2019-05-31 Reporting Data Privacy Working Group Meeting Notes
Date
Attendees
- Ingolf Kuss
- Joyce Chapman
- Nassib Nassar
We will use Joyce's webex account for our weekly meetings:
https://dukeuniversity.webex.com/join/jcc81
Goals
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
Limited role of FOLIO Community in enforcing data privacy | Ingolf | Ingolf found out that the FOLIO Community has an important but limited role in enforcing data privacy. Specifically, we need to make sure that data are erasable upon a user's demand, that personal data not needed for reporting are not transferred, and that personal data needed for reporting are anonymized prior to being transferred to the LDP. A list of all data fields needs to be given to the Library's Data Privacy Officer, who will then create forms for users to sign (informing users about the types of data that are collected, and why). These types of forms will differ across libraries, based on each country's and university's laws. The Data Privacy Officer is at the university or library level, and it is FOLIO's charge only to provide information (data fields) to the data privacy officer, as well as ensure that technically personal data can be erased, and that these data are anonymized prior to LDP transfer. | |
Tasks of the FOLIO Community to fulfill GDPR | Ingolf |
| |
Survey members about data privacy requirements | All | Sharon Beltaine had suggested that it would be a good idea to survey members about their data privacy requirements, so that these can be addressed either via LDP or other ways (anonymize vs. erase data, based on individual institutional requirements, and on compliance needs). After Ingolf's update on FOLIO's role in fulfilling data privacy requirements, we wondered whether a survey was required. If a configuration table is set up that anonymizes all personal data before it is transferred, then that would fulfill the stringent GDPR requirements, as well as any requirements of American libraries. We need Nassib's input on this. |