Skip to content

PSGallery GDPR documentation #2287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from Mar 31, 2018
Merged

PSGallery GDPR documentation #2287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
35ed2ff
Changed required PSGet version to 1.6.0
Dec 4, 2017
f2c3780
Merge branch 'staging' of https://github.com/powershell/powershell-do…
Dec 8, 2017
6843552
Merge branch 'staging' of https://github.com/powershell/powershell-do…
Jan 18, 2018
88b8a3f
Merge branch 'staging' of https://github.com/powershell/powershell-do…
Mar 13, 2018
727ba68
Merge branch 'staging' of https://github.com/powershell/powershell-do…
Mar 27, 2018
1c4f2be
Adding GDPR doc
Mar 28, 2018
de1475b
Updates from GDPR Staff review
Mar 28, 2018
4d261c8
Merge branch 'staging' of https://github.com/powershell/powershell-do…
Mar 28, 2018
552f7ce
Marked code as PowerShell
Mar 29, 2018
b44168a
Updated TOC with GDPR
Mar 29, 2018
52ba4e3
Merge branch 'staging' of https://github.com/powershell/powershell-do…
Mar 29, 2018
e632f8b
Fixing typo in PS cmd
Mar 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions gallery/TOC.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@
href: psgallery/psgallery_requires_license_acceptance.md
- name: Require License Acceptance on Deploy to Azure Automation
href: psgallery/psgallery_deploy_to_azure_automation_requireLicenseAcceptance.md
- name: PowerShell Gallery GDPR Compliance
href: psgallery/psgallery_gdpr_dsr.md
- name: PowerShellGet
href: psget/overview.md
items:
Expand Down
90 changes: 90 additions & 0 deletions gallery/psgallery/psgallery_gdpr_dsr.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
ms.date: 03/27/2018
contributor: JKeithB
ms.topic: conceptual
keywords: gallery,powershell,psgallery,GDPR
title: PowerShell Gallery GDPR Compliance
---

# PowerShell Gallery GDPR Compliance

## Overview

In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), will take effect.
The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

Microsoft products and services are available today to help you meet the GDPR requirements.
Read more about Microsoft Privacy policy at [Trust Center](https://www.microsoft.com/trustcenter).

The PowerShell Gallery meets GDPR requirements.

The Powershell Gallery stores the following information that may be provided by users, which may contain personal information:

* PowerShell Gallery account
* Items published to the PowerShell Gallery
* Email correspondence with the PowerShell Gallery team

Most users do not create a PowerShell Gallery account, as it is not required unless the user is going to publish an item, or use the "Contact Owner" feature in the PowerShell Gallery.
The PowerShell Gallery does not store EUII data for users who have not created a PowerShell Gallery account, other than email correspondence initiated by the user.

Users who create a PowerShell Gallery account can publish items to the PowerShell Gallery.
Those items are expected to be PowerShell code, but may contain other information including personal information. The information below will show how you can get all the items you have published to the PowerShell Gallery.


## DSR Export of PowerShell Gallery Data

The following sections describe the PowerShell Gallery supports a GDPR Data Subject Request (DSR) by explaining how to export information stored in the PowerShell Gallery, and how to request deletion of this information.

__Email__

Email correspondence may include any of the following:

* Email sent to the owners of PowerShell Gallery items if the code analysis scans detected an issue with any item they have published to the PowerShell Gallery
* Email sent by anyone to the PowerShell Gallery team using the email address in the "Contact Us" page (cgadmin@microsoft.com)
* Registered users who use the "Contact Owner" feature in the PowerShell Gallery to send email to the owner of an item in the PowerShell Gallery

Emails sent by or to the PowerShell Gallery have a retention policy of 90 days, in order to support possible security investigations should malicious code be discovered on the PowerShell Gallery.
Emails are deleted by policy after 90 days.

Users may request copies of all emails that sent within the previous 90 days to or from the PowerShell Gallery to their email account. This can be done by sending an email to cgadmin@microsoft.com, with the title: "DSR Request for emails relating to this account", and stating in the body what they are seeking (for example: Please send all emails sent to or received from this email address that you currently have.) All emails involving that email address within 90 days of the request will be sent to the requesting email account within 7 business days.


__PowerShell Gallery Account Information__

If you have created a PowerShell Gallery account, you can find all personal information that has been stored in PowerShell Gallery by taking the following steps:

1. Sign in to the PowerShell Gallery, then click on your username
2. The next page displayed is the Account page, which shows the email address used for the PowerShell Gallery account

If you have created more than one account in the PowerShell Gallery, you will need to repeat these steps for each account.

__Items in the PowerShell Gallery__

To facilitate exporting all versions of all items published to the PowerShell Gallery by an user, users may download the script "GetPSGalleryItemsForAuthor" from the PowerShell Gallery, or from https://github.com/powershell/powershellgallery. This script will export a copy of every version of every item put onto the PowerShell Gallery based on the author information stored in the item. It is important to note that the Author is stored in the item manifest when you publish your item,and is not guaranteed to be the same as the account you use in the PowerShell Gallery. If you use some other value in the Author field, you will need to supply that value when using this script.

You may download the script by using the following PowerShell command:

```powershell
Save-Script GetPSGalleryItemsForAuthor -path <local folder location> -repository psgallery
```


You can then run the script directly, by running the following PowerShell commands:

```powershell
cd <local folder location supplied previously>
.\GetPSGalleryItemsForAuthor.ps1
```

You will be prompted to supply the Author and a folder on your system where you want the items to be saved.

## Deleting Personal Data From The PowerShell Gallery

Users who wish to delete either their PowerShell Gallery account or an item in the PowerShell Gallery must send email to cgadmin with the title: "GDPR Request for items relating to this account", and stating in the body what they are seeking, for example:

* Please delete version x.y.z of my item "item name" _or_
* Please delete all versions of my item "item name" _or_
* Please delete my PowerShell Gallery account

The PowerShell Gallery administrators will reply to the email within 7 business days, and items specified will be deleted within 30 days after the request is sent.