1893170 - Add (disabled for now) herald rules to provide helpful comments for data review process

Status: RESOLVED FIXED

(Conduit :: Phabricator, defect)

Description

[:Gijs (he/him)]

This is a request for 2 herald rules. They should be disabled for now.

When needs-data-classification is added

Condition:
when the needs-data-classification tag/project is added to a differential revision

Action:
Leave the following comment:

This revision changes [how Firefox collects data](https://wiki.mozilla.org/Data_Collection>), so it needs a data-classification tag.

If you (the patch author) are adding new or modifying existing data collection, you and your reviewer(s) should judge how sensitive this
data is, using the [data collection categories Mozilla uses](https://wiki.mozilla.org/Data_Collection#Data_Collection_Categories). If the data you are collecting fits in either the Category 1 “technical data” or Category 2 “interaction data” described there, please add the `data-classification-low` tag. If it’s any other category, or you and your reviewer(s) disagree, please add the `data-classification-high` tag, and go through [the sensitive data collection review process](https://wiki.mozilla.org/Data_Collection#Step_3:_Sensitive_Data_Collection_Review_Process). If you think that the data in question fits in “technical” or “interaction” data but would benefit from additional review, you can also explicitly choose to use the `data-classification-high` tag and thereby opt in to the sensitive data collection review process.

When using Glean for the data collection, the data classification of the new or expanded data collections should match the `data_sensitivity` property in the metric definitions.

If you are removing data collection, or are making mechanical changes to these files that do not add or modify what data is collected, change when or how it is collected, please add the `data-classification-unnecessary` tag.

If you are unsure or feel uncomfortable making this assessment yourself, please ask the `#data-stewards` group for help.

Whichever tag is used, please **leave a comment explaining this choice**. Note that Lando will not be able to land this revision until the revision has one of these tags and the `needs-data-classification` tag is removed.

Finally, you as a patch author are encouraged to add the right tags yourself, but your **reviewers are responsible for making sure the right tag is used**.

(with the tag references and #data-stewards ref to be "normal" links to the relevant bits on phabricator - not sure how best to represent that in a bugzilla comment)

When data-classification-high is added

Condition:
when the data-classification-high tag/project is added to a differential revision

Action:

• Add the #data-stewards group as a blocking reviewer
• Leave the following comment:

This revision is now going through the [sensitive data review process](https://wiki.mozilla.org/Data_Collection#Step_3:_Sensitive_Data_Collection_Review_Process). As a patch author, please follow the steps described in that process by:

1. Documenting the details of the implementation, intended use, and value to users for future reference and efficient review.

2. Attach a filled in copy of the [request template](https://github.com/mozilla/data-review/blob/main/request.md) to the bug, marking the content type as text/plain.

3. Emailing the [data-review@mozilla.com](https://groups.google.com/a/mozilla.com/g/data-review) list with the details from step (1) and (2)

More details on the rest of the process are [on the wiki](https://wiki.mozilla.org/Data_Collection#Step_3:_Sensitive_Data_Collection_Review_Process).

Someone from the #data-stewards group should approve this revision for landing if/when the review process is complete and approval is given.

Comment 1

[David Lawrence [:dkl]]

https://phabricator.services.mozilla.com/H440
https://phabricator.services.mozilla.com/H441