we are using Jira a lot here in Germany. Almost always we will have international team members spread around the world to use Jira.
Jira provides a lot of functionality around tracking status and reporting, examples: Burn-Down chart or individual team member contribution.
Unfortunately this is a serious problem in Europe and especially in Germany as there is a data protection / privacy law in Europe / Germany, not allowing access to personal data outside of the EU unless you apply certain (difficult) measures. Personal data is any data (in Jira) that can be mapped to an individual person.
Is there any legal department in Atlassian that has thought about such privacy problems or does Atlassian even have procedures in place how to use Jira in an international environment while being compliant to the laws?
ps: Some more details:
To be compliant (!) with the law options would be needed that certain data can be seen in detail only by very limited group of people.
It would be needed for example support for a scenario that a Scrum Master can see only the details of his own team but not the details which team member of another Scrum team has reported on his tasks. Similar for team members. Any team member should see maximum only details of its own team but not from any other team.
That's the reason a lot of Europeans can't use Atlassian OnDemand - with hosting in the US, it's subject to the Patriot Act, which is almost always an automatic breach of European privacy law (assuming Jira is holding personal details on users. Such as email addresses)
I'd be interested in Atlassian's opinion on this too, as I've got clients who would benefit from OnDemand, but simply can't at the moment - their lawyers instantly say "no" and walk away.
i received now several emails from the system to accept an answer or do something else. I was also aksed to "Please be a good Answers citizen!", while i have received 0 answer from you.
Actually i am very much disappointed to see things like that. Since May Atlassian has not provided a single statement on an important legal question while Atlassian earns money by selling licenses to companies.
I think that's a little unfair on Atlassian, although I do realise that what I am about to write does not seem to have been said to you before, so your annoyance with them is down to failed communication on both sides.
"Answers" is a community of Atlassian users. It is not Atlassian. They provide the site. They have accounts, they read the questions and answers, they do some moderation, and they very much get involved in answering questions and helping people. But there is no guarantee that they will answer, or even read, any of the questions here.
The mails you've had about accepting answers are because you've asked a question and not flagged any answer as correct. It's cleaning up and reminding people to close stuff that's dealt with. The robot doing it does not know that your question has not been answered to your satisfaction, only that it's open.
But. Essentially, you've asked the question in the wrong place. We're users, not vendors. It's the right place to ask for help, but if you have legal concerns, you need to contact Atlassian directly, not their users.
From time to time this topic comes up elsewhere. I'm wondering what your final solution was and any learning along the way? Did you move to a privately hosted environment? If so, did you consider using encryption plugins? Or might you have hosted the PII or SPII data in a secured server with only links to it in the cloud Atlassian hosting?
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG