2019-06-14 Reporting Data Privacy Working Group Meeting Notes



We will use Joyce's webex account for our weekly meetings:



Discussion items


Tasks of the FOLIO Community to fulfill GDPRIngolf
  • A List of Data Fields
    • what personal data are stored
    • where are the personal data stored
    • in what form are the personal data stored
    • how are the personal data transferred
    • What personal data are stored about a specific person (a data dump) ?
  • Technical ability to erase personal data of a specific person (at any time).
    • Ability to erase only some fields of personal data, not all


Kopplungsverbot für Einwilligung in die Verarbeitung persönlicher Daten erklären

"Explain coupling interdiction for the approval to the processing of personal data"

"For a consent to be voluntary, the person concerned must have a real choice. In addition, the so-called "coupling ban" applies. Thus, a contract may not be made dependent on the consent to the processing of other personal data, which are not necessary for the operation of the business." Translated by Google from https://dsgvo-gesetz.de/themen/einwilligung/

Survey members about data privacy requirementsAllSharon Beltaine had suggested that it would be a good idea to survey members about their data privacy requirements, so that these can be addressed either via LDP or other ways (anonymize vs. erase data, based on individual institutional requirements, and on compliance needs). After Ingolf's update on FOLIO's role in fulfilling data privacy requirements, we wondered whether a survey was required. If a configuration table is set up that anonymizes all personal data before it is transferred, then that would fulfill the stringent GDPR requirements, as well as any requirements of American libraries. We need Nassib's input on this.

Meeting Notes

Ingolf summarized the three main issues:

  1. We need a list of LDP data fields that contain personal information (what format should this list be in?)
  2. A process for a data dump of all these fields, if requested by a patron (we need to be able to tell the patron what sort of information we have about her/him)
  3. A method to erase (some or all) of the personal data, should the patron request this.

Each library's Data Privacy Officer is responsible for creating and handling individual agreement forms with patrons (personal data consent forms); this is not the responsibility of FOLIO.

Nassib explained how it would be far more practical and efficient to not transfer any personal data int the LDP; such data can be used in all the in-app reports which need these data for functioning (for generating patron notices etc.), but retaining personal data in the LDP is problematic, for several reasons. One is that even if these data are eventually deleted after a fixed time period, there is always a possibility of a staff member with access to the LDP to download and save the data. WE would have to rely on individuals to follow privacy rules, and that is not the most secure method. Secondly, additional programming within the LDP to erase certain fields after fixed time periods is not that simple, and will take away from much-needed resources for report-building. Also, in terms of programming, trying to build in this type of functionality (time-based data erasure) is not compatible with building a high-quality and efficient warehouse.

Nassib suggested that all operational reports that require personal data should be in-app, with data stored in the main FOLIO database, and the LDP reports should not contain personal data. That way, we have a clean and efficient divide. However, the current list of requested LDP reports may include personal data, for business reasons. Our small group cannot decide by fiat which fields to erase before the data are sent to the LDP warehouse.

Action items

Make a list of all the fields containing personal data, from the user (and any other?) modules in the API documentation

Ingolf Kuss will discuss this list with a Data Privacy Officer, or with a person well-versed in data privacy.

Nassib Nassar will discuss with Sharon Beltaine during next week's face-to-face FOLIO meeting about an efficient way to handle looking through the list of 100+ LDP reports, to see which contain personal data.

We can then present this issue to the Reporting SIG for their opinions, input and assistance, as the LDP reports need to be useful for all across the FOLIO community.