Protect Personal Data
There are several regulations that are enforced by various governing bodies that define rules for the protection of personal data. One of the latest is the European Union’s General Data Protection Regulation (GDPR). This regulation applies to the storage and processing of information that can be used to identify an individual, whether directly or indirectly. It doesn't necessarily require that you change how you process data, but you do need to be more transparent about it.
As an application that is designed for user authentication and authorization, your Hub installation stores personal data. As a data controller, you are responsible for the collection, use, disclosure, retention, and protection of this information. The purpose of this guide is to provide an overview of the features that have been implemented in Hub to help you manage personal data responsibly.
This is by no means a comprehensive checklist that ensures your compliance with GDPR and other regulations for data protection. We provide these guidelines to answer basic questions and help you use the features that are built into your Hub installation in an effective way.
First and foremost, you have an obligation to keep your data safe. Hub has a number of features that you can use to improve the security of your application, including:
Together, these features help protect your application from unauthorized access and theft. For more information, read our security guidelines for Hub installations.
Personal Data in Hub
The following list describes the general usage of information from Hub that can be used to identify an individual:
|Full name||Stored in the database, shown in the user profile, and displayed wherever the user is referenced in Hub and connected services.|
|Login (username)||Stored in the database, shown in the user profile, and displayed wherever the user is referenced in Hub and connected services.|
|Email address||Stored in the database, shown in the user profile, and used to send requests to restore passwords and other notifications from the services that are connected to Hub.|
|Jabber account||Stored in the database, shown in the user profile, and used by connected services to send notifications to a Jabber client.|
|VCS usernames||Stored in the database, shown in the user profile, and used to authenticate the user in a connected version control system.|
|IP address||Stored in the database and access logs. The IP address from which the user last accessed the application is shown in the user profile for each login.|
The following permissions determine which users have the ability to read and update this information:
|Read Self||The user who is currently logged in to Hub can view their own profile data.|
|Update Self||The user who is currently logged in to Hub can edit their own profile data.|
|Read User||The current user can view profile data for other users.|
|Update User||The current user can update profile data for other users.|
The default permission scheme is configured as follows:
- Users who are assigned any role have access to the Read Self and Update Self permissions.
- The Read User permission is accessible to users with the Project Admin and System Admin role.
- The Update User permission is only accessible to users with the System Admin role.
Informing Users about Data Collection and Processing
With GDPR, you have an obligation to disclose the personal data that you collect and describe the purposes for which you use this information.
Hub has a built-in feature that you can use to provide information about the personal data that is collected from your data subjects. This information is stored in Hub as a user agreement. The agreement is presented to users when they first log in after the feature is enabled or major changes are applied to the agreement.
Note that this feature is not designed to track granular consent for specific types of processing, such as for marketing and research purposes. Hub simply isn’t designed to be used for this type of processing.
The ability to store and track acceptance of a user agreement is supported from Hub 2018.1. To learn more about this feature, see User Agreement.
Whether you use the User Agreement feature to track the acceptance of an information notice or not, you can add a custom message to your login page. This feature lets you provide links to the legal documents that describe how you manage personal data that is stored in the application.
The ability to add a custom message to the login page is supported from Hub 2018.2. The input field for storing the custom message is located on the Common Settings for Auth Modules page. For more information, see Common Settings for Auth Modules.
Right of Access by the Data Subject
Users with registered accounts in services that are connected to Hub can view and update most of their personal data by themselves. Personal data is stored in a separate account for each user.
Each user has the ability to download a copy of the personal data that is stored in his or her Hub account. When a user performs this action, the personal data is collected from the Hub database and generated in CSV format.
The CSV file contains the full name, login, email address, Jabber account, and VCS user names. The file also contains the login details from any authentication modules that have been used to log in to a connected service through Hub, including the date and time of last access, IP address, device, and operating system. Historical values that have been stored in various fields in the user profile include the date ranges during which the values were present.
Users whose accounts are banned are not able to log in and download a copy of their personal data. However, we have made it possible for an administrator to download a copy of the personal data which can then be provided to a user upon request.
The ability to download personal data is supported in Hub 2018.2. To learn more about this feature, read Download User Data.
Right to Erasure
Another provision under GDPR gives a data subject the right to request that their personal data be erased. This is also referred to as the 'right to be forgotten'.
In Hub, each user has the ability to anonymize his or her personal data. With anonymization, the personal data is sanitized in such a way that is no longer identifiable. The full name, email addresses, logins, login details, profile change history, and IP addresses are replaced according to the current anonymization scheme.
Anonymization is also applied to user accounts in connected services that use Hub as a data source. This means that the personal data that is visible in YouTrack issues, Upsource code reviews, and TeamCity builds (among other references) is also anonymized.
There are two options for the anonymization scheme in Hub, which can be configured by a system administrator.
- The hashed scheme pseudonymizes personal data by replacing it with SHA-256 hashes. While the pseudonymized data is no longer stored in a human-readable state, it is still possible to link the hashes with the original values.
- The randomized scheme replaces personal data with random values. This anonymization irreversibly destroys any way of identifying the data subject. The randomized data cannot be reverted to a readable state.
As with downloading personal data, an administrator with sufficient permissions has the ability to anonymize the personal data for another user upon request.
The ability to anonymize personal data is supported in Hub 2018.2. To learn more about this feature, read Anonymize User Data.