Identify and Scope Removal of PII (Drupal username/email address) in Datadog

[gracekretschmer-metrostar]

User Story or Problem Statement

As OCTO Lead Security Engineer, I need to understand the where there is PII leak from Drupal data in Datadog, how it impacts users, and level of effort to remove that data.

Description or Additional Context

If there are other instances where employee emails are used in Data Dog, scope out those instances (including level of effort) and then regroup with Jonathan about how he wants to move forward. Note: in Drupal CMS, the username is the user's email address.

Guidance on what is PII by VA Security

• https://dsva.slack.com/archives/C01CJV0L9PS/p1725992605856549

Steps for Implementation

• Audit the data within Data Dog and identify queries where Drupal's username and/or email address are used.
• For each instance where it is used, identify the level of effort to remove the username and/or email address, scope of impact to users, and identify if the data needs to be replaced with UID.
• Synthesize each finding into a task ticket in Github.

Acceptance Criteria

• [ ] A documented understanding of all the areas where username or email address is used in Data Dog that can be used by VA Platform Security (Jonathan Kamens, specifically) and CMS team to understand a path forward for a mitigation plan.

Tickets

• https://github.com/department-of-veterans-affairs/va.gov-cms/issues/19177

[gracekretschmer-metrostar]

9/12: I met with Edmund and he's going to own completing this audit and get with Tim to understand if there's any way that we can put a filter within Drupal to block employee emails from getting sent to Data Dog.