Search for personal data in Jira and Confluence

Every company in the world saves data in some way. Freelancers, start-ups and global corporations: There is no company without data from customers, employees, projects or payments. The sticking point is that a lot of this stored data is personal data, which has to be secured.

When companies are using systems for processing customer requests (e.g. Jira Service Management) or for project management (e.g. Jira and Confluence), data is being stored company-wide. How? Once a customer ticket is being sent, it will be processed by customer service, consultants and accounting. In order to provide the obligatory security for mentioned data, it’s important to know how to search for it in company systems and delete it.

How to define data privacy?

Data privacy means securing personal data from being abused or stored in an unsafe manner. This applies that the data owner needs to have to the right of self-determination concerning his data. In Germany, this right is part of the constitution. For clear delimitation from other data, it’s defined which data is being referred to as personal data under the data privacy law. In case of violation of those rules, the law also provides sanctions (Art. 77 ff GDPR), which in the past have been up to multiple millions fines for well-known companies.

What is personal data?

Personal data (PII: personally identifiable information) under the data privacy law can be defined as sensitive data. It’s related to any kind of data being used for identifying a person. It’s protected explicitly in terms of usage, storage and disclosure.

Examples for personal data (PII)

  • Name and address

  • Birthdate

  • IP address

  • Social security number

  • ID card number

  • Bank account information

  • License plate

  • Etc.

Why should you pay attention to personal data in your Jira and Confluence?

Let’s keep the answer simple: Those who are not, will find themselves confronted with massive penalties at some point. Because data privacy laws in Europe (known under GDPR, in Germany explicitly under DSGVO), but also in countries like the USA and Brazil, set clear rules.

The problem: Even though high sanctions are already imposed worldwide and the media is talking about it, many companies still do not know a lot about data privacy. Data breaches or risks are being overseen or misjudged. This starts with misuse of personal data in offices, for example whilst leaving laptops open without being at your desk, but goes on to data storage in Jira and Confluence.

What is your responsibility as a company in data privacy, what is Atlassian's as system provider?

Atlassian is jointly responsible for data privacy as the system provider of Jira and Confluence as well, especially on Cloud instances. Therefore, the Australian company has published a “GDPR Commitment“, which officially addresses all kinds of regulations and technical features connected to data privacy in Jira and Confluence. One example would be the “right of erasure”. ISO/IEC standards are also mentioned. In case of data storage, Atlassian communicates what hosting looks like in detail.

But, you as a company are responsible for data privacy as well. Simply because you’re signing a contract with your customer, employee etc. and will receive their data. If a customer requires information on personal data, the anonymization or deletion, it’s your responsibility to react.

Do it right: How to search for, find and handle personal data in Jira and Confluence

If PII is being stored in companies, handling their security is of importance. Therefore, you need experts like data protection officers or admins with the right education. They will establish processes for data storage, processing and following data privacy laws.

This all starts with defining which data is being stored, for which purpose and where it will be saved inside your Jira and Confluence. Users will have to accept those terms at the beginning. When requested, you should be able to find this data quickly. Maybe in connection to the users “right of information”, or because of their “right of erasure”, which means that you will have to delete all personal data.

Common ways

Many companies work with self-developed scripts for data privacy, which are supposed to reduce manual tasks. They are also supposed to help with data search and erasure in Jira and Confluence. But imagine doing this for hundreds of customers each year in thousands of data records for multiple projects, support tickets etc. Sounds not only like a lot of work, but actually is. And it is the source for immense errors, which could lead to massive consequences.

The fast, comfortable and safe way with Actonic

We have the right solution for your data privacy issues! For supporting you in being compliant with data privacy laws, we’ve developed our app GDPR (DSGVO) and Security for Jira and Confluence.

Here is what our app does:

  • GDPR (DSGVO) and Security for Jira and Confluence supports you in announcing your privacy policies to your users and ask for their consent.

  • Through built-in templates and rules, you’re able to search for PII in Jira and Confluence and anonymize it. A step-by-step-process guides you towards your goal.

  • Responsible people can get notified in case of the creation of sensitive data inside your Jira and Confluence instance and react on it.

  • And much more

If you have any questions about this article or about our products, please let me know!

4 comments

Comment

Log in or Sign up to comment
Alfredo Negrete August 20, 2021

Is this a plugin or home grown internal app?  

Taranjeet Singh
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 20, 2021

Thank you for sharing that information, @Andreas Springer _Actonic_ !

Andreas Springer _Actonic_
Marketplace Partner
Marketplace Partners provide apps and integrations available on the Atlassian Marketplace that extend the power of Atlassian products.
August 23, 2021

@Alfredo NegreteGDPR (DSGVO) and Security for Jira and Confluence is a Marketplace app. Feel free to have a look at our listing if you are interested in more technical details GDPR (DSGVO) and Security for Jira | Atlassian Marketplace

Vero Rivas
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 28, 2021

Thanks for sharing

TAGS
AUG Leaders

Atlassian Community Events