Open repo-mountie[bot] opened 1 year ago
Sent email to 'healthinformationprivacy@gov.bc.ca'. Anticipated answer to be "not-required"
Got the following response from Vinicius Cid @ Health Information Privacy HTLH:EX:
Hi Andrew,
I don’t believe a PIA would be needed for the associated repo. I’d check in with our security team at HLTHInfoSec@gov.bc.ca to see whether there’s any associated security requirement with your work (though I don’t think you’d need to do a STRA or anything of the sort).
TL;DR 🏎️
Your repo is missing a compliance audit file so I've created this PR with a template that you can update with the correct PIA and STRA status (status options in the table below). If you'd like me to do this for you, skip to the commands section below.
Compliance
Projects in our organization (bcgov) need to complete a Privacy Impact Assessment (PIA) and Security Threat & Risk Assessment (STRA) before they go live in production. Since every ministry has their own way of doing both the STRA and PIA we don't enforce that projects do them, only that they report on the current status.
To help with reporting, I've added a compliance audit file as part of this pull request. Please checkout this branch and edit update
status
as needed. Here is a table of possible states:Here is what a completed audit file might look like:
For more information check out the BC Policy Framework for GitHub.
Pro Tip 🤓
Commands 🤖
I can update the status of the PIA and STRA for you; you'll just need to merge the PR when I'm done. You can find the available
status
values in the table above. Below are some commands I understand:Examples