Decisions

This wiki was generated from Allison Naaktgeboren's presentation, "Privacy Training: Starting the Conversation." Please feel free to copy this template and save it with your answers in an appropriate location. These are not intended to be an all inclusive list (just a start) so please feel free to add questions to your own template.

Privacy Reviews should be filed using the Project Kickoff Form. Feedback on the form is always welcome.

Big Picture Questions

The Data Life cycle

• Birth, life, death, zombie, inactivity

Interactions between Us and their Data

• How sensitive is this data, who should have access to it?
• Who will be responsible for the safety of that data?
• Who will make decisions about it when unexpected concerns come up?

Interactions between Users and their Data

• How will they see it? Control it? Export it?

Basics

• Does your product/feature generate user data?
• Metadata still counts
• Does your product/feature store user data?
• What kind of data & how identifying is it?
• Are there legal considerations to this feature?
• How do you authenticate users before they can access their data?
• Which person or position is responsible for the feature while it remains active?
• Who makes decisions after the product ships?

Categories

Things to think about by category. Not an all inclusive list, but a good start.

Benefits and Risk

• What is the benefit to users from us storing this data?
• What are the current alternatives available on the market?
• What is the risk to users from storing this data?
• What is the risk and cost to Mozilla from storing this data?
• Where are you going to store this user data? Whose servers?
• If not ours, apply above questions to them

Openness, Transparency, and Accountability

• Have the benefits & risks of this feature been discussed on a public forum like a mailing list?
• Should we exempt detailed discussion of handling really sensitive data?
• Where is the documentation for your tradeoffs and design decisions, with respect to the user data?

Contributors and Third Parties

• Are any third party companies or entities involved in this? (ex: Amazon AWS)
• Do we have a legal agreement governing what they can and can’t do with it?
• Who makes decisions about access to the data?
• Could volunteers or researchers access it?
• Do we have plans to release the dataset to researchers?
• What would we do to de-identify the data?

Identity and Identifiers

• Will this feature have a user identification?
• Is it possible to use this feature without supplying an identifier?
• How will the user manage this identification?
• Can they delete it?
• Who can see this identifier?
• Can the user control who can see their identifier?
• Can this identifier be linked to the real life identity?
• Can a single person have multiple identifiers/accounts?

Data Lifecycles and Service History

• Which person or position is responsible for the data&feature while it remains active? Ie, Who makes decisions after the product ships?
• Can a user see a record of their activities?
• What happens to an inactive account and its associated data?
• When is a user deemed inactive?
• How will you dispose of user data?
• What’s the security of the data in storage?
• How long would we retain the data?
• Who has access to the data at various stages?

User Control

• Is there a case where the user identifier can be deleted, but not necessarily the associated data?
• How can a user see their data?
• Can users delete data in this feature?
• What exactly would deletion mean?
• Is any of the data created by the user public?
• Can other users see it? The entire internet?
• What are the default user control settings for this feature?
• How could a user change them?

Compatibility and Portability

• Can the user export their data from this service?
• What format would it be in?
• Is it possible to use an open format for storage?