Page MenuHomePhabricator

Establish an easy and secure process for sharing confidential data
Open, MediumPublic

Description

Based on the discussion in T271202, there is no approved procedure for transferring confidential data to authorized users other than having them set up production SSH access and retrieve the data from there. This is secure, but not easy, mainly because of the inherent complexity in setting up and receiving SSH access and using the command line.

We should have a process that's both secure and easy. This will primarily require the approval of Legal, although SRE and Security would need a chance to review as well. If it involves the use of any new software, that will require the involvement of IT Services.

Event Timeline

LGoto triaged this task as Medium priority.
LGoto moved this task from Triage to Needs Investigation on the Product-Analytics board.

@nshahquinn-wmf to confirm the sharing process with Legal (does it require SSH access, or can we share with Google Drive?)

I've emailed Legal with the question.

The question is still in Legal's queue. I've just sent them a message asking for a status update.

We've gotten some details from Legal about the methods that are currently available. We still need to continue the discussion so I know how much I can document publicly.

We still need to continue the discussion so I know how much I can document publicly.

I just asked Legal about this.