We should highlight that that users or TREEHOOSE are ultimately responsible for protecting data in-line with DPO guidelines, not the code owners (HIC/AWS).
AWS also recommend that we provide guidance on the type of data that can be put into TREEHOOSE. However I don't think we can do that since TREEHOOSE is aimed at multiple disciplines. Instead we should probably refer to the design docs and security controls, and state how HIC uses it as an example?
We should highlight that that users or TREEHOOSE are ultimately responsible for protecting data in-line with DPO guidelines, not the code owners (HIC/AWS).
AWS also recommend that we provide guidance on the type of data that can be put into TREEHOOSE. However I don't think we can do that since TREEHOOSE is aimed at multiple disciplines. Instead we should probably refer to the design docs and security controls, and state how HIC uses it as an example?
From https://github.com/HicResearch/TREEHOOSE/issues/58