2019-05-23 Reporting Data Privacy Working Group Meeting Notes

Date

Attendees


We will use Joyce's webex account for our weekly meetings:

https://dukeuniversity.webex.com/join/jcc81

Goals

  • Introductory meeting to discuss goals and start creating a plan of action

Discussion items

TimeItemWhoNotes

FOLIO compliance with GDPRIngolf
  • Ingolf gave us a presentation explaining GDPR requirements, how they impact data storage, and the measures required to comply with GDPR.  

 GDPR and LDP warehouse issuesNassib
  •  As data privacy is a vast area, Nassib suggested we remain focused on the impacts of GDPR specifically on LDP warehouses, and that we focus on three broad areas:


    1. Determine if there are personal data attributes that reasonably might not be needed by a FOLIO library, and if so, identify those attributes; and then we can offer configuration of the LDP to anonymize those attributes.

    2. Address "Way B" and the various GDPR accounting, erasure, etc. requirements for personal data that are included in the LDP (again to be implemented as functions in the LDP).

    3. FOLIO needs a data privacy notice displayed to patrons.


Survey members about data privacy requirementsAllAs Sharon Beltaine had suggested, we decided that it would be a good idea to survey members about their data privacy requirements, so that these can be addressed either via LDP or other ways (anonymize vs. erase data, based on individual institutional requirements, and on compliance needs).

Action items

  • The group will start compiling relevant information as well as ideas on how to address the three items above, questions that need to be included in a survey, etc., We will meet on a weekly basis and hope to soon have concrete action items in place.