Hi All - I love that our data practices are getting focus. Let me offer a few thoughts about what we are doing - so that we can get some alignment on our internal efforts.
The focus on data practices/polices is right. We need to have rules of the road and a clear focus on what we can/should/will do. Our legal, policy and privacy and security teams are actively working on this and we have awesome momentum. This is really important to me and to the executive team as a whole. We have data and security policies - and now we need to ensure compliance. We are asking each product owner to appoint an individual in their org that is responsible for working with the tiger team to document how that group is complying with the policies with respect to each type of data that is collected (e.g., why is the data necessary?, what is it used for? how is it protected? when is it deleted?, etc.). It is a cumbersome but very important process and we have buy in from each of the product leads to get this done. The teams are starting this next phase now. An important note is that a lot of this work has already been done - we care about this - but we just want it to be more put together in a framework that is easily digestible and has some conformity. This is what the tiger team is helping to get done. My ask is that we finish up this process so we can have an educated and standard output. I'm not being critical in any way of Ben's proposal (met with him today about it and I really love his initiative), I would just prefer that we allow the current process to conclude so that we have more structured practices before we embark on the next phase - whatever that might look like! Let me know what you think. denelle _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
