From c4736978830244e6114dd095bddb3d3333b3549f Mon Sep 17 00:00:00 2001 From: Pete Herlihy Date: Fri, 22 Apr 2016 15:45:40 +0100 Subject: [PATCH 1/3] Updated terms of use in line with feedback received via security assurance team --- app/templates/views/terms-of-use.html | 41 ++++++++++++++++----------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/app/templates/views/terms-of-use.html b/app/templates/views/terms-of-use.html index f8e1b8f36..69dee6fef 100644 --- a/app/templates/views/terms-of-use.html +++ b/app/templates/views/terms-of-use.html @@ -35,7 +35,6 @@ Terms of use – GOV.UK Notify
  • not to use GOV.UK Notify to send marketing messages
  • to send messages consistent with our design patterns, style guide and information security principles
  • to use GOV.UK delivery data to continuously improve the quality of your contact data
    • -
  • not to exceed your estimated sending volumes by more than ten percent

    • Before you can send real messages:

    @@ -70,9 +69,13 @@ Terms of use – GOV.UK Notify We agree to keep your data secure -

    GOV.UK Notify only stores personal data for the time it takes to process it and report back to you – less than 24 hours. After this time, we delete all personal data. We keep some non-personal data for logging and reporting.

    +

    GOV.UK Notify (as a whole, including subcontractors) currently store personal data for up to 1 year, and non-personal data indefinitiely.

    -

    GOV.UK Notify is security accredited by the Cabinet Office Senior Information Risk Officer (siro). We maintain appropriate technical and organisational measures to protect data. We make sure our subcontractors follow the same procedures.

    +

    GOV.UK Notify has been through an information assurance process to assess information risks, to determine appropriate treatments for those risks and to obtain risk acceptance from the Cabinet Office SIRO. This work includes the completion of a Privacy Impact Assessment to ensure compliance with the Data Protection Act.

    + +

    We do not conduct, or enable, analysis of when the same recipient (mobile number, email or postal address) is contacted by multiple Government organisations. We may do so if required by law enforcement.

    + +

    We maintain appropriate technical and organisational measures to protect data. We make sure our subcontractors follow the same procedures.

    Cabinet Office act as data processor, as parent organisation of GOV.UK Notify. Your organisation remains the data controller.

    @@ -83,6 +86,9 @@ Terms of use – GOV.UK Notify

    We’ll email you if you need to change these terms. We’ll tell you clearly what is changing and when the change will come into effect.

    + +

    This includes when any of our email, text message or postal providers change.

    +
    @@ -94,12 +100,14 @@ Terms of use – GOV.UK Notify You agree not to compromise the security of GOV.UK Notify -

    You agree to get your service accredited by your organisation’s Senior Information Risk Officer (siro). You don’t need to include accreditation of GOV.UK Notify or our delivery partners, since we’ve already done that.

    +

    You agree to get your service assured through your organisation’s information assurance (security) process. You don’t need to include assurance of GOV.UK Notify or our delivery partners, since we’ve already done that - we can share the work we’ve done.

    You must tell us immediately if you have any security breaches. This is so we can make sure other services are not affected.

    You must follow industry best practices for keeping your API keys secure.

    +

    You must ensure you have obtained correct levels of consent - both to send messages but also for how data is shared in order to do so.

    +

    You must not perform any load testing on GOV.UK Notify, since we’ve already done it.

    @@ -113,7 +121,7 @@ Terms of use – GOV.UK Notify
    • The user completed a transaction, you send them a confirmation email
    • The user got an MOT a year ago, you remind them that it’s about to expire
      • -
    • The user signed up for email alerts, you send them said email alerts
      • +
    • The user signed up for email alerts, you send them email alerts

    You don’t need to ask permission to send messages that directly relate to a transaction. By using a transaction, a user is implicitly agreeing to receive messages about that transaction.

    @@ -126,9 +134,9 @@ Terms of use – GOV.UK Notify
  • Continuing to update someone about a service they no longer use
    • -

    You agree not to use GOV.UK Notify to send marketing messages.

    +

    You must agree not to use GOV.UK Notify to send marketing messages.

    -

    If you attempt to use GOV.UK Notify for marketing, your templates won’t pass our content review.

    +

    If you do use GOV.UK Notify to send marketing messages, we may refuse to accept further messages for delivery.

    You agree to send messages consistent with our design patterns, style guide and information security guidelines @@ -136,25 +144,20 @@ Terms of use – GOV.UK Notify

    Your messages must follow our design patterns, style guide and information security guidelines.

    +

    Your messages must not contain any personal, or otherwise sensitive, information.

    +

    You agree to use GOV.UK Notify delivery data to continuously improve the quality of your contact data

    When you send messages through GOV.UK Notify, we provide feedback on the status of every text message, email and letter.

    -

    You agree to use our delivery data to remove bounced email addresses, mobile numbers and postal addresses from your database.

    +

    You agree to use our delivery data to check (and potentially remove) bounced email addresses, mobile numbers and postal addresses from your database.

    + +

    You agree to ensure your user’s personal data is kept accurate and up to date, in line with Data Protection Act principles.

    If you have consistently high bounce rates, we will investigate and may refuse to accept further messages for delivery. This is to protect delivery rates for other services using GOV.UK Notify.

    -

    - You agree not to exceed your estimated sending volumes by more than ten percent -

    - -

    As part of requesting to go live, you must estimate how many text messages, emails and letters you plan to send each year, including any spikes or seasonal variation.

    - -

    If you exceed your sending limits by more than ten percent, we may refuse to accept further messages for delivery. This is to protect delivery rates for other services using GOV.UK Notify.

    - -

    If you need to increase your sending limits, let us know.

    @@ -166,6 +169,7 @@ Terms of use – GOV.UK Notify @@ -199,6 +203,9 @@ Terms of use – GOV.UK Notify

    You can remove your service from GOV.UK Notify at any time. Contact us and we’ll delete your account.

    + +

    Any data that you have processed through GOV.UK Notify will be deleted as part of the existing data deletion processes.

    +
    From 5ae45a810dee29a5f0ff1c5c3f2dc8a79ba03ca0 Mon Sep 17 00:00:00 2001 From: Pete Herlihy Date: Mon, 25 Apr 2016 10:48:07 +0100 Subject: [PATCH 2/3] Fixed typos on terms of use --- app/templates/views/terms-of-use.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/templates/views/terms-of-use.html b/app/templates/views/terms-of-use.html index 69dee6fef..47c4ba269 100644 --- a/app/templates/views/terms-of-use.html +++ b/app/templates/views/terms-of-use.html @@ -69,9 +69,9 @@ Terms of use – GOV.UK Notify We agree to keep your data secure -

    GOV.UK Notify (as a whole, including subcontractors) currently store personal data for up to 1 year, and non-personal data indefinitiely.

    +

    GOV.UK Notify (as a whole, including subcontractors) currently store personal data for up to 1 year, and non-personal data indefinitely.

    -

    GOV.UK Notify has been through an information assurance process to assess information risks, to determine appropriate treatments for those risks and to obtain risk acceptance from the Cabinet Office SIRO. This work includes the completion of a Privacy Impact Assessment to ensure compliance with the Data Protection Act.

    +

    GOV.UK Notify has been through an information assurance process to assess information risks, to determine appropriate treatments for those risks and to obtain risk acceptance from the Cabinet Office Senior Information Risk Office (SIRO). This work includes the completion of a Privacy Impact Assessment to ensure compliance with the Data Protection Act.

    We do not conduct, or enable, analysis of when the same recipient (mobile number, email or postal address) is contacted by multiple Government organisations. We may do so if required by law enforcement.

    From 31bc602d0febc84de5a1d485d484a892f7b1bb62 Mon Sep 17 00:00:00 2001 From: Pete Herlihy Date: Mon, 25 Apr 2016 10:49:17 +0100 Subject: [PATCH 3/3] Explained the SIRO acronym --- app/templates/views/terms-of-use.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/templates/views/terms-of-use.html b/app/templates/views/terms-of-use.html index 47c4ba269..f38920dfd 100644 --- a/app/templates/views/terms-of-use.html +++ b/app/templates/views/terms-of-use.html @@ -71,7 +71,7 @@ Terms of use – GOV.UK Notify

    GOV.UK Notify (as a whole, including subcontractors) currently store personal data for up to 1 year, and non-personal data indefinitely.

    -

    GOV.UK Notify has been through an information assurance process to assess information risks, to determine appropriate treatments for those risks and to obtain risk acceptance from the Cabinet Office Senior Information Risk Office (SIRO). This work includes the completion of a Privacy Impact Assessment to ensure compliance with the Data Protection Act.

    +

    GOV.UK Notify has been through an information assurance process to assess information risks, to determine appropriate treatments for those risks and to obtain risk acceptance from the Cabinet Office Senior Information Risk Officer (SIRO). This work includes the completion of a Privacy Impact Assessment to ensure compliance with the Data Protection Act.

    We do not conduct, or enable, analysis of when the same recipient (mobile number, email or postal address) is contacted by multiple Government organisations. We may do so if required by law enforcement.