Ordering functionality that FOLIO needs to stay competitive (UXPROD-3440)

[UXPROD-4491] Allow library to exclude user info when tracking record history (GDPR) Created: 05/Oct/23  Updated: 11/Jan/24

Status: Draft
Project: UX Product
Components: None
Affects versions: None
Fix versions: Umbrellaleaf (R2 2025)
Parent: Ordering functionality that FOLIO needs to stay competitive

Type: New Feature Priority: P2
Reporter: Joseph Reimers Assignee: Joseph Reimers
Resolution: Unresolved Votes: 0
Labels: GDPR
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Attachments: PNG File POL item detail 1.png     PNG File POL version history 1.png    
Potential Workaround: Use "functional user" rather than "personal user" when creating or editing records.
Release: Umbrellaleaf (R2 2025)
Epic Link: Ordering functionality that FOLIO needs to stay competitive
Development Team: Thunderjet
PO Rank: 0

 Description   

Current situation or problem: Currently, view record history allows authorized viewers to see the entire audit trail of a given record (PO, POL), including which user made a given change. Due to privacy regulations such as GDPR, some libraries are legally barred from capturing information identifying which user made a given change.

Issue raised by GBV (currently ERM-only), will be implementing full Acquisitions in 2H 2024 or early 2025. GBV indicates other German consortia are on a similar timetable.

In scope
Allow libraries to determine whether identifiable staff user information is captured in records and record histories

Modify "last updated" display not to include user information

Allow libraries to disable record audit trails entirely

Out of scope

Use case(s) Library wants to be able to see a record's history but is legally barred from knowing which employee made a given change.

Library may be prevented from implementing any FOLIO release containing audit trails until this is resolved.

Proposed solution/stories

Links to additional info

Questions



 Comments   
Comment by Dennis Bridges [ 11/Jan/24 ]

Another use case mentioned today by the IC team for consideration.

"My understanding for some of this was less GDPR, more union contracts not allowing tracking of this type of data at the individual employee level."

Generated at Fri Feb 09 00:40:19 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.