I have a quick query re, your (https://developer.atlassian.com/cloud/confluence/user-privacy-developer-guide/)[‘user privacy developer guide’].
I’m part of a team that is developing an app that looks at how work flows in large organisations. Based on our user research, a must-have feature of our app is being able to scroll back in time to compare and contrast and visualise changes over time. This would involve looking at workload (partly implied by JIRA issues) for a team over time and therefore, show team member names.
What we’d like to know from you
When looking into how to connect JIRA to our app, we’ve come across your ‘user privacy developer guide’. From this, we have picked up that you would request us to delete user PII within 15 days of the user leaving their team / organisation. Please can you outline your intent and rationale as to why you have put this requirement in place?
I ask because following your guidance would mean that we (and therefore our clients) would no longer be able to make use of the core feature mentioned above. Looking back in time, i.e. looking at an incomplete data set (not showing team member names) becomes significantly less meaningful. Our well-grounded legal advice has been that we are in a position to retain user data (incl PII - in this instance, name only) as long as we have an active commercial relationship with said client (as long as the users themselves don’t request deletion).
Clearly, we are not the only tech company with said challenge and therefore, I’d appreciate if you could come back to me with a view on the above. From a personal perspective, I am yet to be convinced that all employers delete their former employee records from any tooling they may use in the work place - ranging from HR to Finance to day-to-day workplace productivity tools.