Closed struan closed 1 year ago
@zarino Patched together DPIA above from our Neighbourhood Warmth – Plan for Alpha stage with a few assumptions. Are you happy to review please? Ta!
Thanks for starting this, @sequencefree!
I think, on balance, we probably don’t need to have done a DPIA for this project – the only data we’re collecting out of the ordinary is some users’ home addresses, but it’s borderline as to whether you’d class that data as posing a "high risk to the right and freedoms" of individuals – it certainly doesn’t meet any of the ICO’s criteria and doesn’t feel as obviously dangerous as any of their examples of high risk data – but hey, there’s no harm in doing a DPIA when we’re not sure. It’s all good practice!
I’ve made some changes to the document. We can discuss them if you’d like to know why I changed what I did.
There are some things we’ll still need to do – like adding a privacy policy to the site, and explaining how and why we’re collecting the data at signup.
Thanks Zarino!
Really helpful to understand your approach to this. I found the ICO checklists that our wiki page signposts a bit baffling, but the section and page you've pointed to above seems like a much better starting place for figuring out whether to even create a DPIA.
I skipped straight to creating a DPIA as I thought that might take less time than figuring out whether we needed to do one or not so I've updated the wiki page with your links and resisted the urge to create a flowchart.
Created a ticket to Create Privacy Policy #43 and commented on #27 re: user consent but haven't closed this ticket as I think we still need to resolve who will keep this DPIA under review.
Hope that helps!
Adding a note here that we should review whether the site even needs to store the address details at all.
We currently store the three address lines, and postcode line, as part of the Team
model … but I guess really all it technically needs to store is the latitude/longitude (centroid
, in the model above).
Still, we want to ask people to supply their address, because we have a research question around how comfortable people will be with sharing information about themselves / their home, and asking for their address feels like a simple way to test this.
But yeah, just because we ask for it, doesn’t mean we need to store it…
Is this ticket 'done' Sion?
Yes, done now!
Next steps
Background
Struan suggested may not need to a be a full one.