It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Anonymizing issues - GDPR, European "General Data Protection Regulation"

Hi,

Regarding GDPR, European "General Data Protection Regulation" that is closer every day.

Is it possible to anonymize issues so that saved client name and contact details would be cleared also from history? This could be handled by replacing custom field values with "Anonymous" or some other string, but so that it would do it also to History tab. 

I think most of us would like to keep issues to have statistics and for knowledge base purposes, but customer details in issues are unnecessary when issue is solved.

Anonymous issue.png

I'm using on premises jira server (Atlassian JIRA Project Management Software (v7.3.8#73019-sha1:94e8771))

.

6 answers

Hi all,

if you need another option to deal with data anonymization and other privacy issues in Jira, please have a look at our app „GDPR (DSGVO) and Security for Jira“. It provides several tools to help you become GDPR/DSGVO compliant quickly and easily. There's also a version for Confluence.

Disclaimer: I work at Actonic, the vendor publishing the aforementioned app. I'm posting this because we want to provide high quality solutions and make them available to people who need them. I hope someone finds our product useful. Thank you.

Yeah, we are using it for searching for phone numbers in different EU regions, works good.

[Disclaimer: I work at Enhancera, and PII Protector is an add-on developed by us]

Please see if PII Protector for Jira is a good fit for your needs.

It can handle emails, phone numbers and postal addresses out of the box. Person names it cannot do at the moment, but something can be done to help with that using custom PII types.

Andy Heinzer Atlassian Team Apr 24, 2018

Hi @Alex Kaufman [Enhancera]

Thanks for contributing to this thread.   Please review our Atlassian Community guidelines for Marketplace vendors and Solution Partners.  Specifically we would prefer that Marketplace vendors identify their affiliation with their product when recommending it here on Community.  You can do this either by editing your display name on the site (See Leo's name above for an example), or you can add in a brief statement to your message to make it clear to other users that find this thread that you are the vendor of this product.

Thanks

Andy

Thanks for pointing this out Andrew. Didn't mean to hide affiliation. Done now.

Hey@Anu Alppiranta

I just wanted to let you now that there will be a new Jira app for anonymization by next week. An app for Confluence will be following shortly after. All the details are available already in the Atlassian Marketplace as well as in our Blog and website.

Disclaimer: I'm the product manager at the vendors company and am only posting this as the app does exactly what the initial question is all about.

Cheers, David

Hi David (& all others who have replied),

Thanks for your reply and tip.

Unfortunately this doesn't solve the issue. Our customer data is not jira users, it's name, email, phone number and address in few custom fields.

Your app would be great if I could select custom fields and and replace values with "Anonymous" and yes, I can do this with bulk change or transition already now. But app could be more capable and efficient on removing customer data also from History.
History is the pain point in my question.

Also encrypting the data is not a solution like @Leo proposed, I don't want to keep customer data at all after case is solved, just the issues. 

Regards,

Anu

0 votes
Andy Heinzer Atlassian Team May 22, 2018

Hi Anu,

Atlassian has been taking steps towards making sure that both our hosted services and our server/data center products can be made to comply with the new regulations of the GDPR.   I'd recommend checking out this article here on Community:

https://community.atlassian.com/t5/Compliance-articles/Server-GDPR-Support-Guide/ba-p/795066

In that article there are support guides for all the Server products.  The one I think applies here is JIRA Core, JIRA Software and JIRA Service Desk Server and Data Center GDPR support guides.  In that page there is a link for JIRA: Right to erasure

That link provides you specific steps you can take to eliminate the identifiable aspects of these user accounts.  In the case of your request where you are looking to remove historical values that appear for fields like summary, please see that last link's section called 'Handling PD in other entries'.  That section provides specific SQL scripts that you could use to change these values directly in Jira's database.   Of course we'd recommend that you create a backup of your database before you try this, and that you shut down Jira before making changes directly in SQL in order to make sure that the database caches are cleared after these changes are made.

I hope these help address your concerns.

Regards,

Andy

Hi Andy,

Thanks for the guidance and links.

Right to erasure works when customer asks to remove his/her data. But because it's based on searching individual's details, it cannot be used when removing data in bulk.

As GDPR defines also rules on the length of time personal data can be stored, we need to clear data regularly.

Solution, I'm looking for, must handle for example all issues created 2 years ago and clear or replace values from specified fields including history.

Cloning and deleting original issue was also mentioned, but then we loose Created date and that's quite important in statistics. 

 

Regards,

Anu

Andy Heinzer Atlassian Team May 23, 2018

But because it's based on searching individual's details, it cannot be used when removing data in bulk.

The scripts provided in those links I posted can do what you are looking for here.  They are not only for removing user details.  There are a lot of different SQL update statements in those scripts, because there are lots of different possible fields and locations in Jira where that user data could have been stored.  But each of these is laid out in a format of Search for 'oldstring' and update with 'newstring'. 

By using these SQL scripts, you can eliminate this user's data from Jira both in terms of the user accounts, and the historical issue data that might reference that individual in some way.

FYI - we have released an app that you can use to bulk anonymize data in Jira - either at the field level or for issue history/comments/attachments. 

Feel free to check it out here: 

https://marketplace.atlassian.com/apps/1219237/zorro-anonymizer?hosting=server&tab=overview

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira

The add-in you’ve been waiting for: Jira Cloud for Excel 🙌

Introducing Jira Cloud for Excel Here at the product integrations team at Atlassian, we are thrilled to announce the new Jira Cloud for Excel add-in! This add-in lets you export Jira data directly ...

841 views 5 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you