View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000390 | Composr | core | public | 2012-02-13 18:32 | 2018-04-27 17:18 |
| Reporter | Chris Graham | Assigned To | Chris Graham | ||
| Severity | Feature-request | ||||
| Status | closed | Resolution | duplicate | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0000390: Data laws | ||||
| Description | There is a UK law saying companies have to provide information they have on an individual, on request. This kind of law is being harmonised across Europe and may make companies have to legally provide options for: - delete all data associated with a person - provide all data on a person There's no good way to do that in Composr now. There is lots in the database that could be considered user information, such as stuff they have submitted. It's very unclear what is considered "information" and what is considered "theirs". Ideally we'd need two features: 1) A way for an admin to zip up all database records relating to a user (XML) with any associated files. They could then go through and delete anything confidential from that. 2) When a user is deleted, make sure to transfer ownership of all records to Guest. 3) Provide an option when a user is deleted to have their content deleted (perhaps show a list of links to their content and allow checking off what to auto-delete). This is tricky for things like forum topics - maybe their posts could be marked as deleted. But then things might have been quoted. Yuck. | ||||
| Tags | Type: Legal compliance / Privacy | ||||
| Time estimation (hours) | 25 | ||||
| Sponsorship open | |||||
|
|
Similar, but from another angle: When deleting members, provide an option to delete attached personal content, in particular, blogs, and personal galleries, but possibly other submissions. |
|
|
We do have support for deleting user data in the warnings system, if Commandr is installed. We should have this on the delete member page too. We don't have support for zipping it up. It all needs clearly documenting in the legal tutorial. What is personal data? I found this reference: "The GDPR applies to personal data. This is any information that can directly or indirectly identify a natural person, and can be in any format." |
|
|
I've opened a number of new issues related to EU privacy guidelines. |
|
|
Good articles: https://techblog.bozho.net/gdpr-practical-guide-developers/ https://news.ycombinator.com/item?id=16508435 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-07-16 22:42 | Chris Graham | Description Updated | View Revisions |
| 2018-02-07 22:38 | Chris Graham | Note Added: 0005466 | |
| 2018-02-07 22:38 | Chris Graham | Note Edited: 0005466 | View Revisions |
| 2018-02-07 22:38 | Chris Graham | Note Edited: 0005466 | View Revisions |
| 2018-04-27 15:59 | Chris Graham | Note Added: 0005678 | |
| 2018-04-27 15:59 | Chris Graham | Status | non-assigned => closed |
| 2018-04-27 15:59 | Chris Graham | Assigned To | => Chris Graham |
| 2018-04-27 15:59 | Chris Graham | Resolution | open => duplicate |
| 2018-04-27 17:18 | Chris Graham | Tag Attached: Type: Legal compliance | |
| 2018-04-27 17:18 | Chris Graham | Note Added: 0005679 | |
| 2022-09-01 02:23 | Chris Graham | Tag Renamed | Type: Legal compliance => Type: Legal compliance / Privacy |
