2022-05-03 - Privacy SIG Notes

Date

May 3, 2022

Attendees

@James Fuller @Adam Chandler @Ingolf Kuss

Discussion items

Time	Item	Who	Notes

Time	Item	Who	Notes
10 min	Getting PDD forms created	James	EBSCO mod-codex-ekb \| Khalilah Gambrell mod-codex-mux \| Khalilah Gambrell mod-rtac \| Khalilah Gambrell mod-patron \| Khalilah Gambrell mod-users \| Patty Wanninger mod-users-bl \| Patty Wanninger mod-search \| Magda Zacharska mod-oai-pmh \| Magda Zacharska mod-circulation \| Stephanie Buck (?) mod-circulation-storage \| Stephanie Buck (?) mod-ncip \| Michelle Suranofsky (Dev lead, no PO) Index Data mod-copycat \| Mike Gorrell mod-codex-inventory \| Charlotte Whitt mod-ldp \| Charlotte Whitt mod-courses \| Charlotte Whitt mod-graphql \| Charlotte Whitt (?) mod-inventory \| Charlotte Whitt Independent mod-agreements \| Owen Stephens mod-service-interaction \| Owen Stephens mod-licenses \| Owen Stephens Alabama mod-calendar \| steven turner Ludwig-Maximilians-Universität München mod-email \| Julie Bickle mod-event-config \| Julie Bickle mod-notify \| Julie Bickle mod-sender \| Julie Bickle mod-template-engine \| Julie Bickle Universität Leipzig mod-erm-usage \| Annika Schröer mod-erm-usage-harvester \| Annika Schröer Cornell mod-feesfines \| Holly Mistlebauer mod-patron-blocks \| Holly Mistlebauer
	Next Meeting		May 31, 2022

Forms should be at URLs like https://github.com/folio-org/[mod-name]/PERSONAL_DATA_DISCLOSURE.md

Draft Talking points

Who we are
We are working to get all FOLIO modules in "Platform Complete" to have an up to date PDD
- Starting modules that are missing a form, but will be asking everyone to update
- There have been changes to the form in the last 3 months, if you have other modules, please revisit
  - https://github.com/folio-org/personal-data-disclosure/blob/master/PERSONAL_DATA_DISCLOSURE.md
- Compliance - Help our colleagues that are subject to GDPR, CCPA, etc
- Good thing to do in general -
Work with your Dev Lead
List of impacted modules
Volunteer to help in any way we can including answering any questions
We recommend revisiting the form at least once a year and including "Last Updated" and "Last Reviewed" dates

Action items

@James Fuller Update PDD to include a "Last Updated" and "Last Reviewed" dates

@Adam Chandler To add language on why commitment to privacy is generally a good thing

Adam's draft text:

The purpose of this form is to disclose the types of personal data¹ (PD) stored by each module. This information enables those hosting FOLIO to better manage and comply with various privacy laws and restrictions, e.g. GDPR. It should be noted that the requirement libraries have to responsibly manage personal data goes beyond regulatory compliance. Libraries have a tradition as advocates for intellectual freedom and privacy of their users, all of whom need space for private exploration and experimentation in pursuing scholarly and creative endeavors.