View Issue Details

IDProjectCategoryView StatusLast Update
0019144phpList 3 applicationInterface - Administratorpublic26-04-18 16:11
Reportersamtuke 
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
PlatformLinuxOSFedoraOS Version26
Product Version3.3.2 
Target Version3.3.3Fixed in Version 
Summary0019144: Add warning to not add attributes containing sensitive subscriber information
DescriptionAdd warning text to the "add new attribute" page (/lists/admin/?page=attributes) notifying admins that they should not store sensitive personal data about subscribers, such as health, sexual orientation, race, etc.. This notice will help admins comply with the GDPR which does not allow storing of such details without further protection.

Various means of presenting this info are possible. The contextual help button ('?') is not sufficient in this case as it will not be ready by most admins. Please review similar always-visible help text on other pages when deciding which approach to use. The approach taken should be suitable for consistent application on other pages also should the need arise.
TagsNo tags attached.

Relationships

child of 0019032 newsamtuke [META] Changes for easier GDPR compliance 

Activities

samtuke

28-03-18 12:52

administrator   ~0060183

Example of possible implementation

xheni

29-03-18 17:20

administrator   ~0060213

PR: https://github.com/phpList/phplist3/pull/278

michiel

29-03-18 18:12

manager   ~0060215

The PR does not include the "Read more".

Where would that link be directed to?

xheni

29-03-18 18:22

administrator   ~0060216

@michiel The link can be directed to a page on phpList.org to be published in future explaining GDPR compliance best practices. But since we don't have that page yet, I didn't add the "Read More".

michiel

29-03-18 18:29

manager   ~0060218

I think we should have that page and link to it before adding this change, otherwise it will look very strange, and will puzzle people. It's a great opportunity to educate, but it's a one-off moment to do so for a lot of users.

samtuke

29-03-18 18:36

administrator   ~0060219

@michiel the link can go to an article on phpList.org on GDPR compliance, but that page isn't ready yet. I propose merging the PR as it stands and adding a link in the near future following publication of the article.

michiel

29-03-18 21:23

manager   ~0060223

Ok, you can merge the PR. I still think it would be better to only do that once the page is ready, and I posted my reasons.