Examples of our current decisions and policies that we want to capture and surface in this spike. This document can provide information and assistance to the data governance objective.
- 90-day data retention purge
- How we obfuscate data when retained
- How we link data (cannot link if identifiable)
- How we sample and how small wiki has to be for identification risk to be too high
- IP address handling and xform to geolocation
- Geolocation granularity
- Cookies, sessionStorage, or localStorage?
- What cookie TTL?
- Do we honor Do Not Track, or not?
- How many cookies are too many? What should they or should they not contain?
- What should be the maximum persistence for UUIDs? Should there be one?
- Should app_install_id be opt-in or opt-out? Should data collection as a whole be one or the other?
- Are there "essential" data that we can justify collecting all the time? Or no?
- What is our privacy budget? What fields reduce privacy the most? What can we do about it?