Page MenuHomePhabricator
Create Task
Maniphest T328797

[SPIKE] Can we allow organizers to export PII data?
Closed, ResolvedPublic
Actions

Description

Background/Goal

To fulfill the requirements of T321822, event organizers not only need a way to collect participant data on an opt-in basis, but also view the data and access it whenever they need it.

@gonyeahialam has designed a "Report" tab in the organizer view (T322751), but the engineers have indicated that this solution will be too complex to implement for a first iteration. We think an export to CSV feature might be an interim solution, but are concerned about 1) data privacy risks; 2) handling of exports before and after the 90-day aggregation/de-identification boundary (ref). Thus, there is a Legal/Privacy/Trust & Safety component AND a technical component to this investigation.

User stories
  • As an event participant, I want to trust that any personal information I provide during the event registration process is safe, in accordance with https://foundation.wikimedia.org/wiki/Privacy_policy.
  • As an event organizer, I want to view collected information about my event participants in a way that is clear and organized, so that I can better understand who is showing up to my events, report out demographic information to stakeholders or grant officers, be able to identify any gaps that need to be addressed, and understand how I can best serve the needs of my participants.
Acceptance criteria
  • Review the exporting idea with Legal, Privacy, and Trust & Safety and documented their recommendations. We will batch this question with other project-related questions we have compiled.
  • If we are given the go-ahead, understand & document the technical requirements of exporting PII data and the implications for aggregating/de-identifying.
Open questions

[to come]

Related Objects
Search...

Event Timeline

ldelench_wmf created this task.Feb 3 2023, 6:17 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 3 2023, 6:17 PM
ldelench_wmf triaged this task as Medium priority.Feb 3 2023, 6:24 PM
ldelench_wmf moved this task from Backlog to To be Estimated/Discussed on the Campaign-Tools board.
Iflorez subscribed.Feb 8 2023, 6:29 PM
ldelench_wmf mentioned this in T322332: Participants can provide optional PII info when registering for an event (MVP).Feb 24 2023, 7:48 PM
ldelench_wmf mentioned this in T321822: [EPIC] Participant Questions - MVP.Mar 3 2023, 6:00 PM
Iflorez mentioned this in T331351: review campaigns-product items for Legal, Security, Privacy Reviews: V1 PII questions discussions.Mar 6 2023, 8:05 PM
Iflorez mentioned this in T334633: Help the Campaigns team decide on PII questions/answers, storage length, and MVP aggregation.Apr 12 2023, 10:57 PM
ldelench_wmf updated the task description. (Show Details)Apr 28 2023, 8:44 PM
ldelench_wmf closed this task as Resolved.Apr 28 2023, 8:54 PM
ldelench_wmf claimed this task.

We have removed exporting from the MVP scope (T321822), but Legal, Trust & Safety, and Privacy Engineering have provided input here (this doc is accessible by WMF staff). There are pros and cons we should weigh before deciding to implement exporting in the future.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL