What data is considered sensitive? E.g. is the report ID sensitive? No, but there are other things that could be clarified. Document this.
Combining with:
Documentation: how can we share PII and PHI? Where is it allowed? It is not allowed in Slack, Google Drive. It is allowed in Keybase, but should be deleted after use. What about our computers, Teams, Citgo/Citrix? This is a tricky conversation with our ISSO and others. The last thing we need is for Keybase to be removed and RS is still able to use it. This is a political conversation. Perhaps only select folks should pick-up this issue.
Tasks
[ ] Something.
Additional Context
Add any other context or screenshots about the work here.
DevEx/OpEx
What data is considered sensitive? E.g. is the report ID sensitive? No, but there are other things that could be clarified. Document this.
Combining with: Documentation: how can we share PII and PHI? Where is it allowed? It is not allowed in Slack, Google Drive. It is allowed in Keybase, but should be deleted after use. What about our computers, Teams, Citgo/Citrix? This is a tricky conversation with our ISSO and others. The last thing we need is for Keybase to be removed and RS is still able to use it. This is a political conversation. Perhaps only select folks should pick-up this issue.
Tasks
Additional Context
Add any other context or screenshots about the work here.