Uploaded image for project: 'UX Product'
  1. UX Product
  2. UXPROD-286

GDPR Registry of Modules Consuming User Personal Data

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open (View Workflow)
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Template:
    • Potential Workaround:
      HK - Not code needed for this. Technical documentation needs to be created for all FOLIO applications that clearly define the data used by each of the applications.
    • Back End Estimate:
      XL < 15 days
    • Calculated Total Rank:
    • PO Rank:
      104
    • PO Ranking Note:
      CB: Ranking same as calculated
    • Rank: BNCF (MVP Feb 2020):
      R1
    • Rank: Chalmers (Impl Aut 2019):
      R1
    • Rank: Chicago (MVP Sum 2020):
      R4
    • Rank: Cornell (Full Sum 2021):
      R4
    • Rank: Duke (Full Sum 2021):
      R4
    • Rank: 5Colleges (Full Jul 2021):
      R2
    • Rank: FLO (MVP Sum 2020):
      R2
    • Rank: GBV (MVP Sum 2020):
      R4
    • Rank: hbz (TBD):
      R1
    • Rank: Hungary (MVP End 2020):
      R1
    • Rank: Lehigh (MVP Summer 2020):
      R4
    • Rank: Leipzig (Full TBD):
      R1
    • Rank: Leipzig (ERM Aut 2019):
      R5
    • Rank: TAMU (MVP Jan 2021):
      R4
    • Rank: U of AL (MVP Oct 2020):
      R4

      Description

      Compliance to GDPR's privacy requirements is achieved in Folio though retaining all user personal data within the User Domain. Typically, pre-anonymised user data will be provided to other domains such as circulation. However, resolved user data must be delivered outside the domain, if only for the purposes of presentation. This implies that there exists user interfaces that reveal the user personal data. Therefore, there is the potential that personal data could leak outside the user domain. In order to create a trail for any future audits or investigation, a registry is used to identify and record which other system components access personal user data.

      Estimates from stories:
      UXPROD-328 Modify User endpoints to capture consumers FE: None BE: Medium < 5 days
      UXPROD-327 Storage for User Data Consumer Registry FE: None BE: Large < 10 days

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                vbar Vince Bareau
                Front End Estimator:
                Vince Bareau Vince Bareau
                Back End Estimator:
                Vince Bareau Vince Bareau
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    TestRail: Runs

                      TestRail: Cases