2021-11-02 Privacy SIG Notes

Owned by Adam Chandler
Last updated: Nov 02, 2021 by Schwill, Carsten
1 min read

Date

Attendees

Goals

Discussion items

TimeItemWhoNotes
Review Carsten's Confluence site and agree on file organization
  • Added Cornell circ and okapi logs to protected site.

Outline plan for implementing privacy recommendations


What is PII and how can it be implemented? Perhaps we can come up with a cascade of basic principles, general solutions and abstract functional requirements. This might help SMEs, POs and developers to get acquainted with PII-privacy and concepts/requirements.

  • Finish general log file requirements.
  • Finish SIG Charter
  • Develop basic workflow for implementing privacy in the project at governance level and then module-specific implementation level.  Will require presentations and conversations at both levels.
  • Some topics, solutions include: GDPR requirements for correcting data and giving data to user upon request; keep data in only the module where it belongs; anonymization (remove), pseudo-anonymization (sp?) contains key that needs to be thrown away. These are often confused.
  • Compile list of FOLIO key groups and contacts, e.g. sysops.
  • Approval of Product Council.

Action items

  •