2020-07-31 Reporting Data Privacy Working Group Meeting Notes

Based on a meeting with Sven, the Data Privacy Officer (DPO) for ZBW: (ZBW is a library in the GBV consortium, and is an early implementer. According to Ingolf, if Sven approves of the measures implemented to protect data privacy in the LDP, then they are likely to be acceptable to all ZBW and GBV libraries that are affiliated with Folio at this point.)

1. There should be unique field names in the data tables. For example, in some tables, we have user_id and in some, the same data field is called patron_id.
2. Based on a field's definition, there should be a collection of field names that are all marked as personal data, and this list should be maintained be developers.
3. If developers set a marker that identifies a field as personal data, then these automatically do not get pulled into the LDP.
4. There should be privacy by design: we should not filter out fields, but decide in advance which ones to include.
5. Ideally (for European institutions), there should be three systems: the live system (Folio), the LDP, and a Quality Management (QM) system. All personal data are contained only in the QM system, and not in the other two, and these get deleted in one year, in compliance with  GDPR.

Nassib agreed that the idea of having Folio developers marking fields as personal data is the best and most elegant of all solutions. However, it is not practical in the short run, as this will not be a priority of developers, just as documentation has not been a priority for developers. It will be a long-term effort to get through to Folio management that we need this marker system to be implemented. So we need a solution that we can implement right now. We can continue with the anonymization process by identifying all fields that currently contain personal data.  If the community monitors changes in all the Folio modules to see when a new field is added, so that if needed it can be marked as personal, and until that happens it won't be brought into the LDP, one issue is that when Folio is upgraded, how do we coordinate this with the LDP? Folio does not coordinate with the LDP, so it is out of our control.

We agreed that the best way forward is to:

1. Complete the current list of personal data fields (this list is complete and just needs a final view): Ingolf and Vandana will look at this by next week, and forward it to Nassib so that this can be implemented in the December LDP release. For this list, clearly mark entire tables that need to be removed, and which fields in specific tables need to be removed (in cases where the whole table does not need to be removed).
2. Start thinking of a way forward: how do we keep track of new data elements as they are introduced into the Folio modules?