-
Notifications
You must be signed in to change notification settings - Fork 11
2022 01 10 Chat with IA
Tristram Oaten edited this page Jan 10, 2022
·
4 revisions
- James Sheppard lead tech arc at CIFU
- David Biddle fe dev on CIFU
- Agz Interaction designer on CIFU
- Daniel Burnley Senior Dev on CIFU
- Hannah Cooper senior content designer on CIFU
- Anne Carr senior performance analysist on CIFU
- Betty Mwema Service designer CIFU
- Leo Archutowski Senior User researcher on Expert Servcies
- Chris Cameron senior interaction designer on CIFU
- Gianni Howard-Hole SDM on CIFU
- Paul Ellis IA lead for GOVUK
- Joe Levey privacy and data protection "person" for GOVUK
- Iain Boyd engagement lead on CIFU
We want every form on govuk to be accessible, easy to use, and quick to process
JS:
- Data retention - can we store all the form data in our database, or should we just process the data, sending it on to the final department for storage?
- Risk seems quite high, we have so much personal data we connect
PE:
- DPIA look at what the data is, who the parties are, from IA we run some threat modelling.
- Google forms has security controls out of the box, for instance
- We put together a scope, pentest etc
- end up with a risk assessment, and a form saying "risk" tolerable to the risk owner
- Was Fiona, will be someone new
- Verify Hub is similar, so is Signin
JL:
- Google Forms, as an example for instance, may have quirks builtin - we ask why, what does it benefit us - justify it.
- Justify your tools to data subjects - other departments.
- Segmentation the retention - orgs must be able to configure their retention - customer configured. Org per org.
- Onus on each department to justify
- Don't worry about the DPIA - JL will file
- Starting point, understand data flows
- We might not know exactly what data
- How do we envisage the data working in practice
- JL happy to workshop the flows
- PE also happy
- Workshop it - JS to arrange
Go back Home