Page MenuHomePhabricator

Make data access guidelines public
Open, NormalPublic

Description

office:Data access guidelines are not public, but they probably should be. They contain straightforward and sensible policies about how to protect private, sensitive data and there are a lot of benefits to publishing them:

  • Making them accessible to observers who want to verify the quality of our data protection practices (including community members who want to know how their own private data is handled)
  • Making them accessible to volunteers and researchers who have access to private data and need to follow these guidelines, but don't have access to Office Wiki
  • Making them more discoverable for staff who already have access, because most of our data documentation is on public wikis.

Potential obstacles:

  • The guidelines still seem a bit like a draft in some places (but this is a good reason to finish them)
  • Several of the descriptive parts are outdated, but this is a good reason to work on updating them (e.g. "This system is not yet in place, but should be in place by July 2017" or the assumption that data visualizations can only be done on local machines rather than WMF servers - this has since changed with the introduction of SWAP).
  • There could theoretically be legal considerations about publishing parts of it (but in this case the non-sensitive parts should be separated and published

Event Timeline

Nuria added a subscriber: Nuria.Mar 28 2019, 6:12 PM

I have no problem myself on making those guidelines public, if you want to move the document to wikitech please do so. Now, they really give the wrong impression that anyone can file a ticket and get access to this data (this is a regular request) while that is not the case.

Neil_P._Quinn_WMF updated the task description. (Show Details)
Neil_P._Quinn_WMF edited subscribers, added: Yair_rand; removed: Lea_WMDE.

I have no problem myself on making those guidelines public, if you want to move the document to wikitech please do so. Now, they really give the wrong impression that anyone can file a ticket and get access to this data (this is a regular request) while that is not the case.

Thank you, that's good to know! We also need to check with Security, which originally drafted the guidelines, and Legal to make sure they don't see any issues.

@JBennett, @APalmer_WMF, do you have any thoughts? You can email me if necessary.

Neil_P._Quinn_WMF triaged this task as Normal priority.Mar 28 2019, 6:30 PM
Neil_P._Quinn_WMF moved this task from Triage to Backlog on the Product-Analytics board.
Neil_P._Quinn_WMF renamed this task from Make data analysis guidelines public to Make data access guidelines public.Mar 29 2019, 1:12 AM
Tbayer updated the task description. (Show Details)Apr 2 2019, 5:59 PM
kzimmerman removed Neil_P._Quinn_WMF as the assignee of this task.Tue, Sep 10, 6:42 PM
kzimmerman added a subscriber: kzimmerman.

@JBennett @Nuria wanted to circle back on this and either prioritize work (if some cleanup of the documentation is needed) or decline it. Are those data access guidelines our source of truth for accessing data?

Nuria added a comment.EditedTue, Sep 10, 7:22 PM

It was certainly outdated, i edited it quite a bit.