I am trying to create an internal guide on how to raise a defect in JIRA Cloud software and what all information to include in the description. I have mentioned not to include PII data but worst case what if someone mentions it by mistake?
I can delete the JIRA defect on my end but do I need to delete it from other places like trash or backup or request Atlassian to remove from storage? Has anyone been in this situation and found out full proof way to protect data? I am not looking for plugins at the moment but would like to know what you all think.
PII/PHI is a topic we think about a lot at Polymetis Apps. Frankly – just as @Jack Brickey said – the safest way would be to delete the issue in question.
Simply editing the issue is not recommended, as any change would show up in the history like this:
...SOME PII... -> ...SOME REDACTED...
Interestingly, comments do not have a history, so if the PII shows up in a comment, it should be safe to just delete the comment.
Another thing to keep in mind that while Atlassian does not offer user-managed backups,
Hope this helps,
P.S. If you ever do change your mind about using apps, the marketplace has some options. While I do have a favourite, my strong recommendation would be to only use an app that does not export your data to a third party system.