From 0d0db5f6f6ad115e751de1fd5acdc240713fe10e Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Mon, 12 Dec 2022 16:46:31 -0500 Subject: [PATCH] Document potential PII and data storage policies --- docs/data-storage.md | 64 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 docs/data-storage.md diff --git a/docs/data-storage.md b/docs/data-storage.md new file mode 100644 index 000000000..54045c742 --- /dev/null +++ b/docs/data-storage.md @@ -0,0 +1,64 @@ +Data Storage Policies & Procedures +================================== + + +Potential PII Locations +----------------------- + +### Tables + +#### users1 + +* name +* email_address +* mobile_number + +#### invited_users1 + +* email_address + +#### invited_organization_users1 + +* email_address + +#### jobs + +No db data is PII, but each job has a csv file in s3 containing phone numbers and personalization data. + +#### notifications + +* to +* _personalization2 +* phone_prefix (?) + +#### notification_history + +* phone_prefix (?) + +#### inbound_sms + +* content2 +* user_number + +#### events + +* data (contains user IP addresses) + +### Notes + +#### Note 1. + +Users and invited users are Federal, State, or Local government employees or contractors. Members of the general public are _not_ users of the system + +#### Note 2. + +Field-level encryption is used on these fields. + +Details on encryption schemes and algorithms can be found in [SC-28(1)](https://github.com/GSA/us-notify-compliance/blob/main/dist/system-security-plans/lato/sc-28.1.md) + +Data Retention Policy +--------------------- + +Seven (7) days by default. Each service can be set with a custom policy via `ServiceDataRetention` by a Platform Admin. The `ServiceDataRetention` setting applies per-service and per-message type and controls both entries in the `notifications` table as well as `csv` contact files uploaded to s3 + +Data cleanup is controlled by several tasks in the `nightly_tasks.py` file, kicked off by Celery Beat.