or public feedback was visceral enough to advise against moving forward with development. | ||
= Key Considerations for Data Safety at Mozilla = | = Key Considerations for Data Safety at Mozilla = | ||