2023-10-13 Acquisitions Meeting notes

Date

Attendees

Aaron Neslin

Kimberly Smith

Sabrina Bayer

Ann Crowley

Kristin Martin

Sara Colglazer

Catherine Tuohy

Lisa Maybury

Suzie Skowronek

Dennis Bridges

Lisa Smith

Sylvia Hamann

Dung-Lan Chen

Martina Karlsson

Tim

Dwayne Swigert

Martina Schildt

Victoria Anderson

Emily Robertson

Mary Moran

wiljanen

Heather McMillan

Okay Okonkwo

Winter White

Jean Pajerek

Owen Stephens


Joe Reimers

Paivi Rentz


John Banionis

Peter Breternitz


Kathleen Norton

Peter Sbrzesny


Kimberly Pamplin

Robert Heaton


Agenda

Housekeeping -

  • Next meeting, Tuesday, 10/17, at 1 pm (Discuss EDI ordering)
  • Reminder - Poppy Bug Fest runs thru next Friday, 10/20/23.  Please participate if you can.  more info see Puppy Bug Fest wiki
  • An early reminder - U.S. Daylight Saving Time ends Nov. 5 (you may need to adjust meetings on your calendar from Nov. 5 on)
  • Any special requests or specific issues to bring up to Product Council (to be included/submitted in monthly SIG reports to PC)

PC Update (Kristin Martin) -

  • 2023-10-12 Tri-Council Meeting
    • Discussion of updates to FOLIO architecture and work to formalize the definition for application and platform
    • Many implications of this work, still being investigated.
  • PC SIG subgroup refreshing how SIG reports and communication is handled.

Business -

Discussion items

TimeItemWhoNotes
:02HousekeepingDung-Lan
  • Next meeting, Tuesday, 10/17, at 1 pm (Discuss EDI ordering)
  • Reminder - Poppy Bug Fest runs thru next Friday, 10/20/23.  Please participate if you can.  more info see Puppy Bug Fest wiki
  • An early reminder - U.S. Daylight Saving Time ends Nov. 5 (you may need to adjust meetings on your calendar from Nov. 5 on)
  • Any special requests or specific issues to bring up to Product Council (to be included/submitted in monthly SIG reports to PC)
:06PC UpdatesKristin Martin
  • 2023-10-12 Tri-Council Meeting
    • Discussion of updates to FOLIO architecture and work to formalize the definition for application and platform
    • Many implications of this work, still being investigated.
    • EBSCO has development team working on proof of concept
    • Goal is to make FOLIO easier to manage and make it more customizable.
  • PC SIG subgroup refreshing how SIG reports and communication is handled.
    • Beta testing new Update format: SIG Reports 2023-10-19
    • Use Confluence/Wiki to help track - Decision log
    • Convener can submit request through SIG Reports page.
      • Creates new page in the Wiki.
      • Can edit before publishing.
      • Automatically added to the decision log. 
    • Hoping to strengthen relationship between PC and SIGs
    • ~:13 - Discussion regarding what kinds of things to submit.
      • e.g. - development in one area impacting acquisitions
      • Any community member can approach PC to ask about something.
:17GDPR Compliance RequirementsJoe Reimers
  • Record audit trail GDPR compliance requirements
  • What does GDPR allow? What is not allowed? What is in compliance? What is not in compliance? How much time to address?
  • FOLIO's record tracking, keeps track of when record was created and updated and by whom. 
  • With version history in POs/POLs capture in every step.
  • Some libraries in EU use functional/shared logins rather than individual logins as workarounds.
  • Is the existing pattern a problem? - Record last updated / record created + user details
    • Owen Stephens 8:20 AM
      This may be something worth discussing with the Privacy SIG Privacy SIG Home.
      • They have a lot of knowledge about GDPR
      • We omitted the source from the record metadata in Agreements and Licenses because this concern was raised by libraries in Germany
    • Has been a problem from the beginning. Functional/shared accounts are a workaround. Would be great if this could be switched off on a system level for a tenant.
      • scolglaz 8:22 AM
        +1 to be able to switch on or off by tenant!
  • Joe Reimers (EBSCO) 8:21 AM
    Do you know who the responsible PO is offhand?
    • Owen Stephens 8:22 AM
      There’s no PO because it’s not a development area
  • Legislation not the same worldwide. Lack of information also an issue for some.
  • Different libraries may have different interpretations of what can be recorded.
  • scolglaz 8:22 AM
    We are definitely used to seeing this info--from our old system etc--and find it extremely helpful!
    • Kristin Martin 8:24 AM
      We use this information all the time too.
  • Might want to use to monitor what people are doing and might be seen as illegal in Europe
    • "Haven't done any work today" - seen as unacceptable.
  • Argument needs to be in favor of configuration because it is clear that there is no universal truth around what is allowed and what is not.
  • Owen Stephens 8:26 AM
    If it’s recorded at all then it would be available for reporting which would still be an issue
  • scolglaz 8:27 AM
    just FYI: in Agreements, it just always says: Unknown
  • Not just name of user that is problematic? Even UUID being in record could possibly violate their privacy? 
    • If traceable back to the person, it's an issue. 
  • Don't know what minimum numbers are to obfuscate the data. Seems like it needs to be at least two. 
  • Sara - Maybe should be taken up by cross-app? 
    • Ultimate solution has to be to set this at the tenant level
    • 5 Colleges finds this information extremely useful
    • Use reporting tool and pull out data based on which institution touched which record for cleanup purposes, etc.
    • Pretty much recorded in most other apps. 
    • Have very limited number of people who work in agreements, so would likely know anyways.
  • wiljanen 8:31 AM
    I use it to locate items from acquisitions to circulation
  • Not sure whether in Resource Access this is used at the moment. 
  • Kristin - Also hadn't noticed this in agreements. What is the reason for not recording the information? For GDPR compliance?
    • Haven't prioritized because it was clear from the start from those commissioning that recording personal information at that level would be problematic. Have felt the way to approach this is to configure. Has not been prioritized. Extra work that would take away from other development work. What are the right compromises around this? 
  • scolglaz 8:35 AM
    In the Circulation Log there is a Source column that shows who checked something in or out ...
  • scolglaz 8:36 AM
    ANd in the User record Source is visible for create and last updated
  • Kimberly.Smith@mtsu.edu 8:37 AM
    Sounds like it would be important to ask our current consortia and oncoming consortia about the need for this feature and where...
  • ~:37 - Dennis - Are there any circumstances where certain applications might be omitted? Are there any apps where you actually might be able to use this data? e.g. Because it is a certain kind of content or workflow.
    • Not illegal to store personal data. Constrains the use of that data. Problem at staff level is that there is more at stake when you introduce idea of being able to track what work people are doing. 
    • Martina Schildt 8:39 AM
      I think we should definitely hear a GDPR expert on this.
  • scolglaz 8:38 AM
    Just checking Invoices & Finance, too, and also Source shows who created and last updated
  • Joe Reimers (EBSCO) 8:39 AM
    Current FOLIO pattern is that this is ALWAYS captured for ALL record types. This meeting is to determine, "is this a problem, and how much of one is it?" Other than ERM, that is. Also, how is Chalmers handling ti?
    • It is a problem, for certain sites.
    • Kristin Martin 8:40 AM
      That's not true, if it is not captured for Agreements. There isn't actually consistent behavior.
  • scolglaz 8:40 AM
    Thanks, Joe, I was just trying to underscore that there needs to be a FOLIO wide solution, hence my suggestions re: Cross App to take this up
    • Owen Stephens 8:42 AM
      I tend to agree Sara although a “FOLIO wide solution” may be quite tricky here - but definitely worth us discussing at cross app I agree
  • System should work for all. Switch sounds like a good solution that would solve all needs across the community. 
  • Consult EBSCO privacy team
  • Wouldn't be useful to have this as an app level setting. May be difficult to implement a global setting because of how these things function. May need to establish pattern for apps to follow. 
    • Most likely way forward would be to have pattern that apps could adopt. 
  • Joe Reimers (EBSCO) 8:46 AM
    Please feel free to add additional feedback/comments/questions to the wiki page! The more, the merrier!
  • Does introduction of change log with this information make this situation worse than it already is? 
  • Can you wipe order history with commerical companies through GDPR?
    • Does give that kind of protection, at least in theory

Action items

  •