All work
- Automatically Anonymizing/Scrubbing Loan Data (through Settings)UXPROD-1085Resolved issue: UXPROD-1085Emma Boettcher
- Requests: purging of closed requestsUXPROD-1042
- Retain loan and item information for closed loans with fees/finesUXPROD-447Resolved issue: UXPROD-447Emma Boettcher
- Configuration Settings for User Data RegistryUXPROD-307
- GDPR Data PortabilityUXPROD-292
- GDPR Right of ErasureUXPROD-291
- GDPR Right to RectificationUXPROD-290
- GDPR Right of AccessUXPROD-289
- GDPR User-centric AnonymisationUXPROD-288
- GDPR User ConsentUXPROD-287
- GDPR Registry of Modules Consuming User Personal DataUXPROD-286
- replace placehold.it link by local imageUICHKOUT-624Resolved issue: UICHKOUT-624Zak Burke
- Enable/disable logging date and user per tenant and tableRMB-373
- Anonymizing/Scrubbing Metadata (createdDate, createdByUserId)RMB-366
- Single quote SQL Injection in PostgresClient.saveBatch(table, list, handler)RMB-201Resolved issue: RMB-201
- Single quote SQL Injection in PostgresClient.update(table, updateSection, ...)RMB-200Resolved issue: RMB-200Julian Ladisch
- Single quote SQL Injection in PostgresClient.delete(table, pojo, handler)RMB-199Resolved issue: RMB-199Julian Ladisch
- SSL/TLS, SCRAM-SHA-256, migration to PostgreSQL 10 (or higher)FOLIO-2406Resolved issue: FOLIO-2406
- Update vagrantboxes from debian/contrib-jessie64 to debian/contrib-stretch64FOLIO-1440Resolved issue: FOLIO-1440
19 of 19
Automatically Anonymizing/Scrubbing Loan Data (through Settings)
Done
Description
Priority
P2Fix versions
Development Team
Concorde
Assignee
Emma Boettcher
Emma Boettcher
Solution Architect
None
NoneParent
Parent Field Value
None
Parent Status
None
clones
has to be done after
is defined by
relates to
Checklist
hideTestRail: Results
Details
Reporter
Emma BoettcherEmma BoettcherPO Rank
131Front End Estimate
Large < 10 daysFront End Estimator
Jakub SkoczenJakub SkoczenBack End Estimate
XXL < 30 daysBack End Estimator
Jakub SkoczenJakub SkoczenRank: FLO (MVP Sum 2020)
R1Rank: 5Colleges (Full Jul 2021)
R1Rank: Cornell (Full Sum 2021)
R1Rank: Chalmers (Impl Aut 2019)
R1Rank: BNCF (MVP Feb 2020)
R1Rank: GBV (MVP Sum 2020)
R1Rank: hbz (TBD)
R1Rank: Hungary (MVP End 2020)
R1Rank: TAMU (MVP Jan 2021)
R5Rank: Chicago (MVP Sum 2020)
R4Rank: MO State (MVP June 2020)
R1Rank: U of AL (MVP Oct 2020)
R1Rank: Leipzig (Full TBD)
R1Rank: Lehigh (MVP Summer 2020)
R1TestRail: Cases
Open TestRail: CasesTestRail: Runs
Open TestRail: Runs
Details
Details
Reporter
Emma Boettcher
Emma BoettcherPO Rank
131
Front End Estimate
Large < 10 days
Front End Estimator
Jakub Skoczen
Jakub Skoczen
Back End Estimate
XXL < 30 days
Back End Estimator
Jakub Skoczen
Jakub SkoczenRank: FLO (MVP Sum 2020)
R1
Rank: 5Colleges (Full Jul 2021)
R1
Rank: Cornell (Full Sum 2021)
R1
Rank: Chalmers (Impl Aut 2019)
R1
Rank: BNCF (MVP Feb 2020)
R1
Rank: GBV (MVP Sum 2020)
R1
Rank: hbz (TBD)
R1
Rank: Hungary (MVP End 2020)
R1
Rank: TAMU (MVP Jan 2021)
R5
Rank: Chicago (MVP Sum 2020)
R4
Rank: MO State (MVP June 2020)
R1
Rank: U of AL (MVP Oct 2020)
R1
Rank: Leipzig (Full TBD)
R1
Rank: Lehigh (MVP Summer 2020)
R1
TestRail: Cases
Open TestRail: Cases
TestRail: Runs
Open TestRail: Runs
Created September 4, 2018 at 2:12 PM
Updated September 16, 2020 at 9:05 PM
Resolved September 27, 2019 at 4:53 PM
Activity
Show:
Emma BoettcherSeptember 27, 2019 at 4:53 PM
Moved incomplete/in progress stories to and
Cate BoeremaApril 24, 2019 at 4:25 PM
Marking blocked on FOLIO-1953
AnyaMarch 29, 2019 at 10:11 PM
Comment from the March meeting : GDPR/ PA - FOLIO doesnt have it as the FSE we will step up and anonymizing - this will need to be a seting - could be in Q3
Khalilah GambrellMarch 21, 2019 at 6:51 PM
and , should this feature be assigned to Vega? If so, is it a Q2 2019 feature?
Cate BoeremaDecember 5, 2018 at 11:51 AM
, I am removing the Q1 2019 fix version on this one, as it doesn't look like we'll be able to fit it in.
Purpose: To schedule closed loans for automatic anonymization based on the institutions' preferences for how long they keep identifying borrower information on loans.
High-Level Requirements for Anonymization (across UXPROD-1085, UXPROD-1120, , ):
Due to privacy concerns (both legal and voluntary), many institutions anonymize loan data. In other words, they remove identifying information about the patron (e.g. name and identifiers) from historic loans. Other patron metadata (e.g. patron group) is retained for statistical reporting purposes.
Loan scrubbing
Tenants should be able to determine a time period (specified in days) after which loan data will be anonymized (it should also be possible to not ever anonymize)
Ultimately, each library within a tenant/institution should be able to set their own time period (not v1)
For institutions that don't anonymize for all users by default, we should offer the ability for users to indicate whether they want their data scrubbed (not v1)
For a loan to qualify for scrubbing/anonymizing, it must:
Be closed
Not have any open fees/fines
Be old enough to trigger scrubbing
"Old enough" varies depending on if it has no closed fines/fees or not
When a loan record is scrubbed:
Any patron identifying information should be scrubbed from the loan record in the database.
The only patron information that should be retained includes:
Patron group
Status
Division/department (as of 5/14 RA SIG meeting)
Branch/location (when implemented) Probably not, as of 5/14 RA SIG meeting - not patron info
Custom fields or tags (when implemented)
Date enrolled? No, as of 5/14 RA SIG meeting
Expiration date? No, as of 5/14 RA SIG meeting
The scrubbed loan should no longer display on the patron's Loans page
But what about the Check in page? Institutions that have opted not to save ANY loan history, still need to be able to see the items they just checked in (see UICHKIN-10 for details on what should display on the check in page). We need to make sure this is considered in our implementation.
Anywhere else closed loans may display, the scrubbed loan data should display without any patron identifying information
IMPLEMENTATION NOTE: Many systems log anonymized loan data in a reporting table as soon as the transaction occurs