2019-10-25 Reporting Data Privacy Working Group Meeting Notes
Date
Attendees
We will use Joyce's webex account for our weekly meetings:
https://dukeuniversity.webex.com/join/jcc81
Goals
- Classification of personal data sensitive reports
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
National Library of Hungary | Ingolf | The National Library of Hungary - go-live planned for end of 2020 - Will they install the FOLIO Reporting LDP at go-live and if so, will they need to do reports which contain personal data ? → Ingolf asks Lendvay Miklós | |
organization vendors data | Ingolf | Vendors contact data (contact name, contact address, phone, email) are considered publicly available. In so far, GBV does not plan to do reporting on personal data. GBV/VZG will send a list of its top 5 reports to Nassib (or to the Reporting SIG). Ingolf asks Sven Markgraf if these are really not subject to GDPR compliance. | |
Fields to anonymize | This group | Organization contact data need to be anonymized before they flow into the LDP.
| |
in-app vs. LDP reports | This group | Let's look at the question in-app vs. LDP reporting in a new way: The decision should be driven by functional requirements. Let's go through Flagged FOLIO reports - privacy (or RA Reports to cluster or both ?) again and decide from a functional perspective: Which of the reports which contain sensitive personal data should be made in-app, and which ones are really LDP reports ? We completed a review of reports that contain personal data. There are several that are required by U.S. institutions, and of those, some are needed at go-live. Details of all are contained in the notes column of Flagged FOLIO reports - privacy . As Nassib has explained, since the LDP will have a personal-data turn-off switch for European institutions, this should not be a problem. However, we do have to make sure that in the long run, when the U.S. institutions are moving towards GDPR compliance, that all these data will be deleted from the LDP, and will not remain as historic data. There are three reports containing personal data that are needed at go-live by GBV. Since these need live data, they clearly fall into the category on in-app, and not reports. Ingolf will follow up on this with Uschi. |
Meeting Notes
Present:
Action items
- Ingolf: speak to Miklos this coming week
- Ingolf: remind GBV/VZG to send list of top reports when he sees them in person
- - REP-148Getting issue details... STATUS 147 and 146: critical reports ranked by GBV which contain personal data: Ingolf to clarify this with GBV in Göttingen meeting next week,.
- This group will contact Product Council to ask whether they still want us to do a presentation of GDPR and Data Privacy in the LDP.