Send config events #75
Conversation
README.md
Outdated
| @@ -260,6 +260,18 @@ DfE::Analytics.config.anonymise_web_request_user_id = false | |||
|
|
|||
| Anonymisation of `user_id` would be required if the source field in the schema is in `analytics_pii.yml` so that analysts can join the IDs together. If the `user_id` is not in `analytics_pii.yml` but is in `analytics.yml` then `user_id` anonymisation would *not* be required so that the IDs could still be joined together. | |||
|
|
|||
| ### Data Anonymisation Algorithm | |||
There was a problem hiding this comment.
@asatwal should we label this pseudonymisation rather than anonymisation to match ICO terminology? Technically the approach we take is not true anonymisation, so under GDPR is still PII. The advantage is masking which helps with security, rather than eliminating the need for it.
And also in other places where we've used the term.
See https://ico.org.uk/media/about-the-ico/consultations/4019579/chapter-3-anonymisation-guidance.pdf for more info
There was a problem hiding this comment.
@stevenleggdfe agree that pseudonymisation would be better terminology. However, historically it's been called anonymisation in the gem and there are methods such as DfE::Analytics.anonymise that are used externally and config variables that would need to be updated as well as all the other documentation. For consistency we would have to update all these and this would be part of a bigger change with external dependencies, so I don't want to tackle this just yet.
Strictly speaking, this is just a hashing algorithm, so I would say it's more correct to call this "hashing" rather than "anonymisation", but that's a different story.
There was a problem hiding this comment.
@stevenleggdfe I decided to action this review comment in the end as this is a sensitive and important area.
The only item I didn't change is the anonymised_user_agent_and_ip field in event data for web requests. I thought this item would require a big migration and also this data doesn't identify a user right ? Only a user session ?
I've kept the DfE:Analytics.anonymise for backwards compatibility. We can deprecate in future releases. I believe the only team that use this is tv, although I think it's best to send out deprecation warnings and remove in a more release friendly way.
There was a problem hiding this comment.
Sounds good to me - thank you!
README.md
Outdated
|
|
||
| The `dfe-analytics` gem also anonymises such data, if it is configured to do so. If you are anonymising database IDs in your code (in custom events for example), then you should uses the same hashing algorithm for anonymisation that the gem uses. | ||
|
|
||
| The following method should be used in your code for anonymisation: |
There was a problem hiding this comment.
@asatwal worth explaining why? i.e. "... to ensure that pseudonymised data can still be joined to other pseudonymised data"
| ```ruby | ||
| DfE::Analytics.anonymise(value) | ||
| ``` | ||
|
|
There was a problem hiding this comment.
@asatwal worth adding a note here to say that the GoogleSQL equivalent of this is TO_HEX(SHA256(value)), and thus SQL can be used to anonymise data, but (obviously) not to de-anonymise it?
There was a problem hiding this comment.
I think that could usefully go into a comment in the anonymise method? I like that callers just use anonymise and don't have to worry about the algorithm. Not that we're likely to change it, but it feels hygienic.
There was a problem hiding this comment.
Agree. I'm trying to keep too much technical details out of the READ.me anyway as it's getting very long.
lib/dfe/analytics/event.rb
Outdated
| update_entity | ||
| delete_entity | ||
| import_entity | ||
| analytics_initialise |
There was a problem hiding this comment.
@asatwal maybe ignore this (!) but given we've used verb_noun form for the entity event types what would you think of using initialise_analytics for this new event type for consistency?
There was a problem hiding this comment.
@stevenleggdfe yes initialise_analytics sounds better !
README.md
Outdated
| @@ -260,6 +260,18 @@ DfE::Analytics.config.anonymise_web_request_user_id = false | |||
|
|
|||
| Anonymisation of `user_id` would be required if the source field in the schema is in `analytics_pii.yml` so that analysts can join the IDs together. If the `user_id` is not in `analytics_pii.yml` but is in `analytics.yml` then `user_id` anonymisation would *not* be required so that the IDs could still be joined together. | |||
|
|
|||
| ### Data Anonymisation Algorithm | |||
| ```ruby | ||
| DfE::Analytics.anonymise(value) | ||
| ``` | ||
|
|
There was a problem hiding this comment.
I think that could usefully go into a comment in the anonymise method? I like that callers just use anonymise and don't have to worry about the algorithm. Not that we're likely to change it, but it feels hygienic.
| 5. Push the tags: `git push --tags` | ||
| 6. Cut a PR on GitHub with the label `version-release`, and merge once approved | ||
| 5. Cut a PR on GitHub with the label `version-release`, and wait for approval | ||
| 6. Once the PR is approved push the tags, immediately prior to merging: `git push --tags` |
There was a problem hiding this comment.
Thank you — that was bugging me!
lib/dfe/analytics.rb
Outdated
| @@ -103,6 +104,9 @@ def self.initialize! | |||
| model.include(DfE::Analytics::Entities) | |||
| end | |||
| end | |||
|
|
|||
| DfE::Analytics::Initialise.trigger_initialise_event | |||
There was a problem hiding this comment.
We already have an init routine in railtie.rb — could we use that?
There was a problem hiding this comment.
In railtie.rb, I find the App isn't fully initialised, although it depends on where in railtie the methods are called. I suppose it could be called in the after_initialize hook after the DfE::Analytics.initialize!call, after which the config is fully initialised, as we need the config loaded before calling trigger_initialise_event.
I'll give that a try.
So I did try the suggestion of moving to railtie.rb and it does work. However, it's not possible to have collaboration tests, so if the call to DfE::Analytics.initialise.trigger_initialise_event ever got removed, the tests would not pick that up. For this reason I've left the trigger called in DfE::Analytics.initialize!.
lib/dfe/analytics/event.rb
Outdated
| update_entity | ||
| delete_entity | ||
| import_entity | ||
| analytics_initialise |
lib/dfe/analytics/initialise.rb
Outdated
|
|
||
| private | ||
|
|
||
| def initialise_data |
There was a problem hiding this comment.
is this initialisation_data?
Trello-1168
Send dfe analytics version and required config items from DfE Analytics to BigQuery as an "analytics_initialise" event.
The "analytics_initialise" is a one-off on startup event.
Also, some miscellaneous READ.me updates: