Uploaded image for project: 'UX Product'
  1. UX Product
  2. UXPROD-288

GDPR User-centric Anonymisation

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Open (View Workflow)
    • Priority: P3
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Template:
    • Potential Workaround:
      HK- See workaround for UXPROD-291
    • Front End Estimate:
      Large < 10 days
    • Back End Estimate:
      XXL < 30 days
    • Front-End Confidence factor:
      Low
    • Estimation Notes and Assumptions:
      Hide
      CB: Vince's story estimates totalled more than was allowed for back-end estimate, so I just picked the largest we had and marked the confidence factor low. @vince, this probably should be broken up into smaller features so it doesn't have an estimate of > 30 days on the backend.
      Show
      CB: Vince's story estimates totalled more than was allowed for back-end estimate, so I just picked the largest we had and marked the confidence factor low. @vince, this probably should be broken up into smaller features so it doesn't have an estimate of > 30 days on the backend.
    • Calculated Total Rank:
    • Kiwi Planning Points (DO NOT CHANGE):
      12
    • PO Rank:
      113
    • Rank: BNCF (MVP Feb 2020):
      R1
    • Rank: Chalmers (Impl Aut 2019):
      R1
    • Rank: Chicago (MVP Sum 2020):
      R4
    • Rank: Cornell (Full Sum 2021):
      R4
    • Rank: Duke (Full Sum 2021):
      R1
    • Rank: 5Colleges (Full Jul 2021):
      R2
    • Rank: FLO (MVP Sum 2020):
      R2
    • Rank: GBV (MVP Sum 2020):
      R4
    • Rank: hbz (TBD):
      R1
    • Rank: Hungary (MVP End 2020):
      R1
    • Rank: Lehigh (MVP Summer 2020):
      R4
    • Rank: Leipzig (Full TBD):
      R1
    • Rank: Leipzig (ERM Aut 2019):
      R5
    • Rank: TAMU (MVP Jan 2021):
      R4
    • Rank: U of AL (MVP Oct 2020):
      R4

      Description

      In support of GDPR's Right of Erasure, this feature implements the ability to anonymise user personal data within the system, without compromising the integrity of other components such as circulation or requests.

      The basic premise is that user personal data does not leave the user domain. The user personal data is pre-anonymised and only the anonynised version of user data are provided to other domains. The relationship between the anonymous versions and the personal version is mantained entirely within the user domain. When it comes time to anonymise specific user data. This can be done entirely within the user domain by breaking that connection.

      Note that anonymising user data may be triggered by user created requests (Right to Erasure). But it can also be triggered by system processes that enforce the data retention policies that have been put forth, against which User Consent has been requested and obtained.

      Estimates from stories
      UXPROD-316 Loans to expose multi-userid interface None Medium < 5 days
      UXPROD-315 Check-in Checkout changes to alias userids None Large < 10 days
      UXPROD-314 User anonymization endpoint (clears aliases) None Medium < 5 days
      UXPROD-313 Rewire endpoints to expose alias userids None Medium < 5 days
      UXPROD-312 Configuration setttings for User pre-anonymization Large < 10 days Large < 10 days
      UXPROD-311 Add user alias storage None Large < 10 days

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                vbar Vince Bareau
                Front End Estimator:
                Vince Bareau Vince Bareau
                Back End Estimator:
                Vince Bareau Vince Bareau
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:

                    TestRail: Runs

                      TestRail: Cases