Page MenuHomePhabricator

Editing Data Map
Closed, DeclinedPublic1 Story Points

Description

  • Map out all the datasets used by the Editing team including datasets "in transit" (e.g. data in Kafka)
  • Draft data access guidelines

Hi!

Staff from various teams have asked for a clear set of rules to follow for how to handle personally identifiable information. So Legal & Security want to harmonize access policies and practices among WMF staff as much as possible for personally identifiable information. We have a data retention policy, an access policy for community members, and ask people from outside WMF to sign an NDA, but our staff access practices vary across teams, and we don't have a comprehensive idea of where data sits or how it flows through WMF.

First, the data map: We'd like to know what personal data WMF collects and uses. So we're asking teams to fill out a spreadsheet about the data sets that they use and have control over. To give a sense of the level of granularity, here are examples that Editing and Discovery are currently filling out. The idea is to take the info from each team to create a single data map that all staff can easily refer to.

Second, a staff access policy: Last year, Discovery drafted a Data Access Guide. We'd like to use that as a starting point for other teams to tailor to their own needs, since some teams handle a lot more personal data than others. But having too many people work off one Google Doc is messy. So please make your comments, edits, and suggestions to the draft provided here, and we'll consolidate them. Eventually, each team can decide whether it's better to adopt a general guide, or to draft one more specific to their needs.

Finally, as to timing, the idea is to have all teams take a first pass at filling out the spreadsheets by the end of May.

Links:

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 20 2016, 11:33 PM
kevinator set the point value for this task to 1.Apr 20 2016, 11:34 PM

How does it make sense to have per-department access guidelines when private data is not separated by department?

SPong added a subscriber: SPong.Apr 29 2016, 5:40 PM

How does it make sense to have per-department access guidelines when private data is not separated by department?

Alex, sorry for not being more clear. The idea is to adopt access guidelines that apply to all or most teams. First, we'd like each team to add comments and suggestions to the draft doc. Having a dozen teams work off one Google doc would be confusing, so we're giving each team a clean draft to comment on.

SPong updated the task description. (Show Details)Apr 29 2016, 6:38 PM
SPong updated the task description. (Show Details)

The discovery data sharing guideline does not seem to address non-staff with NDAs

Neil_P._Quinn_WMF triaged this task as Normal priority.Jul 26 2016, 5:39 PM
Neil_P._Quinn_WMF lowered the priority of this task from Normal to Low.Aug 8 2016, 8:26 PM
chasemp closed this task as Declined.Sep 4 2018, 3:33 PM
chasemp added a subscriber: chasemp.

Based on age and activity I'm closing, please reopen if that is incorrect :)