GDPR: ユーザーの匿名化

You can anonymize users in Jira to hide or delete any data that can identify them as a real person. Anonymization helps you stay compliant with General Data Protection Regulation (GDPR) and the “right to be forgotten”, and is most often needed when somebody is leaving your organization and requests to have their personal data erased. 

互換性のあるアプリケーション

When anonymizing users, we’ll change or erase their personal data in all of these applications: Jira Core, Jira Software, Jira Service Desk, and Portfolio for Jira.

匿名化の内容

Every user in Jira is associated with some items — they might have an issue assigned, be referenced in permission schemes, or mentioned in comments by their teammates. There are many occurrences of user’s data that will be anonymized, and some that will be completely erased. We’ll list all of them below, as well as directly in Jira when you start anonymizing a user.

However, to quickly and fully grasp what the anonymized user will look like, it’s best to focus on just these two things: 

• ユーザー名: 認識不能な匿名のエイリアス (例: jirauser80900) に変更されます。

• User profile: Completely anonymized, looks like a brand new user profile. One of the important things here is full name, which is often displayed around Jira. It will also get an anonymous alias — for example, user-ca31a.

Let’s have a closer look at the effect of anonymizing these two on some before and after examples. Here, our user Friendly Robot (username: friendlyrobot) has been anonymized and is now user-ca31a (username: jirauser80900)

As you can see, anonymizing just the username and user profile essentially makes the user anonymous, as it’s mostly them that get referenced in issue fields and on project pages.

This should give you a general understanding of what the anonymization looks like. Let’s get into actions and details. 

ユーザーの匿名

You can anonymize users in two ways — the choice here depends on whether the user is still active, or has been deleted.

• アクティブなユーザーの場合

  1. Go to Administration > User management > Users.

  2. Find the user you want to anonymize, and select … > Anonymize user.

• 削除済みのユーザーの場合

  1. [管理] > [ユーザー管理] > [匿名化] に移動します。

  2. Enter the username, and select Anonymize.

Whichever option you choose, you will be redirected to a separate Anonymize user page that shows details about the chosen user, and lists all associated items that will be transferred, anonymized, or deleted. Your user won’t be anonymized yet, so feel free to try it.

匿名化の範囲について

When you select a user to anonymize, you’ll be redirected to a page with details that looks like this:

1. 変更を識別: このボタンをクリックして、ユーザーに関連付けられているすべての項目を Jira で検索し、表示できます。これは任意のオプションであり、ボタンがクリックされない場合も、これらのすべての項目は匿名化されます。項目の完全な一覧については以降をご確認ください。

2. Transferring ownership: Some items owned by a user, like Project Lead or Component Lead, might break things if left without the owner. You’ll need to select a new owner here, and we’ll transfer the items for you. If you don’t see this section, it means there’s nothing to transfer.

What’s about to change

If you choose to display items associated with a user, they will typically be displayed in four sections — Transferred items, Anonymized items, Deleted items, and Actions required on your side.

1. Transferred items

Some items won’t work properly with inactive users, so you’ll need to choose a new owner of these items. For example, an inactive Component Lead might break the Default assignee option. You can choose any user with proper permissions, but it’s probably best to transfer them to a project admin or somebody who has taken over the tasks of the anonymized user.

2. 匿名化された項目

Anonymized data includes items with any occurrences of the user’s name, username, or user key. As mentioned earlier, we’ll change these occurrences into an anonymous alias generated specifically for this user. The items themselves need to remain in Jira as they affect other areas or users — these are usually comments, work logs, workflows, and so on.

3. 削除された項目

これらの項目はユーザーに固有であり、他のユーザーには影響を与えません。そのため、Jira 内に残す必要はありません。このようなものには、こそユーザーのみが使用する、さまざまなスキーム (スキームは削除されません)、個人用のフィルター サブスクリプション、または個人用のロールなどが考えられます。ユーザーを匿名化すると、これらは完全に削除されます。

4. 操作が必要です

Finally, there are items which we can’t anonymize, and you’ll need to change them manually. This section can include JQL queries from Jira Service Desk.

制限事項

課題履歴

Personal data might still appear in the issue history, which shows all past activity on an issue.

JQL クエリ

Personal data that appears in JQL queries won’t be anonymized. Queries that are specific to Jira Service Desk will be shown on the Actions required on your side list, so it should be easy to edit them, but all the remaining ones won’t be included.

サードパーティ製アプリ

Personal data stored in 3rd party apps won't be anonymized by default. However, we've created extension points that can be used by app vendors to be notified whenever a user is being anonymized in Jira, and anonymize the related items. To check if an app supports the anonymization, contact the vendor directly or check their documentation.

トラブルシューティング

The anonymization of a user might fail and this brings additional complications. Since the process is irreversible, you can’t just go back and do it all again — even in the case of failure, the user will be partially anonymized. If you encountered this problem, we can help you identify errors and logs, find the partially anonymized user, and retry their anonymization.

詳しくは、「匿名化の再試行」を参照してください。

アプリ開発者向け

If you’re an app developer, we have created extension points that will inform your app when an admin anonymizes a user in their Jira instance. This allows you to take proper actions and anonymize any data about this user that you store in the app.

For more info, see Developer docs: Anonymizing users.