Skip to end of banner
Go to start of banner

2019-07-19 LDP data privacy working group meeting notes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Date

Attendees


We will use Joyce's webex account for our weekly meetings:

https://dukeuniversity.webex.com/join/jcc81

Goals

  • Decide on next steps for our group

Discussion items

TimeItemWhoNotes

Updates from Joyce on LDP reports containing personal attributes that she sent to the Reporting SIG, to determine whether the reports can remain functional if personal data are removed

Updates from Ingolf about staff data privacy (audit trails)




Meeting Notes

  • Based on Ingolf's conversations with a data privacy officer, we formulated a list of attributes considered personal data, which should not be included in the LDP. A few attributes were flagged as unnecessary for reporting purposes, and should also be excluded (see Table 1 below).
  • As well, we flagged several attributes that can only be included if they are formulated in a specific way (see Table 1A below). 
  • Tables 1 and 1A should be shared with the Reporting SIG.
  • We all agreed that it would be very time-consuming for this small group to look through all the reports and flag them. As well, as the reports are often described at a higher level, without an actual list of attributes included. Each report needs to be understood in depth, to determine whether it contains personal data attributes or not. We need to crowd-source the process of flagging reports.
  • Update on 7/8/19: Joyce Chapmanlooked through the reports and found that "There are 32 that I found that could have personal data. Some I don't have enough info about, others it's very clear. Basically every single report on the user mgmt tab of the reporting master spreadsheet is for sure personal data -- these are all reports that call up different types of lists of patrons. 18 of the 32 I marked as "definitely" including personal data, and 11 of those are the "user mgmt" tab of reports." These are at https://docs.google.com/spreadsheets/d/1nR9frGMUgWq6TNKJFhY84FJx2Cwnlndnd2iq6p0wDx4/edit#gid=0
  • Before taking on the issue of staff data privacy, we want to ascertain whether any reports of audits will ever need to be run from the LDP, instead of in-app. This may not be an LDP problem at all.

Action items

Present the above discussion to the Reporting SIG on Monday, July 22nd.


  • No labels