Data Cleaner for Jira
- 1.1 Overview
- 1.2 Starting point: Data Cleaner Dashboard
- 1.3 Templates creation
- 1.3.1 Custom template
- 1.3.1.1 Scope configuration
- 1.3.1.2 Data Processing Rules
- 1.3.1.3 Post Functions
- 1.3.1.4 Reporting options
- 1.3.1.5 Scheduling
- 1.3.2 Predefined PII cleanup template
- 1.3.1 Custom template
- 1.4 Search and Anonymization
- 1.4.1 Search
- 1.4.2 Anonymization
- 1.5 Quick Anonymization
- 2 CCPA and GDPR references
Overview
The Data Cleaner module ensures thorough and extensive search for Personal Identifiable Information (PII) in all tickets of Jira. It also handles non-reversible anonymization, including anonymization at the user's request, quickly and reliably. In addition, it has many built-in tools facilitating and automating working with vulnerable data at all stages: tracking, sending comments and notifications, reporting, and plenty of opportunities for customization.
Ensure the "right to be forgotten" to replace all users, whose personal data have to be removed, with a single service user, specifically created for this purpose. In this case, if you have more than two anonymized users, it will be impossible to trace them back as both of them will appear as a "service user", and with every anonymized user the quality of protection will increase.
Our guide shows you all Data Cleaner functionalities and how you can use them.
The main provided features are:
pattern-based search (100+ most popular and widely used built-in patterns and custom search via regular expressions)
complete anonymization of vulnerable data, creating automated clean-up templates
anonymization of a specific user's personal data at his request, ensuring his "right to be forgotten"
automated comments and notifications for other team members to keep track of PII anonymization status
automated custom reports tracking the appearance of any vulnerable data
Before you start:
check if you have the following access rights: Jira Administrator, Jira System Administrator
сheck if you have defined a service user on the plugin configuration page, in whose name all further actions will be performed
Please, pay attention that the anonymization process is non-reversible!
We highly recommend to check it on a development server first.
Starting point: Data Cleaner Dashboard
The starting point of working with the Data Cleaner Module is the Data Cleaner Dashboard. There are two ways to get to it:
Navigate to Manage apps, find the Data Protection and Security Toolkit section in the left sidebar and the Data Cleaner in it. Click on it and you’ll see the Data Cleaner Dashboard.
Open the Data Protection and Security Toolkit Home page and find the Data Cleaner button. Click on it and you’ll see the Data Cleaner Dashboard.
The Data Cleaner Dashboard provides an overview of all created templates (short description, current status) and allows you to:
Start or stop the search
Start or stop the anonymization
Navigate to the Details menu for actions with the template
Also, there are two buttons – the Create PII cleanup template button for creating a template with predefined parameters and the Create custom template button for creating a template with parameters set by yourself. Let’s find out how to create a new template.
Templates creation
Custom template
Click on the Create Custom template button to create your own template. On the Edit Template page, you will see five sections with fields that you should fill in:
Scope configuration
Data Processing Rules
Post Functions
Reporting options
Scheduling
Scope configuration
Let’s take a look at the Scope configuration parameters in detail:
Parameter Name | Default Value | Description |
|---|---|---|
Template name | Empty | Enter any name that will separate the template from others. |
Scope (JQL) | Empty | Define the scope of tickets to be involved in the search or anonymization process. Use the Jira Query Language (JQL) for this field. You can also quickly add all tickets or tickets for the last 30 days – just put the cursor on the question mark next to the field and choose one of the variants. |
Fields | Empty | Here, you can set which fields the search should go through. It can be:
|
Try to skip already scanned content | Disabled | Tick the box to skip already scanned content. |
Usage example: Processing only new and updated tickets
The app allows you to create customized data rules and carry out the search only for new tickets and pages using a flexible time frame for that, for example, "created after the beginning of the week" or "updated after the beginning of the week" till the current date. In other words, it is possible to track the appearance of vulnerable data once a day or once a week and not to scan all tickets or pages if it has been done before. Processing only new and updated tickets and pages will be very fast in comparison to processing all the existing ones.
After all the fields are filled in, click the Save button and navigate to the next tab.
Data Processing Rules
In the Data processing rules section, you can create a new rule or/and use one of the built-in rules.
In order to define your own custom rule, click on the Create new rule button and view the Data Processing rule window.
Here is an overview of the Data Processing rule parameters which you can set:
Parameter Name | Default Value | Description |
|---|---|---|
Rule name | Empty | Enter any name that will separate the rule from others. |
Search type | Plain text | The object for search can be defined as plain text, regex, user and any user – just pick one of them. |
What to search | Empty | Enter the text, regex or select user from the dropdown menu which you want to find. |
Replacement type | None | Choose how the found data will be replaced: None: in this case, found data will not be replaced. Empty string: in this case, found data will be replaced with the empty string. User: this option is available only for user type of search and in this case, one user will be replaced with another one. Plain text: in this case, the found text will be replaced with a new one. “###“ Symbols: in this case, found data will be replaced with the symbols ###. “#“-Symbols with respect to the string length: in this case, found data will be replaced with a number of symbols “#” depending on the length of the found string. |
Replace for | Empty | Enter the text you want to replace the found text with or select the user to replace the found user with from the drop-down menu. |
Fill in all fields and click the Save button to save your settings.
In order to use built-in rules, click on the Add Built-in rule button and pick one or multiple built-in rules, then click on Add selected rules. You can tick the box Select all and create a template with all built-in patterns, or narrow down the scope by further filtering the data.
Built-in patterns can be filtered by a particular country (for example, Germany, Austria, Italy) or a personal data type (for example, phone and credit card numbers), or both. To use the filter, start typing the name of the country or the personal data type, and the system automatically will show existing built-in patterns.
A Jira Administrator is able to edit, clone, disable and delete Data processing rules – just click on the Actions button next to the Data processing rule.
Note: After the creation, the new Data processing rule has an enabled status by default. In order to disable it, click on the Actions button and choose Disable.
Post Functions
The app allows you to leave standard comments to all vulnerable tickets and to create and send automated notifications to employees responsible for these tickets. If the personal data are not important for the company or were added by mistake, they can be automatically deleted or replaced by XXX combinations. Click on the Add Post Function button at the right top corner of the page and view the Post function window:
Let’s take a look at the Post function's parameters in detail:
Parameter Name | Default Value | Description |
|---|---|---|
Post function name | Empty | Enter the post function name in this field. |
Rules scope | Empty | Choose the rule from the dropdown menu for which the post function must perform. |
Applied for any Rule | Disabled | Enable the checkbox if you want to apply the post function for all rules. |
Post function type | Empty | Choose one of the post function’s types from the dropdown menu: Add a comment to the Ticket: when you choose this option, you can set the comment text in a Comment field and this text will be displayed for all objects of the scope. Check the Fire event: Issue Commented box if an event should be sent after the comment is added. Add labels to the Ticket: when you choose this option, you can set some labels to the tickets and send notifications about it using Send notification checkbox. Send e-mail notification to: when you choose this option, you can select the notification recipient (Assignee, Reporter, Watchers, Component lead), enter the subject of your message and text of your message in a Message field. |
Click the Save button to save your settings.
After a post function is added, it is possible to edit, disable or delete it using the Actions menu.
Reporting options
In this tab, you can set the reporting type if you want to receive the notification about search results. Choose the reporting type:
Send Notification: In this type, reports are sent by e-mail. Enter e-mails where reports must be sent to the Emails field.
Add report to atlassian-jira.log or catalina.out: This type means writing the information to the server log.
Click the Save button to save your changes.
Scheduling
Use the scheduling functionality when it’s necessary to provide recurring actions for Jira tickets.
Here is an overview of the Scheduling parameters which you can set:
Parameter Name | Default Value | Description |
|---|---|---|
Enabled | Disabled | Check the box to execute the template by cron. |
Cron Expression | 0 0 1 * * ? | Set the periodicity of the task in cron format. The default value runs the template every day at 1 a.m. You can find hints about cron expressions when you hover the “?“ sign. |
Task execution type | Search | Choose one of the task types: Search: in this case, the template will provide recurring searches only. Anonymization: in this case, the template will provide recurring searches of the objects and their anonymization. |
Click the Save button after edited everything.
Now, your template is created.
Predefined PII cleanup template
Find the step-by-step guide about the PII template creation on this page: https://actonic.atlassian.net/wiki/spaces/GDPR114/pages/6322651546.
Search and Anonymization
At the Dashboard, you see the created template.
Search
Click on the Search button at Action's column to start the search of personal user data. It can take some time depending on the amount of content in your Jira.
When the search is done, you see its dates and if you choose “Show details” …
… you will be led to the more detailed search history.
On this page, you can see the project names where the data was found (Project column), all names of the affected tickets (Issue column), fields where the data was found (Field column), the data itself (Affected content column), the status “Found” (Status column), and what the rule was performed (Rule column). Open a ticket by clicking on the name, and you’ll find the ticket details if you need to check the information.
All found elements can be directly anonymized with the Start anonymization button at the top of the Data Cleaner – History page. You can also anonymize it one by one using the Actions menu/Anonymize option for anonymization only those elements which should be anonymized.
On the 3d-party addons anonymizers tab, you can see the anonymization results when the anonymization executes in third-party add-ons.
You can filter the results by:
project
object
status
rule
Also, it is possible to sort the found data by:
found time (sorting by default by the time of processing)
issue create date DESC (descending order)
issue create date ASC (ascending order)
After everything is set up, you can go back to the Data Cleaner – History page and start searching again with a Search button (see the picture at the top of the page). It can be very useful if you need to check the differences and find new existing content which matches your search pattern.
Anonymization
Open the Data Cleaner Dashboard, find your template, and click on its Anonymize button at Action's column to start the anonymization of personal user data.
Confirm your action in the popup before starting the anonymization:
When the anonymization is done, you see its dates and the message “Task finished“ in the Status column. Click on it, and you’ll see the results on the Data Cleaner – History page.
On this page, you can see all names of the affected tickets (Issue column), fields where the data was found (Field column), and the status Anonymized. Now, the personal user data is not stored anywhere in Jira, and the column Affected content is empty. You can check some tickets to make sure the data is anonymized.
Quick Anonymization
You can start a quick anonymization of user or ticket content without creating a template by simply using the dialog box.
Find the step-by-step guide about quick user anonymization on this page: https://actonic.atlassian.net/wiki/spaces/GDPR114/pages/6326321518.
Find the step-by-step guide about quick tickets content anonymization on this page: https://actonic.atlassian.net/wiki/spaces/GDPR114/pages/6301745229.
Now, you are ready to use all Data Cleaner functionalities for any task!
CCPA and GDPR references
With help of our app, you can, for example, comply to following guidelines:
Use case | CCPA | GDPR |
|---|---|---|
You, as a business, must delete some kind of personal information according to | Requirement under “right to deletion”: Upon a valid consumer’s request to delete personal information, a business must direct any service provider to delete consumers’ personal information. | Requirement under the “right to erasure” or “right to be forgotten”: Data subjects have a right to request erasure to the controller. Upon a valid request for erasure, controllers are obligated to take reasonable steps to have processors erase data. |