#390 - Data laws
-
By Chris Graham
- Added
- 0 views
| Identifier | #390 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Data laws |
| Status | Closed (duplicate) |
| Tags |
Type: Legal compliance / Privacy (custom) |
| Handling member | Chris Graham |
| Addon | core |
| Description | There is a UK law saying companies have to provide information they have on an individual, on request. This kind of law is being harmonised across Europe and may make companies have to legally provide options for:
- delete all data associated with a person - provide all data on a person There's no good way to do that in Composr now. There is lots in the database that could be considered user information, such as stuff they have submitted. It's very unclear what is considered "information" and what is considered "theirs". Ideally we'd need two features: 1) A way for an admin to zip up all database records relating to a user (XML) with any associated files. They could then go through and delete anything confidential from that. 2) When a user is deleted, make sure to transfer ownership of all records to Guest. 3) Provide an option when a user is deleted to have their content deleted (perhaps show a list of links to their content and allow checking off what to auto-delete). This is tricky for things like forum topics - maybe their posts could be marked as deleted. But then things might have been quoted. Yuck. |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
When deleting members, provide an option to delete attached personal content, in particular, blogs, and personal galleries, but possibly other submissions.
We should have this on the delete member page too.
We don't have support for zipping it up.
It all needs clearly documenting in the legal tutorial.
What is personal data? I found this reference:
"The GDPR applies to personal data. This is any information that can directly or indirectly identify a natural person, and can be in any format."
https://techblog.bozho.net/gdpr-practical-guide-developers/
https://news.ycombinator.com/item?id=16508435