2022-09-13 - Privacy SIG Notes

Owned by Ingolf Kuss
Last updated: Sep 13, 2022 by Adam Chandler
2 min read

Date

Attendees

Goals

Discussion items

TimeItemWhoNotes

Change meeting day/time/frequency?Adam

Amanda said: "Thanks for offering to be flexible – I didn’t think our existing time slot would be hard to make, but that is clearly not the case now in practice. I’m also open to 8-9am or 9-10am EDT, and Mondays and Wednesdays look best at that time in the mornings. When you have a chance to discuss tomorrow let me know your thoughts."



Change meeting to every other Monday at 9 am. Adam will shift series and remove every other call over the next few months.  Will revisit at start of next year.


Aftermath of WolfCon SessionIngolf / Adam
  • What feedback did we get ?
  • What should be our next steps

Presentation: WolfCon2022_FOLIO_Privacy_SuccessfullyManagingPersonalData.pptx

Session notes by Adam:

Live attendance: 5-10

Presentation highlights

Privacy SIG is established to help lead the FOLIO project towards compliance with privacy regulations. We are also, of course, motivated by our desire to support intellectual freedom for our patrons.

Focus of SIG right now: Personal Data Disclosure Form. PDD form has been revised recently. Needs to be at top level of all FOLIO modules. Maintained by Product Owner and module maintainer for each module.

How will SIG enforce use and updating of the form? SIG has a script that will scan repos for updates and send reminders to module owners.


Q&A / Discussion

Privacy Officers will want more detail, for example, about how long data are being retained. Some of these are operational decisions.

FOLIO instance may not include all the possible FOLIO modules, so FOLIO project will need capability to pull out the PDD form data at the instance level.

Eventually, will need ability to remove data for individual who requests that it be removed.

========

Need to be able to erase existing personal data. Needs to be part of FOLIO development road map TOM technical organizational measures to comply with personal data standards.


How to move forward?

Tickets are important. Multi-pronged effort.  Tickets needs to get the work done but need to have a broader push to make people aware of why it is important.






Links to class photos : IMG_20220901_160412.jpgIMG_20220901_160414.jpg

Action items

Peter Murray Run PDD script and generate report for next meeting in four weeks

Adam Chandler recordings.openlibraryfoundation.org add our privacy SIG presentation, room and time, to our SIG page. https://prod-zoom-recordings-openlibraryfoundation-org.s3.amazonaws.com/c1405949-fdb8-4d47-9545-267e4132c4e0%2Fshared_screen_with_speaker_view.mp4  Make slides available.

Adam Chandler start brief white paper on privacy sig roadmap. GDPR calls this privacy by design. Every module has to do this.

Ingolf Kuss will send Adam his slides about GDPR, with page about TOMs.