2021-11-02 Privacy SIG Notes

Review Carsten's Confluence site and agree on file organization

• Added Cornell circ and okapi logs to protected site.

Outline plan for implementing privacy recommendations

What is PII and how can it be implemented? Perhaps we can come up with a cascade of basic principles, general solutions and abstract functional requirements. This might help SMEs, POs and developers to get acquainted with PII-privacy and concepts/requirements.

• Finish general log file requirements.

• Finish SIG Charter

• Develop basic workflow for implementing privacy in the project at governance level and then module-specific implementation level.  Will require presentations and conversations at both levels.

• Some topics, solutions include: GDPR requirements for correcting data and giving data to user upon request; keep data in only the module where it belongs; anonymization (remove), pseudo-anonymization (sp?) contains key that needs to be thrown away. These are often confused.

• Compile list of FOLIO key groups and contacts, e.g. sysops.

• Approval of Product Council.