2019-10-18 Reporting Data Privacy Working Group Meeting Notes
Date
Oct 18, 2019
Attendees
@Joyce Chapman
@Ingolf Kuss
@Vandana Shah
We will use Joyce's webex account for our weekly meetings:
https://dukeuniversity.webex.com/join/jcc81
Goals
Classification of personal data sensitive reports
Discussion items
Time | Item | Who | Notes |
|---|---|---|---|
| National Library of Hungary | Ingolf | The National Library of Hungary - go-live planned for end of 2020 - Will they install the FOLIO Reporting LDP at go-live and if so, will they need to do reports which contain personal data ? → Ingolf asks @Lendvay Miklós |
| organization vendors data | Ingolf | Vendors contact data (contact name, contact address, phone, email) are considered publicly available. In so far, GBV does not plan to do reporting on personal data. GBV/VZG will send a list of its top 5 reports to Nassib (or to the Reporting SIG). Ingolf asks Sven Markgraf if these are really not subject to GDPR compliance. |
| Fields to anonymize | This group | Organization contact data need to be anonymized before they flow into the LDP.
|
| in-app vs. LDP reports | This group | Let's look at the question in-app vs. LDP reporting in a new way: The decision should be driven by functional requirements. Let's go through Flagged FOLIO reports - privacy (or RA Reports to cluster or both ?) again and decide from a functional perspective: Which of the reports which contain sensitive personal data should be made in-app, and which ones are really LDP reports ? |
Meeting Notes
Present:
Action items
Ingolf: speak to Miklos this coming week
Ingolf: remind GBV/VZG to send list of top reports when he sees them in person
https://folio-org.atlassian.net/browse/REP-148147 and 146: critical reports ranked by GBV which contain personal data: Ingolf to clarify this with GBV in Göttingen meeting next week,.
Ingolf go through https://dev.folio.org/reference/api/#mod-organizations-storage and make a list of fields which contain personal data.