Closed Bug 856102 Opened 12 years ago Closed 12 years ago

Privacy review for new vendor

Categories

(Privacy Graveyard :: Vendor Review, task)

Product:
Privacy Graveyard
Component:
Vendor Review
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: cschauer, Assigned: smartin)

Details

(Whiteboard: vendor approved)

Attachments

(4 files)

Experientia SOW
1.68 MB, application/pdf
Details
Mozilla Vendor Privacy Questionnaire
132.87 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document
Details
Experientia's answer to Privacy review
25.56 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document
Details
Mozilla Release form
48.71 KB, application/pdf
Details
Attached file Experientia SOW
The User Experience Research team is hiring the consulting firm, Experientia, to help us conduct user research in Europe for Firefox OS. We need a privacy and security review. I've attached the SOW for reference. This bug should reference Bug#856099 - the legal bug for contract review.
Hi Cori - Can you send them this questionnaire? They can mark n/a to anything that doesn't apply - it's a standard form we use for all vendors who have access to personal data.
Hi Stacy & all - attached is Experientia's responses to the Privacy Review questions. Thanks!
Hi Cori - This looks good. Can you attach a sample of their release form? Also, can you ask whether age can be used rather than birth date, since age is less sensitive?
Hi Stacy - Actually, we'll use our Mozilla release forms instead of their release forms. Do you still need a copy of their form? In terms of age v birthdate, this is used for recruiting purposes and we can make sure to collect age rather than actual birthdate. That is a very easy change to make. I will let them know.
Hi Cori - Yes, please attach our release form. I think I've reviewed it before, but it's been a while. Thank you for changing birth date to age.
Attached file Mozilla Release form
Hi Stacy - Here's our release form.
Hi Cori - This looks good. You can move forward with this vendor. Do we make any representations to participants about how we will store their information, how long we'll keep it, etc? I'm wondering if we could state that we will handle it in accordance with our privacy policy and add a link to our policy to the release form? I'll mention the idea to legal. It's not to hold up your project, just something to consider going forward.
Status: NEW → ASSIGNED
Whiteboard: vendor approved
Hey Stacy, I don't think we do this right now, but is an interesting thing we should probably do. Liz will definitely know more. Thanks!
Hi Stacy - That's a good idea. Do you mind submitting a legal bug to update the user studies release form with a privacy policy reference so it'll on my radar?
Closing as complete. I think we'd decided not to add the privacy policy link to the release form.
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: