...
EU libraries using FOLIO are currently working around this restriction via shared or functional logins rather than individual logins.
Use cases
| Requirement | Status | Use case |
|---|
| Optionally disable capture of "Source" in record details and version histories | |
Yellowpending | Supervisors and administrators must be unable to associate a particular staff member with a particular action in FOLIO. |
| Audit trail must be configurable | |
Yellowpending | Libraries not subject to GDPR should have the option of associating specific staff with specific actions |
| Disabled Source must not be retained anywhere in the system | |
Yellowpending | System administrators must not be able to reconnect hidden or masked user information to particular actions in FOLIO |
| Deleted/disassociated staff member should leave no identifiable artifacts in the system | | Right to be forgotten requires all identifying information be purged from the system on demand. |
Questions
Is it OK to mask/hide or is the requirement not to collect? - Do not collect. Back end collection is still technically reportable, which some institutions view as a GDPR violation (GDPR verbiage is not entirely clear).
Proposed approach(es)
- Enable/disable "source" collection at the Tenant level (applies to all records across the entire tenant)
- App-based approach (enable/disable on a per-app basis)
Additional info
- GDPR permits collection of PII but restricts how it can be used
- PRIV
- This is a cross-app issue