Open sharlychan-cds opened 2 years ago
Policy needs to work with SRE and devs (or maybe using AWS PIA documentation to fill in info gaps)
@sharlychan-cds has this mostly been done through our Privacy Analysis? I'd like to icebox this for now if so.
Give your user story a simple, clear title
Description
We need to have more granular and standardized documentation of how data flows between Notify and third parties for various documents (e.g. privacy/ security statement, PIA). Starting documentation here
WHY are we building? We need to be able to describe what’s being shared and retained so users can be fully aware and have trust. If not, we run the risk of a data breach and we also have different responsibilities to PTs. If we don't figure this out, we run the risk of losing trust with our users.
If we have clear sight on our data flows and document them well, we will be able to have clearer public documentation to share with our users and inspire trust.
WHAT are we building? VALUE created by our solution
Acceptance Criteria** (Definition of done)
Fill out the template for the following:
To be refined through discussion with the team
Given some context, when (X) action occurs, then (Y) outcome is achieved