Closed yaelberger-commits closed 1 month ago
@YedidaZalik FYI this is the card for the issue you raised today at Notify 101 if you have any comments to add to the card
Question: Upon sign in for current users and upon sign up for new users?
I'm attaching screenshots of the current process to create an account. I only see the terms of use referenced on screenshot 1, in a link at the end of the page. Would it be worthwhile if the terms were a pop-up? Perhaps we could design so that the user would have to scroll through the pop-up and mark their acceptance of the terms as a step in account creation.
Hey team! Please add your planning poker estimate with ZenHub @adriannelee @amazingphilippe @sharlychan-cds @YedidaZalik
Suggestions from Content critique Aug 3,2022 Content critique Intention for notify or across websites Standardize
If part of flow, could we have a summary of what they agree to
Content model - basic - what are the parts of each of them - eg first part is who we are, 2nd agreeing, etc
Note stylistic differences- tone, terminology Table not fancy, split up different chunks
Anik's document: https://docs.google.com/presentation/d/1WMqfQpbHT-Uyo2V9Nl166JutJ_tkaWef7tG5Tz0T-AQ/edit#slide=id.g9a63b2221d_0_224
Janice - legality of summary
Consider settings as place to do this
Generator Many use Canada.ca terms
Propose for MVP team
If clear differences between jurisdictions
Follow laws of your own “Department and jurisdiction “
Accepting terms when going live is a very similar experience to what we're proposing here
First pass at itemizing content in policy docs. Next, I'll assess/consider other ways to organize this doc. In meantime, attaching in case it's helpful for current thinking around policy docs (the "Notes" column) @yaelberger-commits @sharlychan-cds Pls feel free to edit/change info in this doc, and/or to complete "Compulsory" column if helpful to you In this iteration, Privacy starts at row 5, Security at row 31, Terms of use row 61, SLA row 76
Content I would like to see in the Terms of Use
Prot A data (limits of email/SMS security)
PB MM
7 day retention
Do not share your API Key with anyone outside your team
Default limits per service 10 Million emails a year per service 25,000 text message parts a year per service 10,000 daily emails 1,000 daily text message parts 1,000/minute API calls
Remove pay for SMS above limit.
Need to have consent for SMS and email (especially for SMS)
When we design this we could consider alternative to check box suggested by Adam Silver in this video: https://www.youtube.com/watch?v=nhbd6PxcnKc
We'll bring this again to Story Refinement to decide details of the user flow and UI
Title for Forms for every log in is "Know your responsibilities"
3 places where Users will be forced to interact with ToU 1) Account Creation - full terms of use, users must scroll down, select button to agree 2) Every log in - point form headers of ToU, maybe a modal, users much select agree to leave the modal/page 3) (ALREADY EXISTS) At Request to Go-Live - point form step in the go-live process, no changes needed here
@andrewleith to hand off to yedida and phil for content and design
Feature was reviewed at Dev/Design review by the whole team Decisions:
Working on setting up research activity with 3-5 users
FR is back with a note from MSB with some choices FR is below the EN in this document https://docs.google.com/document/d/1Lg5GX8Fu8iPuVSDfMTKmMT2ICmh3cfjQFtAo0Q4sow8/edit
I reviewed MSB comments and noted my suggestion in the doc
Updated/finalized docs with Yael's suggestion.
Content ready to be implemented in both languages: https://docs.google.com/document/d/1Lg5GX8Fu8iPuVSDfMTKmMT2ICmh3cfjQFtAo0Q4sow8/edit
Research materials are with translation
Élise is working on translations. Hoping to have those back soon. Next: send invites
Still one PR to merge in admin #1848
translations are back. Sending recruitment emails today
Invites sent to 8 people
Waiting for responses
@andrewleith implementing the translations today
Merged a PR with a11y and design tweaks.
PR with translations merged last Friday. I found a few missing pieces and will do a PR to fix those. Also noticed some relative and absolute urls in the content. I will review those too.
Found a few missing pieces on the sign-up form:
Updated the Research Plan to include privacy section
Yael will send another batch of invites to find some participants.
A bit blocked at the moment because I don't have Phil's FR calendly link. Will see if I can find it today and send the second batch
Sent to remaining invitees today (27 in total)
Phil to send some follow up emails with his Service Canada email
We have 10 participants signed up for sessions. Next steps:
Completed two sessions so far.
4 sessions completed so far in EN, 1 in FR
2 more sessions today + note analysis and presentation. More FR recruitment to occur.
Final session today - will end the sessions after today.
Analysis is underway! Yael will present at Sprint Review Thursday
Description
Users are not required to accept terms of use upon login, leaving CDS open to liability potentially. Users have questions about how to properly use Notify and end up submitting a support ticket for answers.
WHY are we building? This is a security risk if left unchecked and leaves CDS open to liability. We're updating all of our Notify policy documentation to better align with current state and set expectations with users, and this is part of the suite Terms of Use acts as an information sharing agreement, so this enables organizations to use Notify without needing more authorities and paperwork
WHAT are we building? Implement a system use notification either via banner or landing page upon account creation and require users to click to accept acknowledgement of terms. The notice provided should be supplied or approved by CDS’s legal counsel or other approved party. Update content in our Terms of Use to better align with current state of Notify
VALUE created by our solution User assumes some risk and understands how to properly use Notify safely and securely in line with our Authority to Operate, in tandem with the new Security and Privacy Statements and SLA
Acceptance Criteria** (Definition of done)
Given an individual employee is creating a new account in GC Notify, when they go through the steps, then they must read and acknowledge the Terms of Use before creating their account so they understand their individual responsibilities.
Research checklist
Documentation and artifacts: Research folder for Usability Testing
Analysis https://docs.google.com/document/d/1x_AULftkVhmZ8D4uLKeU3Q9KS_HpGqo3HuMSMrkTukY/edit