Write a Notify Privacy Analysis (PIA-lite)

[sharlychan-cds]

Give your user story a simple, clear title

Description

We have a draft Privacy Impact Assessment (PIA) for Notify. Work was started with TBS ATIP and we need to incorporate their comments, update and re-evaluate it since it was written. A formal PIA is not needed and we're working with OCIO PDPD on a Notify Privacy Analysis document (a PIA-lite).

The goal is to create a technical Notify Privacy Analysis with a privacy compliance-based govt audience. Will re-evaluate to see if we can adapt it to make it public and plain language.

Acceptance Criteria** (Definition of done)

• [x] Notify and OCIO exchange information
• [x] OCIO starts the first draft
• [x] Notify reviews and adds to comments
• [x] OCIO to review
• [x] Delivery policy review
• [x] Review by Notify PM
• [x] Review by devs/ SRE (flag specific questions)
• [x] Submit revisions to OCIO for review
• [x] Incorporate changes (if necessary)
• [x] Translation of Privacy Analysis
• [x] Communicate internally to CDS (STT?)
• [x] Evaluate whether content design should be done to make a public version
• [x] Consider if we should mention we have one in our Privacy Statement

[yaelberger-commits]

OCIO PDPD is working on this with our policy team

[amazingphilippe]

It changed, so Sharly needs to work on it

[sharlychan-cds]

Working on comments to return back to OCIO PDPD

[yaelberger-commits]

Please add your planning poker estimate with Zenhub @sharlychan-cds

[yaelberger-commits]

Sharly will meet with Kayla soon to accept comments

[YedidaZalik]

@sharlychan-cds working on and will chat OCIO in next day or so.

[YedidaZalik]

Sharly working on and in contact with OCIO

[YedidaZalik]

Meeting OCIO today

[YedidaZalik]

Met with OCIO and some changes accepted, now working on draft and will ask some questions to Yael and Josh early in week

[YedidaZalik]

Sharly is at a meeting with OCIO this morning :)

[adriannelee]

Sharly chatted with Nisa yesterday to get some answers. Blocked time on Friday with her to work on this.

Sharly will continue working a bit on this today.

[adriannelee]

Continued worked on this on Friday. Will be ready for review soon

[andrewleith]

• @sharlychan-cds to review comments this week

[YedidaZalik]

Moving to Sprint backlog until @sharlychan-cds returns Did some pairing before holidays with table of data we collect, show how collected, stored, use which is one of last pieces of work required.

[sharlychan-cds]

February 16, 2023: Sharly and Nisa (Policy) reviewed and sent back final comments to TBS. Waiting for their final approval. Next steps: Giving PM and Head of Notify a tl;dr review of the the document (and any edits needed) before accepting.

[sharlychan-cds]

Have a meeting with Josh, Yael to brief them today! Agenda here Privacy Analysis Document here

[sharlychan-cds]

Josh and Yael have accepted. Now to dev review for specific sections!

[sharlychan-cds]

Dev review https://docs.google.com/document/d/1oODAdd-O9j1JlzxzdVHiwXk3zRnNZj__/edit# for pages 5,7-11, 18-19

[sharlychan-cds]

@jimleroyer to review to see if the technical descriptions are still accurate https://docs.google.com/document/d/1oODAdd-O9j1JlzxzdVHiwXk3zRnNZj__/edit# for pages 5,7-11, 18-19

Does a deadline of Thursday March 16 work? We're hoping to move this along quickly 🙏

[sastels]

waiting for @jimleroyer / devs to review. Melissa might be reframing slightly.

[jimleroyer]

@mtoutloff @sharlychan-cds I reviewed and that looks great overall. I left a few comments. Please ping me if you have any question!

[mtoutloff]

Thanks @jimleroyer! Will review today and let you know if there are any questions.

[yaelberger-commits]

Melissa still reviewing remaining risks and syncing with Forms team

[yaelberger-commits]

Still with Jimmy for some final reviews

[yaelberger-commits]

Melissa has meeting with Jimmy this aft for remaining risk

[yaelberger-commits]

Melissa and Jimmy met about auditing Met with TBS about risk Melissa documented some key points, will review with Nisa Dependant on ISA signatures issue (PRDD says about Forms)

[YedidaZalik]

Melissa at monthly meeting with Privacy folks today so maybe waiting for info from PRDD or Forms team.

[mtoutloff]

Met with PRDD this morning and they are expecting to provide us their advice on the SIN collection for Forms this week. Once we receive it, I will review to see if it has any impacts on the risks identified in the analysis.

[YedidaZalik]

No update since last week.

[YedidaZalik]

No updates Still waiting on PRDD but majority of their team is out so moving to product backlog

[mtoutloff]

Emailed PRDD about their thoughts on the risks and to get their feedback. Received their response yesterday (June 20) and need to review

[mtoutloff]

Emailed final draft analysis to PRDD on June 27th, once reviewed it will be ready for approval.

[adriannelee]

Heard back from PRDD yesterday - they're good with our changes but taking through their management (approvals). They'll follow up on approval timelines shortly.

[mtoutloff]

Will be following up with PRDD this week for update on the status of their review

[mtoutloff]

PRDD review should be completed this week, next step will be to proceed to sign-off, back by the end of the week?

[mtoutloff]

Received minor comments from PRDD this week and made a few edits to address their comments. With Nisa for review.

[mtoutloff]

Sent back Analysis to PRDD for final review

[yaelberger-commits]

Melissa working on a briefing for Leanne and Josh. PRDD gave the thumbs up

[mtoutloff]

Draft briefing shared with Mohamed and Yael. Meeting set up to brief Leanne and Josh on Aug 9

[mtoutloff]

Will need to make some updates to the Analysis following transfer to ESDC. Waiting for more info from legal.

[mtoutloff]

Decided to finalize the Privacy Analysis with what we know so far following our transition to ESDC and can update it down the road if needed

[mtoutloff]

With Nisa for review. Meeting to brief Ioana set up for tomorrow

[mtoutloff]

Briefed Ioana, she's reviewing and once done will set up meeting with Leanne to brief and finalize.

[mtoutloff]

Ioana reviewed, will be briefing Leanne on Monday, Feb 5

[mtoutloff]

Briefed Leanne: She agrees that we can consider this version of the Privacy Analysis done and dusted: https://docs.google.com/document/d/1L3eLNGW7dJ776XADA7PvEIEbbOx5Uh7BRMicH7KRt4Y/edit#heading=h.1chp7uuqxp8x

[mtoutloff]

Sending to translation

[yaelberger-commits]

Confirm with Melissa next week if this has been sent to translation

[mtoutloff]

Still with translation

[mtoutloff]

Followed up with translation. The doc still needs to be proofread, but there have been many urgent requests, so it's been on hold for now

[mtoutloff]

Followed up with translation and they expect have it finished tomorrow (july 23)