Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

Attendees

...

https://dukeuniversity.webex.com/join/jcc81

Goals

Discussion items

TimeItemWhoNotes

Tasks of the FOLIO Community to fulfill GDPRIngolf
  • A List of Data Fields
    • what personal data are stored
    • where are the personal data stored
    • in what form are the personal data stored
    • how are the personal data transferred
    • What personal data are stored about a specific person (a data dump) ?
  • Technical ability to erase personal data of a specific person (at any time).
    • Ability to erase only some fields of personal data, not all


Ingolf

Kopplungsverbot für Einwilligung in die Verarbeitung persönlicher Daten erklären

"Explain coupling interdiction for the approval to the processing of personal data"

"For a consent to be voluntary, the person concerned must have a real choice. In addition, the so-called "coupling ban" applies. Thus, a contract may not be made dependent on the consent to the processing of other personal data, which are not necessary for the operation of the business." Translated by Google from https://dsgvo-gesetz.de/themen/einwilligung/


Survey members about data privacy requirementsAllSharon Beltaine had suggested that it would be a good idea to survey members about their data privacy requirements, so that these can be addressed either via LDP or other ways (anonymize vs. erase data, based on individual institutional requirements, and on compliance needs). After Ingolf's update on FOLIO's role in fulfilling data privacy requirements, we wondered whether a survey was required. If a configuration table is set up that anonymizes all personal data before it is transferred, then that would fulfill the stringent GDPR requirements, as well as any requirements of American libraries. We need Nassib's input on this.

Meeting Notes

Ingolf summarized the three main issues:

...

Nassib suggested that all operational reports that require personal data should be in-app, with data stored in the main FOLIO database, and the LDP reports should not contain personal data. That way, we have a clean and efficient divide. However, the current list of requested LDP reports may include personal data, for business reasons. Our small group cannot decide by fiat which fields to erase before the data are sent to the LDP warehouse.

Action items

Make a list of all the fields containing personal data, from the user (and any other?) modules in the API documentation

...