| Table of Contents |
|---|
...
Overview
The Data Cleaner module ensures a detailed and extensive search for Personal Identifiable Information (PII) through all pages in Confluence and all tickets in Jira. In addition, it has many built-in tools, whiche which are facilitating and automating the work with sensitive data at all stages: tracking, sending comments and notifications, reporting, and ample opportunities for customization.
Main options includeThe main provided features are:
pattern-based search (most popular and widely used built-in patterns and custom search via regular expressions);
search of a specific user's personal data;
automated comments and notifications for other team members;
rules triggered by event rules, allow allowing to track all changes (creation of ticket/page/blogpost blog post, etc.) in real time
...
...
Data Cleaner Dashboard
The starting point of working with the Data Cleaner module is the dashboardData Cleaner Dashboard.
Go to the Data Cleaner dashboard from Find the Apps tab on the top of the start page, click on it and choose the GDPR and Security button under "Apps" menu and click on in the dropdown menu. After that, you’ll see the GDPR and Security Home page, where you’ll find the Search for personal data section with the Data Cleaner button. Click on the main dashboard:
...
2.
...
it and view the Data Cleaner Dashboard.
...
The Data Cleaner Dashboard provides an overview of all created templates with their description and for search and data processing (short description, current status) and allows you to:
...
Quickly enable or disable templates
Start or stop the search
...
Navigate to the
Actions' menu to edit, clone, or delete a template 3. Get current the template, to view its status and history
...
4. Create custom template
5. , or to clean history
Also, you see two buttons – the Create custom template buttonfor creating a template with parameters set by yourself and the Create search user template
...
Start Search
The "Search" button initiates a search through the content according to the template configurations and makes a list of all affected items.
To initiate the search, click the "Start Search" button.
Track the current search status at the Data Cleaner dashboard.
After the task is finished, click the “Status and History” button to check the results and get more details.
Status and History page
...
Status and History page provides details on search:
Jira
project - name of the project, where affected content was found,
key - ticket key in which ticket affected content was found,
summary - summary of the ticket,
field- a part of the ticket, where the personal data were found,
affected content - data that was found,
rule - the rule that was used during the search/anonymization process,
status of actions - current status of tasks in progress and finished tasks, for example, "
" for found tickets (if the search process was performed but none action is defined in the template), "Status title None
" for tickets, where sensitive content was found and some actions were performed.Status colour Green title Finished
...
Confluence
space - name of the space in which affected content was found,
id - page id on which affected content was found,
title - title of the page, where affected content was found,
field- a part of the ticket, where the personal data were found,
affected content - data that was found,
rule - the rule that was used during the search/anonymization process,
status of actions - current status of tasks in progress and finished tasks, for example, "
" for found tickets (if the search process was performed but in the template no one action is defined), "Status title None
" for tickets where sensitive content was found and some actions were performed.Status colour Green title Finished
...
Filtering processed Issues. You can filter the results by project, object, status and rule.
Sorting the results. It is possible to sort the found data by:
found time (sorting by default by the time of processing),
issue create date DESC (descending order),
issue create date ASC (ascending order).
Results of the last execution can be exported to CSV or JSON format:
...
Custom template: finding personal data with pattern-based search
It is possible to create a custom template with different rules. Click on the "Create custom template" button and you will see a form which you need to fill out. There are the following main sections:
General configuration
Field processing
...
Part 1. General configuration
At the general configuration section you will see 5 mandatory fields to fill out:
Template Name - any name that will separate the template from others,
Scope - define the scope of tickets using the Jira Query Language (JQL) to be involved in search or anonymization process,
Owner - who created and manage particular rules
Actor - user from who the actions will be performed. You can use built-in user "GDPR and Security Addon User" or choose your own. Please pay attention that built-in user can not run all actions. In the table below you can find information in which cases you have to choose your own user that should have the right access to the defined scope (any role which can access to access management)
...
User
...
Allowed actions
...
GDPR and Security Addon User
...
add comments
add labels
send notifications
trigger webhook
...
Your own user
(with appropriate access level)
...
add comments
add labels
send notifications
trigger webhook
restrict access to page
Trigger - define how to proceed with the template, if it should start manually or if the template should start automatically when a new piece of content was created in the defined scope. For example:
by defining the scope, you can also quickly add all tickets or tickets for the last 30 days, just put the cursor on the question mark next to the field.
After all the fields are filled in, click "Save" and you will be automatically forwarded to the next part.
Part 2. Fields processing
In the "Fields processing" part, you can "Create new rule" or/and use one of the built-in rules and define an action that will be performed.
button for creating a template with predefined parameters. Let’s find out how to create a new template.
Templates creation
Custom template
Click on the Create custom template button to create your own template. After that, you will see a page with two sections and fields that you should fill in:
General configuration
Fields processing
General configuration
...
Let’s take a look at the General configuration parameters in detail:
Parameter Name | Default Value | Description |
|---|---|---|
Template name | Test template | Enter any name that will separate the template from others. After that, you will see the results of automatic check up, showing if the name is vacant or not. |
Description | Empty | You can add a short description of your template or leave it empty. |
Scope | Empty | Define the scope of tickets in Jira or pages in Confluence to be involved in the search process. Use the Jira Query Language (JQL) for the search in Jira and Confluence Query Language (CQL) for the search in Confluence. Find some options under the Scope field which allows you to set the scope quickly – All tickets, Created last 30 days, Resolved more than 1 year ago for Jira and All pages and blog posts for Confluence. Just click on the appropriate option, and this scope will be set for the template. |
Owner | Current user name | Define who manages the template and can make changes to it. Select the user from the dropdown menu who is supposed to be an owner of the template. |
Actor | Current user name | Define the user in whose name the template actions will be performed (e.g., comment addition). Select the user from the dropdown menu who is supposed to be an actor. |
Trigger | Manually | Select the template execution type – Manually or By content event. Manually means you start the search by your own using the Start button on the Dashboard. By content event means the search starts when some event happens. Choose events in the Trigger events field, which appears when the By content event type is selected: In Jira
In Confluence
Note: it is not recommended to select all options at the same time. Note: if you create several triggered by content event templates, only one template can be enabled. |
Notify in case of error | None | This feature is only for the case of a manual template start. It allows you to set up notifications about any error during the search. To do this, select the Template owner in the dropdown menu, and notifications will be sent to the template owner. Leave None if notifications are not needed. |
Notify in case of successful execution | None | This feature is only for the case of a manual template start. It allows you to set up notifications in case of a successful template execution. Select the Template owner in the dropdown menu, and notifications will be sent to the template owner. Leave None if notifications are not needed. |
After all the fields are filled in, click the Save and Continue button and navigate to the Fields processing tab.
Fields processing
In the Fields processing section, you set what fields the search must go through, create rules and add actions that will be applied to the rules.
...
Fields
Here is an overview of the fields settings:
Parameter Name | Default Value | Description |
|---|---|---|
Fields | Empty | Here, you can set which fields the search should go through. It can be: In Jira
In Confluence
|
Fields format (in Confluence only) | Use rendered fields | Choose one of the options by radio button – Use rendered fields or Use raw fields format. Use rendered fields means showing you data that the server stores in the database in a styled HTML table. Use raw fields format means showing you data in a simple format, which the server stores in database. This option excludes macros. |
After you set the fields parameters, navigate to the rules settings below on the page.
Rules
In this area, you can define what exactly you are going to search for. Using rules settings, you can:
create a new rule
add rules from the library
check rules on the issue for Jira, or check rules on the page for Confluence
Let’s take a look at it in detail.
New rule creation: In order to define your own custom rule, click on the
...
Create new rule
...
When creating a new rule you have to define rule name, search type and what to search:
...
button and view the Create rule window.
...
Here is an overview of the rule parameters which you can set:
Name | Default Value | Description |
|---|---|---|
Rule name | Empty | Enter any name that will separate the rule from others. |
Search type | Plain text | The object for search can be defined |
...
as |
...
plain text,regex, and user – just pick one of them. | ||
What to search | Empty | Enter the text, regex, or |
...
select a user from the dropdown menu which you want to find. |
Fill in all the fields and click the Save buttonto save your settings. After that, your rule will be displayed on the page.
Adding rules from the library: In order to use built-in rules, click on the
...
Add
...
rule
...
from library button and
...
pick one or multiple built-in rules, then click on
...
Add selected rules
...
.
...
...
You can tick the box "select Select all" and create a template with all built-in patterns, or narrow down the scope by further filtering the data.
Filtering. Built-in patterns can be filtered by a particular country (for example, Germany, Austria, Italy) or a personal data type (for example, phone and credit card numbers), or both.
...
To To use the filter, start typing the name of the country or the personal data type, and the system automatically will show existing built-in patterns.
A Jira administrator Administrator is able to edit, disable and delete rules. Click delete the rules – just click on the "Actions" button next to the rulessettings button for the required rule.
Note: After the creation, the new
...
rule has an
...
enabled status by default. In order to disable it, click on the
...
settings button and choose
...
Disable
...
.
...
Part 3. Actions
Once PII is found, it needs to be processed. The app allows four type of actions:
...
Action type
...
Description
...
Add comments to the ticket
This action allows you to add some predefined comment in the ticket where sensitive content has been found.
...
{{templateName}}
{{ruleName}}
{{actionName}}
{{baseUrl}}
{{projectKey}}
{{projectName}}
{{issueKey}}
{{issueSummary}}
{{linkToIssue}}
...
Send notification email
...
This action allows you to send notification to the responsible person or the team. For the configuration you have to define recipients, email subject and email body.
In the email body you can use the following additional variables:
{{templateName}}
{{ruleName}}
{{actionName}}
{{baseUrl}}
{{projectKey}}
{{projectName}}
{{issueKey}}
{{issueSummary}}
{{linkToIssue}}
...
Add label
...
This action allows you to add some labels.
...
Webhook
...
This action allows you to send webhook callback to predefined URL with custom headers and body.
In the body you can use the following additional variables:
{{templateName}}
{{ruleName}}
{{actionName}}
{{baseUrl}}
{{projectKey}}
{{projectName}}
{{issueKey}}
{{issueSummary}}
{{linkToIssue}}
In order to add actions, click on the “Add action” button:
...
Further you need to set action name, select rule/rules with which this action will be working, and choose a necessary action type:
...
GDPR references
The main GDPR principles include "Data minimization" and "Storage limitation". According to Article 5, personal data must be "kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’)". This highlights the importance of having personal data usage under control. In other words, DPOs or other employees responsible for data protection must be aware when such data appear and perform and monitor further necessary activities, such as deleting data (if the data are outdated or no longer required, if the term of storage is over or the purpose of data processing is no longer relevant) or notify employees if they are not GDPR compliant and need to address the issue.
The reference to the "right to be forgotten" can be found in Article 17 of the GDPR: "The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies[1]:
the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
the personal data have been collected in relation to the offer of information society services referred to in Article 8(1)".
...
Checking rules on the issue (Jira)/page (Confluence): Using this option, you can preview the content that matches the rule in the exact ticket of Jira or the exact page of Confluence. To do that, select your fields for searching and create at least one rule. After that, you can:
in Jira: click on the Check rules on the issue buttonand enter the ticket key in the Check issue matches window
in Confluence: click on the Check rules on the page buttonand enter the page title in the Check page matches window
If there is any data that matches the rule in this ticket/page, you’ll see the table with all found items right in the Check issue/page matches window:
...
After you set the rules, navigate to the actions settings at the bottom of the page.
Actions
The app allows you to leave standard comments on all vulnerable tickets/pages and to create and send automated notifications to employees responsible for these tickets/pages. If the personal data are not important for the company or were added by mistake, they can be found and replaced by any text, for example, XXX or ### combination. Click on the Add action button and fill in the fields of the Issue Action window:
...
Let’s take a look at the actions parameters in detail:
Parameter Name | Default Value | Description |
|---|---|---|
Action name | Empty | Enter the action name in this field. |
Worked with rules | Empty | Pick the rule from the dropdown menu for which the action should be performed. |
Use any rules | Disable | Enable the checkbox if you want to apply the action for all rules. |
Action type | Empty | Choose one of the action’s types from the dropdown menu: Add comment: when you choose this action, you can set the comment text in a Comment field and this text will be displayed for all affected objects. Send notification email: when you pick this action, just enter addresses of the recipients, subject, and text of your message in appropriate fields, and your notification will be sent to required recipients. Restrict VIEW and EDIT for content (for Confluence only): this action allows you to restrict viewing and editing of affected pages, so all the found pages will be hidden from all users. Send notification email to template owner: when you select this action, just enter the subject and text of your message in the appropriate fields. The message will be sent to the template owner’s address automatically. Add label: when you pick this action, you can set the label in the Label field to all affected objects. Webhook: this action allows you to create tickets in Jira for the affected content automatically by sending a webhook callback to a predefined URL with custom headers and body. Just set the API URL, name of the ticket in the Headers field and its short description in the Body field, and the ticket will be created with this information. Show warning on the page view: when you choose this action, you can set a popup window that will be displayed on the affected pages or tickets. To do this, enter the title in the Title field and text of the notification in the Body field. Set content property: this action allows you to add some predefined content entity property to affected pages or tickets. For this action is required to fill-in 2 fields: Property Key is the key of the issue property (the maximum length is 255 characters, it should be one word, no spaces, no special chars) and Property Value – Replace with text: this action type could be performed for text fields only (like Summary, Description, and Comments). When you choose this option, enter the text you want to replace the found text with. |
Click the Save buttonin the Issue Action window after setting the actions.
Now, your template is completed.
Predefined search user template
Click on the Create search user template button to create a predefined template. Firstly, you will see a window where you should select the user whose information you want to find:
in Jira: select username from the dropdown menu, and click on the Create button
in Confluence: start typing a username in the field, find the user in the dropdown menu, and click on the Create button
After that, you will see the page with two sections:
General configuration
Fields processing
As the template is predefined, all its parameters are already set up, and you can directly start using it.
General configuration
Let’s take a look at the General configuration parameters in detail:
Parameter Name | Default Value | Description |
|---|---|---|
Template name | Search user data {user name} | The name is predefined and will be displayed at your Dashboard. |
Description | Empty | You can add a short description of your template or leave it empty. |
Scope |
| Here you can define the scope of tickets in Jira or pages in Confluence to be involved in the search process. Use the Jira Query Language (JQL) for the search in Jira and Confluence Query Language (CQL) for the search in Confluence. Predefined JQL and CQL requests involve all the tickets, pages, and blog posts in the instance. |
Owner | Chosen user name | Define who manages the template and can make changes to it. Select the user from the dropdown menu who is supposed to be an owner of the template. |
Actor | Chosen user name | Define the user in whose name the template actions will be performed (e.g., comment addition). Select the user from the dropdown menu who is supposed to be an actor. |
Trigger | Manually | The template execution type Manually means you start the search by your own using the Start button on the Dashboard. You can change it to By content event type, which means the search starts when some event happens. Choose events in the Trigger events field which appears when the By content event type is selected: In Jira
In Confluence
|
Notify in case of error | None | This feature is only for the case of a manual template start. It allows you to set up notifications about any error during the search. To do that, select the Template owner in the dropdown menu, and notifications will be sent to the template owner. Leave None if notifications are not needed. |
Notify in case of successful execution | None | This feature is only for the case of manual template start. It allows you to set up notifications in case of a successful template execution. Select the Template owner in the dropdown menu, and notifications will be sent to the template owner. Leave None if notifications are not needed. |
Fields processing
In the Fields processing section, there are settings of the fields the search must go through and settings of the search rules and actions.
Fields
Here is an overview of the field settings:
Parameter Name | Default Value | Description |
|---|---|---|
Fields | In Jira
In Confluence
| Here, you can set which fields the search should go through. |
Fields format (in Confluence only) | Use rendered fields | The format Use rendered fields means showing you data that the server stores in the database in a styled HTML table. You can change it to Use raw fields format, which means showing you data in a simple format the server stores in database. This option excludes macros. |
After you set the fields parameters, navigate to the rules settings at the bottom of the page.
Rules
In this area, you can define what exactly you are going to search for. Rules Search user key, Search user email, Search user name,and Search user data {user name} are already added and enabled.
Actions
There are no actions in the template by default, but you can add them if necessary.
Click the Save button in the top right corner of the page to save your changes of the template.
Search
On the Dashboard, you see the created template.
Click on the Start button in Actions column to start the search for personal user data. It can take some time depending on the amount of content in your Jira or Confluence.
While the search performs, you can see the information panel at the top of the Dashboard where it is indicated which template is running, by whom it is run, and its current status:
...
Note: while the one template is performing, no more templates can be started.
When the search is done, you see a check mark in the History column. After every execution, you will see a new check mark next to the previous one. Click on it, and you will see search results for the respective execution on the History page:
...
...
In Jira, on this page, you see project names where affected content was found (Project column), keys of the affected tickets (Key column) and the names of the ticket (Summary column), part of the ticket, where the personal data were found (Field column), names of the performed rules (Rule column) and names of the related actions (Action column), was the action applied or not (Status of action column), and the Check case feature (Inspect column), allowing you to form an ignore list. See more information about the ignore list below.
In Confluence, on this page, you see space names where affected content was found (Space column), IDs (ID column) and names (Title column) of the affected pages or blog posts, fields where the data was found (Field column), names of the performed rules (Rule column) and names of the related actions (Action column), was the action applied or not (Status of action column), and the Check case feature (Inspect column), allowing you to form an ignore list. See more information about the ignore list below.
You can filter the results by project/space, object, status, and rule, and export the results in CSV or JSON format.
Ignore list
Let’s take a look at the Check case feature in detail.
Click on it, and view the Case window, where the information about the exact case is displayed:
...
In this window, you can see where the affected content was found, what rule was performed for this, and the content itself. If it’s necessary to skip certain content in subsequent searches, choose the Ignore certain content, field and rule option in the Take action dropdown menu and click Save. After that, when you start the search, this match in the certain field will be ignored.
Note: if the Ignore certain content, field and rule option is set for some case, then the Take action menu is no more available for this case.
To skip some text, that you set in the search rules, pick the Ignore specific text option and enter the text in the Text to ignore field. After that, when you start the search, this match will be ignored in all the fields.
If you set content to ignore, you see which specific texts or rules are ignored in the Fields processing section of the template settings:
...
You can delete any elements from the ignore list when necessary.
Now, you are ready to manage the sensitive data with Data Cleaner in your instances.