Page MenuHomePhabricator
Create Task
Maniphest T276955

Develop comprehensive process, guidelines, and roles for Event Platform stream sanitization
Open, MediumPublic
Actions

Description

Acceptance criteria:

  • Well-defined process for adding streams to the allowlist or making modifications ("well-defined" meaning data practitioners and engineers have a clear set of steps to follow)
  • Clearly-defined/scoped roles – who can review/merge, who needs to sign-off/approve (e.g. Legal) and when
  • Agreed-upon syntax for specifying retention policies for streams within the allowlist file (or files?)
  • Update the sanitization job (that sanitizes event data from Event Platform streams according to retention policies specified with the allowlist system from T273789) to support arbitrary retention periods because sometimes Legal approves 180 days and sometimes 270 days

Unresolved questions:

  • When (if at all) should users request allowlist change reviews from Security, given that the Security team is limiting how many reviews they perform?

Related Objects
Search...

Event Timeline

mpopov created this task.Mar 9 2021, 4:37 PM
Restricted Application added a project: Analytics. · View Herald TranscriptMar 9 2021, 4:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
mpopov added a project: Product-Analytics.Mar 9 2021, 4:38 PM
mpopov mentioned this in T273789: Sanitize and ingest all event tables into the event_sanitized database.Mar 9 2021, 4:40 PM
kzimmerman moved this task from Triage to Tracking on the Product-Analytics board.Mar 9 2021, 6:08 PM
nshahquinn-wmf subscribed.Mar 9 2021, 6:09 PM
Ottomata moved this task from Incoming to Security Maturity and Data Privacy on the Analytics board.Mar 11 2021, 6:09 PM
Ottomata added a subscriber: Milimetric.
Milimetric triaged this task as Medium priority.May 10 2021, 4:04 PM

This feels to me like it will be part of the data governance effort, so definitely something I care about

Ottomata added a parent task: T296848: [SPIKE] Collect backlog of data security / privacy design choices for future data governance.Dec 9 2021, 5:38 PM
Maintenance_bot added a project: Data-Engineering.Dec 9 2021, 5:46 PM
odimitrijevic removed a project: Analytics.Jan 6 2022, 12:03 AM
odimitrijevic moved this task from Incoming (new tickets) to Security & Governance on the Data-Engineering board.
Restricted Application added a project: Analytics. · View Herald TranscriptJan 6 2022, 12:03 AM
odimitrijevic removed a project: Analytics.Jan 11 2022, 11:22 PM
Restricted Application added a project: Analytics. · View Herald TranscriptJan 11 2022, 11:22 PM
JArguello-WMF moved this task from Security & Governance to Datasets on the Data-Engineering board.Jun 29 2023, 11:33 PM
JArguello-WMF moved this task from Datasets to Event Platform Backlog on the Data-Engineering board.
JArguello-WMF added a project: Data Engineering and Event Platform Team.Jun 30 2023, 4:30 PM
JArguello-WMF moved this task from Data Eng Backlog to Event Platform Backlog on the Data Engineering and Event Platform Team board.Jun 30 2023, 4:38 PM
lbowmaker removed a project: Data Engineering and Event Platform Team.Nov 10 2023, 2:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL