Personal Data Monitoring

Last updated 27 days ago

The module allows you to search personal content in issue summary, description or comments.

Use cases

Preparing test environment

Task: prepare a copy of production environment to test, development of new plugins, uat test, etc. Test environment should not contain personally identifiable information.

Steps:

  1. Open Personal Data Monitoring

  2. Check that search scope doesn't contain any JQL to search through all tickets

  3. Run search PII content task and wait for results

  4. Run anonymization task for all found issues. It may take hours for big data volumes

Expected result: test environment doesn't contain emails, bank card numbers, etc.

Overview

Personal Data Monitoring module is used for searching Personally Identifiable Information, such as:

  • Payment card numbers - unique identifiers which can be found on any types of cards (credit, debit, stored - value cards, gift and other ones)

  • Social Security Numbers (SSN) - nine digit numbers issued to U.S citizens, permanent residents and non-immigrant working residents, for social security purposes

  • Phone-numbers sequence of digits assigned to a fixes line telephone subscriber station connected to a telephone line or a wireless electronic telephony device, such as a radio-telephone or a mobile telephone

  • E-mail addresses- email boxes to which messages are delivered

Required permissions

Jira Administrator, Jira System Administrator

Preconfiguration

Important. Don't forget to set the "Service User" name which will be used to search and anonymize found content.

You can define the scope of issues where the module will try to find PII content using JQL. All other tickets, not covered by JQL, will be skipped.

You can also use search by attachments. If you select "Search by attachments" only files of some special types will be scanned. The list of supported file types: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .txt, .html, .csv.

For the first search click "Scan tickets for PII" and wait for task to be finished. If you need to cancel the operation and define the search scope, click "Stop current task" to interrupt the search task.

Search operation is absolutely safe and doesn't change the content. You can abort it and run again at any time.

Filtration

After the search is completed you can see all found PII content in a result table. You can use filter by JQL, affected field or sensitive content type.

Affected fields may be: "Summary", "Description", "Comment", "Attachment", "History".

All found items may be sorted by: "Date listed", "Project", "Issue", "Field", "Content type".

Filtered items may be marked with "Add row to ignore list" to remove them from anonymization scope.

Anonymizaion

Please pay attention than anonymization process is not revertible! Please check it on development server first.

Anonymization will be applied only for fields: "Summary", "Description", "Comment", "History". All affected attachments will not be anonymized. You should anonymize\delete them manually.

Anonymization will be started as a separate task and can be aborted. You can break anonymization operation at any time and start again later.