2019-10-18 Reporting Data Privacy Working Group Meeting Notes

Date

Attendees


We will use Joyce's webex account for our weekly meetings:

https://dukeuniversity.webex.com/join/jcc81

Goals

  • Classification of personal data sensitive reports

Discussion items

TimeItemWhoNotes

National Library of HungaryIngolf

The National Library of Hungary - go-live planned for end of 2020 - Will they install the FOLIO Reporting LDP at go-live and if so, will they need to do reports which contain personal data ? → Ingolf asks Lendvay Miklós


organization vendors dataIngolf

Vendors contact data (contact name, contact address, phone, email) are considered publicly available. In so far, GBV does not plan to do reporting on personal data. GBV/VZG will send a list of its top 5 reports to Nassib  (or to the Reporting SIG).

Ingolf asks Sven Markgraf if these are really not subject to GDPR compliance.


Fields to anonymizeThis group

Organization contact data need to be anonymized before they flow into the LDP.


in-app vs. LDP reportsThis group

Let's look at the question in-app vs. LDP reporting in a new way: The decision should be driven by functional requirements.

Let's go through Flagged FOLIO reports - privacy  (or RA Reports to cluster or both ?) again and decide from a functional perspective: Which of the reports which contain sensitive personal data should be made in-app, and which ones are really LDP reports ?

Meeting Notes

Present: 

Action items

  • Ingolf: speak to Miklos this coming week
  • Ingolf: remind GBV/VZG to send list of top reports when he sees them in person
  • REP-148 - Getting issue details... STATUS 147 and 146: critical reports ranked by GBV which contain personal data: Ingolf to clarify this with GBV in Göttingen meeting next week,.
  • Ingolf go through https://dev.folio.org/reference/api/#mod-organizations-storage and make a list of fields which contain personal data.