MPIC: Improve copy of risk acknowledgement checkbox
Open, MediumPublic1 Estimated Story Points
Actions

Assigned To

Authored By

	Sarai-WMF
	Oct 16 2024, 9:51 AM

Description

Problem

The copy of the risks' checkbox that users are required to mark before submitting their configurations presents a set of problems:

It currently only refers to "running an instrument", even in the context of the A/B test form. This is technically accurate, but might sound disconnected with the task at hand.

It is quite broad: it refers to the generic action of "running an instrument", rather than clarifying its relationship with the Security and legal review associated with the data collection project, or any other documentation available. [See considerations section]

The phrase "by proceeding" is usually used to gather implicit consent (i.e., simply continuing to use the tool or site constitutes agreement), while here users have to perform an action to input their explicit acknowledgement.

Considerations

Will all data collection artifacts registered through MPIC require a legal review? If the answer is no, then probably the fields in the Regulation section should be made optional, and we should use an alternative copy for the checkbox that, in order to cover all scenarios, refers to the risks in a more generic way. Providing a link to an overview of the mentioned risks (if/whenever that documentation is available) is strongly recommended if we opt for a more generic option. An example of that message could be: "I confirm that I have read and understood the [[ URL | risks associated with data collection ]]"

Acceptance criteria

The checkbox copy makes clear and explicit to users that they are acknowledging and accepting the specific risks outlined to them by the Security and Legal department or any available documentation

Details

	Subject	Repo	Branch	Lines +/-
	Metrics Platform Instrument Configuration: Deploying to production	operations/deployment-charts	master	+1 -1
	Metrics Platform Instrument Configuration: Deploying to staging	operations/deployment-charts	master	+1 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T378202 [Epic] MPIC: UI & Copy improvement implementation
Resolved	Sarai-WMF	T371928 MPIC: Style and UX review
Open	Milimetric	T377315 MPIC: Improve copy of risk acknowledgement checkbox

Event Timeline

Sarai-WMF created this task.Oct 16 2024, 9:51 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 16 2024, 9:51 AM

Sarai-WMF added a parent task: T371928: MPIC: Style and UX review.Oct 18 2024, 3:30 PM

Sarai-WMF updated the task description. (Show Details)Oct 21 2024, 12:11 PM

@VirginiaPoundstone: We've estimated this as a 1 because the engineering effort is the same regardless of which message we choose. Do you have a preference for the message?

phuedx moved this task from Incoming to Metrics Platform Backlog on the Experimentation Lab board.Oct 24 2024, 2:37 PM

"I confirm that I have read and understood the risks specified in the Security and Legal review"

This is my preference as a universal message. But what is " the Security and Legal review"?

The workflow is:

review the data publication guidelines and determine if your experiment or instrument is low, medium, or high risk.
If you're if your experiment or instrument is low risk, no action necessary. If if your experiment or instrument is medium or high risk, submit a L3SC request for review prior to configuration.
If an L3SC review is required, add a link to the results of the review in the "Security and Legal" field of the MPIC form (need to find out if legal reviews can be made public in the future). If a review is not required because the team determines that the experiment or instrument is low risk, then they write "low risk" in "Security and Legal" field.

@Sarai-WMF ( and @apaskulin ) given these step, what do you think about the following copy:

"I confirm that I have read and understood data publication guidelines. I have followed the risk assessment process and a have determined that the risk is low or I have followed the risk mitigation specified in the Security and Legal review."

Thanks so much for taking an in-depth look at this, @VirginiaPoundstone 🙏🏻 I think that checkbox copy is probably packing too many actions, though 🤔 Trying to simplify a bit more...:

"I confirm that I've followed the data publication guidelines and determined that this experiment/instrument is low risk, or that I have completed the necessary mitigations in case a Security and Legal review was required."

Alternatively (more costly), we could display a disabled checkbox next to the "Security and Legal" field that becomes active when users populate the field. This way, they could state that "I confirm that I have read and understood the Security and Legal review, and followed the specified risk mitigations.".

Hey, @VirginiaPoundstone. On the other hand, I was wondering why do users review Legal:Data publication guidelines instead of the Legal:Data collection guidelines. The latter sound more relevant. It's also what Alex shared with me when discussing which documentation would be helpful to link to from the risks' checkbox.

Sarai-WMF mentioned this in T373907: MPIC: Improve application copy.Nov 8 2024, 10:14 AM

Milimetric triaged this task as Medium priority.Nov 15 2024, 3:59 PM

Milimetric moved this task from Metrics Platform Backlog to MPIC Alpha Scope on the Experimentation Lab board.

Milimetric edited projects, added Experimentation Lab (Data Products Sprint 22); removed Experimentation Lab.Nov 15 2024, 4:18 PM

Milimetric edited projects, added Experimentation Lab (Data Products Sprint 23); removed Experimentation Lab (Data Products Sprint 22).Mon, Dec 2, 3:09 PM

Milimetric claimed this task.Tue, Dec 3, 2:54 PM

Milimetric moved this task from Sprint Backlog to In Process on the Experimentation Lab (Data Products Sprint 23) board.

milimetric opened https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/145

Change copy according to spreadsheet

Milimetric moved this task from In Process to Needs Review on the Experimentation Lab (Data Products Sprint 23) board.Thu, Dec 5, 6:52 PM

cjming merged https://gitlab.wikimedia.org/repos/data-engineering/mpic/-/merge_requests/145

Change copy according to spreadsheet

Maintenance_bot removed a project: Patch-For-Review.Fri, Dec 6, 12:30 AM

phuedx moved this task from Needs Review to To Deploy on the Experimentation Lab (Data Products Sprint 23) board.Fri, Dec 6, 10:07 AM

Change #1105431 had a related patch set uploaded (by Clare Ming; author: Clare Ming):

[operations/deployment-charts@master] Metrics Platform Instrument Configuration: Deploying to staging

https://gerrit.wikimedia.org/r/1105431

gerritbot added a project: Patch-For-Review.Wed, Dec 18, 8:27 PM

Change #1105433 had a related patch set uploaded (by Clare Ming; author: Clare Ming):

[operations/deployment-charts@master] Metrics Platform Instrument Configuration: Deploying to production

https://gerrit.wikimedia.org/r/1105433

Change #1105431 merged by jenkins-bot:

[operations/deployment-charts@master] Metrics Platform Instrument Configuration: Deploying to staging

https://gerrit.wikimedia.org/r/1105431

Change #1105433 merged by jenkins-bot:

[operations/deployment-charts@master] Metrics Platform Instrument Configuration: Deploying to production

https://gerrit.wikimedia.org/r/1105433

cjming moved this task from To Deploy to Done on the Experimentation Lab (Data Products Sprint 23) board.Wed, Dec 18, 9:02 PM

Maintenance_bot removed a project: Patch-For-Review.Wed, Dec 18, 9:32 PM

	F57618900: Screenshot 2024-10-16 at 10.46.45.png
	Oct 16 2024, 9:51 AM

MPIC: Improve copy of risk acknowledgement checkboxOpen, MediumPublic1 Estimated Story PointsActions