Protect Personal Data
There are several regulations that are enforced by various governing bodies that define rules for the protection of personal data. One of the latest is the European Union’s General Data Protection Regulation (GDPR). This regulation applies to the storage and processing of information that can be used to identify an individual, whether directly or indirectly. It doesn't necessarily require that you change how you process data, but you do need to be more transparent about it.
To support user authentication and authorization, YouTrack stores personal data. As a data controller, you are responsible for the collection, use, disclosure, retention, and protection of this information. The purpose of this guide is to provide an overview of the features that have been implemented in YouTrack to help you manage personal data responsibly.
This is by no means a comprehensive checklist that ensures your compliance with GDPR and other regulations for data protection. We provide these guidelines to answer basic questions and help you use the features that are built into YouTrack in an effective way.
First and foremost, you have an obligation to keep your data safe. YouTrack has a number of features that you can use to improve the security of your application, including:
Together, these features help protect your application from unauthorized access and theft. For more information, read our security guidelines for YouTrack.
Personal Data in YouTrack
The following list describes the general usage of information from YouTrack that can be used to identify an individual:
|Full name||Stored in the database, shown in the user profile, and displayed wherever the user is referenced in YouTrack.|
|Login (username)||Stored in the database, shown in the user profile, and displayed wherever the user is referenced in YouTrack.|
|Email address||Stored in the database, shown in the user profile, and used to send requests to restore passwords and and notifications that are generated according to the notification scheme that is configured independently for each user account.|
|Jabber account||Stored in the database, shown in the user profile, and used by connected services to send notifications to a Jabber client.|
|VCS usernames||Stored in the database, shown in the user profile, and used to authenticate the user in a connected version control system.|
|IP address||Stored in the database and access logs. The IP address from which the user last accessed the application is shown in the user profile for each login.|
The following permissions determine which users have the ability to read and update this information:
|Read Self||The user who is currently logged in to YouTrack can view their own profile data.|
|Update Self||The user who is currently logged in to YouTrack can edit their own profile data.|
|Read User||The current user can view profile data for other users.|
|Update User||The current user can update profile data for other users.|
The default permission scheme is configured as follows:
- Users who are assigned any role have access to the Read Self and Update Self permissions.
- The Read User permission is accessible to users with the Project Admin and System Admin role.
- The Update User permission is only accessible to users with the System Admin role.
Informing Users about Data Collection and Processing
With GDPR, you have an obligation to disclose the personal data that you collect and describe the purposes for which you use this information.
YouTrack has a built-in feature that you can use to provide information about the personal data that is collected from your data subjects. This information is stored in YouTrack as a user agreement. The agreement is presented to users when they first log in after the feature is enabled or major changes are applied to the agreement.
Note that this feature is not designed to track granular consent for specific types of processing, such as for marketing and research purposes. YouTrack simply isn’t designed to be used for this type of processing.
The ability to store and track acceptance of a user agreement is supported from YouTrack 2018.1. To learn more about this feature, see User Agreement.
Whether you use the User Agreement feature to track the acceptance of an information notice or not, you can add a custom message to your login page. This feature lets you provide links to the legal documents that describe how you manage personal data that is stored in the application.
The ability to add a custom message to the login page is supported from YouTrack 2018.2. The input field for storing the custom message is located on the Common Settings for Auth Modules page. For more information, see Common Settings for Auth Modules.
Right of Access by the Data Subject
Users with registered accounts in YouTrack can view and update most of their personal data by themselves. Personal data is stored in a separate Hub account for each user.
Each user has the ability to download a copy of the personal data that is stored in his or her Hub account. When a user performs this action, the personal data is collected from the YouTrack database and generated in CSV format.
The CSV file contains the full name, login, email address, Jabber account, and VCS user names. The file also contains the login details from any authentication modules that have been used to log in to YouTrack, including the date and time of last access, IP address, device, and operating system. Historical values that have been stored in various fields in the user profile include the date ranges during which the values were present.
Users whose accounts are banned are not able to log in and download a copy of their personal data. However, we have made it possible for an administrator to download a copy of the personal data which can then be provided to a user upon request.
The ability to download personal data is supported in YouTrack 2018.2. To learn more about this feature, read Download User Data.
Right to Erasure
Another provision under GDPR gives a data subject the right to request that their personal data be erased. This is also referred to as the 'right to be forgotten'.
In YouTrack, each user has the ability to anonymize his or her personal data. With anonymization, the personal data is sanitized in such a way that is no longer identifiable. The full name, email addresses, logins, login details, profile change history, and IP addresses are replaced with random values.
Anonymization only applies to personal data. Any issues that were reported and comments that were left by the anonymized user are retained in the system. Think of it this way: someone bakes a cake and offers you a slice. Maybe they even give you the recipe that they used to bake the cake and a photo of the cake before it was cut. Neither the slice of cake, the recipe, nor the photo contain personal data. You can anonymize the baker and keep the slice (who are we kidding, you ate it already), the recipe, and the photo of the cake.
As with downloading personal data, an administrator with sufficient permissions has the ability to anonymize the personal data for another user upon request.
The ability to anonymize personal data is supported in YouTrack 2018.2. To learn more about this feature, read Anonymize User Data.
Storing Personal Data in YouTrack Issues
With YouTrack, personal data collection is not limited to the information that is stored in user profiles. With issues, you have the ability to store any amount of personal data in custom fields. This can include personal information that is considered particularly sensitive under GDPR.
If you store personal information, such as addresses, credit card numbers, and social security numbers in issues, take extra measures to protect this information and prepare yourself for requests to access, correct, or erase this data.
- Use private custom fields to limit the number of users who have access to personal data.
- To comply with a request to access personal data, use the search feature to locate all issues that are related to the data subject and export the list of issues in CSV or Excel format.
- To comply with a request to erase personal data, delete the issues that store personal information for the data subject. If the data subject is also a registered user, use the anonymization feature to remove remaining personal data from the application.
Mailbox Integrations and Personal Data
With the mailbox integration, YouTrack transforms incoming email messages into issues. This integration stores email addresses that are used to route and process email messages in dedicated fields. If you receive a request to access or erase personal data, use a search query to locate issues that contain the specified email address in these fields and either download or delete these issues as required.
If the Reporter setting in your mailbox rules is configured to set the email sender as the issue reporter, the email address is also copied to the Hub account of the registered user. In this case, you should also follow the instructions that are provided here in the documentation to download or anonymize the personal data that is stored in the Hub account.
Zendesk Integrations and Personal Data
The Zendesk integration lets you share Zendesk tickets with issues in YouTrack. If the Reporter setting is configured to set the Zendesk user as the issue reporter, YouTrack creates a Hub account for each new user who submits a ticket in Zendesk.
The Hub account stores the name and email address of the user who submitted the ticket in Zendesk. As with the mailbox integration, you can follow the instructions that are provided here in the documentation to download or anonymize the personal data that is stored in the Hub account.