Scoping Questions |
---|
Does the application code contain personal information? |
Do any databases used by the application contain personal information? If the application has personal information, has it been de-deidentified? |
Do any application logs contain personal information? |
The following categories of information often come with special legislative protections.
Special categories of Personal Information |
---|
Biometric data: Does the application collect biometric data? |
Children data: Does the application collect data from youth under 16? |
CPNI: Does the application contain CPNI data? CPNI or Customer Proprietary Network Information, is the data collected by telecommunications companies about subscribers. |
Voice and Video: Does the application collect voice or video data? |
The categories defined in xCOMPASS are the following:
- Accountability and Auditing
- Data Quality and Integrity
- Use Limitation
- Data Minimization
- Transparency
- Security
- Purpose Specification
- Individual Participation
- Third-party Sharing
The full questionnaire is available here. Each question has a persona linked - if you would like to see an example persona for each combination listed here, use this link.