enhancement-hours

fixed-price-assessment

cloud-migration

devops

gdpr

test

    jira-itsm

    pii

    atlassian-solutions

    bdq-atlassiancare

    app4legal

    asana

      Solutions

      Expert consulting and managed services to help complex organisations to work flatter, faster and more dynamically.

      With the help of our trusted partners:

      atlassian-gold-partner-300x150-1alm-partner-300x150

      app4legal-platinum-partner-300x150

      asana-partner-300x150
      qmetry-colour-logo-transparent-300x150

       

       

       

      SOLUTIONS HOME

        BDQ Originals

        EEASD_for_mega_menu_150x175

        BDQMAJC_for_mega_menu_150x175

          Other products

          Atlassian-vertical-blue@2x-rgb

          Sonatype_stacked_logo_full_color_150x150


            asana-colour-clear-300x300

            app4legal-300x300

            zephyr-colour-clear-300x300

             

              Products

              Whether it's our own Atlassian Marketplace apps or the apps that we provide a value-added-reseller service for, you can trust BDQ for the best support, consultancy, training and implementation available.

              Products Home →

                Training

                • We provide high quality technology training to customers in the UK, EU and US.

                • Our customers range from small companies to multi-nationals. They all want to maximise employee productivity.

                • We listen to what our customers want to achieve, and take this into account when delivering the courses.

                home-icon-300x300Training Home →

                  Resources

                  From webinar recordings to whitepapers, case studies to blog posts. Help yourself to our free content that will hopefully inform and inspire.

                  Resources Home →
                    - BDQ FAQ -

                    What is PII?

                    In this BDQ FAQ page, we aim to answer the questions we get asked regarding Personal Identifiable Information, GDPR, HIPAA, and much more besides!

                    bdqfaq-neon-1920x1080

                    bdq-faq-icon-purple-390x155

                    Got a question that we haven't answered?

                    Click the link, fill in the form and we will get in touch with the answer.

                    Ask us a question

                     

                    What is PII?

                    What is Personal Data?

                    What is an Identifiable Natural Person?

                    What is HIPAA?

                    Is Atlassian/Jira/Confluence HIPAA compliant?

                    What is GDPR?

                    What is a Data Controller/Data Processor?

                    Is Atlassian/Jira/Confluence PII compliant?

                    Is Atlassian/Jira/Confluence GDPR compliant?

                    Where does Atlassian/Jira/Confluence store its data?

                    Atlassian Data Center/Server vs Cloud?

                    Atlassian Apps - where is the data stored?

                    How can I find out where my data is being stored?

                    Security considerations when migrating to Atlassian Cloud?

                    How do I find if I have any PII/HIPAA/GDPR in Jira/Confluence?

                    I'm concerned about completing Security Assessment Questionnaires



                     

                    Note - All of this information is indicative and non binding. Information correct at the time of publishing. No warranty is expressed or implied. Customers must contact us for formal quotes and information and not base any decisions on this information. This information is freely available on the internet. BDQ has curated this information in this way in order to help people find the answers to their questions. If you feel like there is a copywrite infringement or illegal reproduction of Intellectual Property, please get in touch and we will be happy to discuss the issue.

                     

                    bdq-faq-icon-purple-390x155

                    More FAQ Pages: What is ITSM FAQ | Atlassian FAQ 

                    What is PII?


                    PII stands for Personal Identifiable Information. This is any information that enables the identity of an individual to be inferred, including information that is linked or linkable.

                    WHAT IS PII | WIKIPEDIA

                    The US also has a concept of Sensitive PII - this is PII that has an increased risk if leaked, such as financial or health records, Social Security numbers and so forth.

                    WHAT IS PII | DEPARTMENT OF HOMELAND SECURITY

                    What is Personal Data?


                    This is a legal term from the European General Data Protection Regulation (GDPR). The GDPR defines Personal Data (Article 4 (1)) as follows:

                    ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);"

                    DEFINITIONS (Article 4 (1)) | GENERAL DATA PROTECTION REGULATION (GDPR)

                    What is an Identifiable Natural Person?


                    This is a legal term from the European General Data Protection Regulation (GDPR). The GDPR defines an Identifiable Natural Person (Article 4 (1)) as follows:

                    "an 'identifiable natural person' is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;"

                    DEFINITIONS (Article 4 (1)) | GENERAL DATA PROTECTION REGULATION (GDPR)

                    What is HIPAA?


                    HIPAA stands for The Health Insurance Portability and Accountability Act, which was passed by Congress in 1996. It lays out best practices for the privacy and security of data in the healthcare industries. Two key concepts are the Privacy Rule and the Security Rule.

                    • These rules define how an individual’s Personal Health Information, or PHI should be handled. PHI can comprise of any information that include personal identifying information (PII). This might be names, addresses, health issues etc. If you handle PHI, you probably need to be HIPAA compliant.

                    • Additional acts have been passed since 1996, such as the HITECH act, and the HIPAA Omnibus Rule, which strengthen the original protections.

                    • A “Covered Entity” is a healthcare organisation that stores or transmits PHI. These rules are strict, and organisations must take great care with PHI. Provision 164.308(a)(8) of the HIPAA Security Rule requires organizations that transmit and store PHI to regularly perform technical and non-technical evaluations of these systems.

                    Health Insurance Portability and Accountability Act of 1996 (HIPAA) | US Department of Health & Human Services

                    Is Atlassian/Jira/Confluence HIPAA compliant?


                    At the time of writing, in terms of Cloud services, only Jira Enterprise, and Confluence Enterprise are HIPAA compliant, and a signed Business Associate Agreement (BAA) with Atlassian will be required. Apps are not currently HIPAA compliant.

                    For more information, visit Atlassian's HIPAA resource page, or get in contact with us to discuss your requirements.

                    HIPAA | Atlassian

                    What is GDPR?


                    The GDPR applies to personal data on residents and citizens of the European Economic Area, which are the 27 Member States of the EU plus Iceland, Liechtenstein, and Norway usually known as EU residents. However, the GDPR impacts not only EU-based entities, but virtually every business dealing with the data of EU residents.

                    The GDPR is the European General Data Protection Regulation.

                    GDPR | intersoft consulting

                    What is a Data Controller/Data Processor?


                    Data Controllers can be a company or other legal entity or an individual that make decisions regarding processing activities. They are responsible for the overall control of the personal data being processed and are ultimately responsible for the processing.

                    Data Processors act on behalf of a Controller, under their authority. To this end, they must serve the controller's interests, and not their own. Processor's have a more limited compliance responsibility. However, a Data Processor acts outside of the Controller's instructions, in such a way that determines the means and purpose of the processing, the Processor will become a Controller in respect of the processing, and can face the same liability as a controller.

                    "'Controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller."

                    A guide to Data Protection | Information Commissioner's Office (ICO)

                    Is Atlassian/Jira/Confluence PII compliant?


                    It is Atlassian’s customers who store data in Atlassian’s services, and it is therefore customers who must make sure that they abide by PII rules, and do not store inappropriate data.

                    Atlassian do take security extremely seriously, to ensure that customer data is protected.

                    COMPLIANCE | ATLASSIAN

                    Is Atlassian/Jira/Confluence GDPR compliant?


                    The GDPR is really about protecting the data of EU residents. It is Atlassian’s customers who store data in Atlassian’s services, and it is therefore customers who must make sure that they abide by the GDPR’s rules, and do not store inappropriate data.

                    Atlassian do take security extremely seriously, to ensure that customer data is protected.

                    For more information on Atlassian’s commitment to the GDPR, click the link below.

                    GDPR COMMITMENT | ATLASSIAN

                    Where does Atlassian/Jira/Confluence store its data?


                    Atlassian determine where your data is hosted with an eye to reducing latency. This way, they optimise access to your data around the world. They do not guarantee that your data will be hosted in a specific location by default, however, with the correct subscription level, you can request that specific data is pinned to a location when it is at rest.

                    Atlassian's GDPR Commitment | Atlassian

                     

                    The Cloud edition stores data in the United States, Germany, Ireland, Singapore, and Australia, with the location optimised based on the location of sign-up. It supports Single Sign-On (SSO) including via Microsoft Office 365 or Google, and can integrate with Azure AD via Atlassian Access.

                    → Cloud Hosting Infrastructure | Atlassian

                    Atlassian Data Center/Server vs Cloud?


                    With Cloud, Atlassian’s dedicated security team manages security for you. Cloud offers built-in security features to help safeguard your data, with minimal admin effort required. With Data Center, securing your environment is managed by your organization.

                    For more detailed information please see the link below:

                    Compare Cloud and Data Canter | Atlassian

                    Atlassian Apps - where is the data stored?


                    • Server/DC: Your data is held locally within your Jira or Confluence instance.

                    • Forge: within Atlassian's Cloud infrastructure.

                    • Connect: Atlassian/app vendor.

                    How can I find out where my data is being stored?


                    You can view where your in-scope product data is hosted from your organization administration. You must have organization admin permissions to do this.

                    To view where your product data is hosted:

                    1. Go to admin.atlassian.com. Select your organization if you have more than one.

                    2. Select Security > Data residency.

                    This will open the data residency page for your organization. This page lists the products in your organization, the location of each product, and the AWS regions the location corresponds with. If a product is PINNED to a location, its in-scope data is held in place there.

                    Understand data residency | ATLASSIAN Support

                    Security considerations when migrating to Atlassian Cloud?


                    Atlassian take data security, privacy, and compliance very seriously. Instead of the onus being on admins, Atlassian take responsibility to stay on top of the changing regulatory and compliance needs across the globe, so no matter where you're located, your data is safe.

                    Security - Atlassian protect your data with encryption in transit and at rest and provide administrative controls to enforce organization-wide protection such as SAML SSO, enforced 2FA, and SCIM.

                    Compliance - Atlassian's compliance program is here to help meet your organization’s compliance needs. They undergo independent third-party audits and certify our products against FedRAMP, SOC2, ISO 27001, and more.

                    Atlassian Trust Center | Atlassian

                     

                    If you have further concerns regarding an Atlassian Cloud migration, BDQ can help. As Atlassian Solution Partners, we have certified Atlassian experts on staff to answer any and all questions you might have and can provide you with a quote for performing the Migration for you.

                    BDQ Cloud Migration Services | Painless, professional migrations to Atlassian's Cloud

                    How do I find if I have any PII/HIPAA/GDPR in Jira/Confluence?


                    We have a solution for that!

                    There are currently ZERO services publicly available that can not only dive into your Jira and Confluence instances but their associated attachment files to locate that lost, forgotten or hidden sensitive data.

                    That's why we at BDQ created a proprietary technology that can not only help you identify and locate the PII in Jira and Confluence, including attachments, but it also prioritizes the results so that you can process the most critical items first.

                    For more information, please read through our blog post or take a look at our PII Services page.

                    How to find sensitive data in your Jira, Confluence & attachments | BDQ Blog
                    PII Services | Detect Personal Identifiable Information (PII) in text and attachments | BDQ Services

                    I'm concerned about completing Security Assessment Questionnaires


                    It has become more important than ever to make sure that the vendors and service providers that you engage with are compliant with your data security processes. This is, in most cases, represented in the form of a Security Assessment Questionnaire.

                    When you buy Atlassian products through us, you can send us the Security Assessment Questionnaire and not only will we find the correct details to fill it in for you, but because we fill these questionnaires out from multiple customers, we can often complete them in a fraction of the time.

                    Wanting to move to Atlassian Cloud but getting bogged down with internal security red tape? | BDQ Blog

                    Like what you've read so far?

                    Get in touch, let's talk about what you need.

                     

                    Get in touch